proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-08-14 05:56:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

use hmac_sha256 instead of sha1 for csrf token

Browse Source 
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
This commit is contained in:
Oguz Bektas 2019-06-19 09:39:33 +02:00 committed by Thomas Lamprecht
parent b8055a4fc0
commit 51e6f56d25
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
PVE/AccessControl.pm
View File

@ -215,7 +215,7 @@ my $csrf_prevention_secret;
my $get_csrfr_secret = sub {
if (!$csrf_prevention_secret) {
my $input = PVE::Tools::file_get_contents($pve_www_key_fn);
$csrf_prevention_secret = Digest::SHA::sha1_base64($input);
$csrf_prevention_secret = Digest::SHA::hmac_sha256_base64($input);
}
return $csrf_prevention_secret;
};