Harden updater authentication - nextcloud-server.git - Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server

index : nextcloud-server.git

Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server

www-data

about summary refs log tree commit diff stats

path: root/apps/files_sharing/js/public.js

diff options

author	Lukas Reschke <lukas@owncloud.com>	2016-02-10 14:41:47 +0100
committer	Lukas Reschke <lukas@owncloud.com>	2016-02-10 16:31:11 +0100
commit	5680743c2b19daf561729d4a78978600150a0553 (patch)
tree	282ab57d336faa5d3112097fd8e78b2df0d64195 /apps/files_sharing/js/public.js
parent	5c89cf9565d4c08984af10d39cc4aff0a6cac147 (diff)
download	nextcloud-server-5680743c2b19daf561729d4a78978600150a0553.tar.gz nextcloud-server-5680743c2b19daf561729d4a78978600150a0553.zip

Harden updater authentication

- Reset tokens after 2 hours as discussed at https://github.com/owncloud/updater/issues/220#issuecomment-182033453 - Used BCrypt for storing the password in the config.php. This makes it substantially harder in case of a leakage of the token to bruteforce it. In the future we can evaluate also an HMAC including the IP. That's a bit tricker though at the moment considering that we support reverse proxies. Didn't feel brave enough to touch that dragon now as well ;)

Diffstat (limited to 'apps/files_sharing/js/public.js')

0 files changed, 0 insertions, 0 deletions