proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-08-16 01:00:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

use hmac_sha256 instead of sha1 for csrf token

Browse Source 
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
This commit is contained in:
Oguz Bektas 2019-06-19 09:39:33 +02:00 committed by Thomas Lamprecht
parent b8055a4fc0
commit 51e6f56d25
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
PVE/AccessControl.pm
View File

@ -215,7 +215,7 @@ my $csrf_prevention_secret;
my $get_csrfr_secret = sub { my $get_csrfr_secret = sub {
if (!$csrf_prevention_secret) { if (!$csrf_prevention_secret) {
my $input = PVE::Tools::file_get_contents($pve_www_key_fn); my $input = PVE::Tools::file_get_contents($pve_www_key_fn);
$csrf_prevention_secret = Digest::SHA::sha1_base64($input); $csrf_prevention_secret = Digest::SHA::hmac_sha256_base64($input);
} }
return $csrf_prevention_secret; return $csrf_prevention_secret;
}; };