Commit e78f6c00 authored by Dave Lawrence's avatar Dave Lawrence

Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing…

Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing total entropy and allowing easier brute force r=LpSolit,a=sgreen
parent 024a3769
......@@ -66,8 +66,8 @@ sub get_login_info {
trick_taint($login_cookie);
detaint_natural($user_id);
my $is_valid =
$dbh->selectrow_array('SELECT 1
my $db_cookie =
$dbh->selectrow_array('SELECT cookie
FROM logincookies
WHERE cookie = ?
AND userid = ?
......@@ -77,7 +77,7 @@ sub get_login_info {
# If the cookie or token is valid, return a valid username.
# If they were not valid and we are using a webservice, then
# throw an error notifying the client.
if ($is_valid) {
if (defined $db_cookie && $login_cookie eq $db_cookie) {
# If we logged in successfully, then update the lastused
# time on the login cookie
$dbh->do("UPDATE logincookies SET lastused = NOW()
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment