Last Comment Bug 1188339 - Backport upstream bug 1179856 (Increase length of all tokens value for greater security)
: Backport upstream bug 1179856 (Increase length of all tokens value for greate...
Status: RESOLVED FIXED
:
Product: bugzilla.mozilla.org
Classification: Other
Component: General (show other bugs)
: Production
: Unspecified Unspecified
-- normal (vote)
: ---
Assigned To: Dylan Hardison [:dylan]
:
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-07-28 05:56 PDT by Dylan Hardison [:dylan]
Modified: 2015-08-03 23:07 PDT (History)
4 users (show)
See Also:
Due Date:
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
1188339_1.patch (2.94 KB, patch)
2015-07-28 13:34 PDT, Dylan Hardison [:dylan]
glob: review+
Details | Diff | Splinter Review
1188339_2.patch (3.39 KB, patch)
2015-07-29 15:30 PDT, Dylan Hardison [:dylan]
glob: review+
Details | Diff | Splinter Review

Description User image Dylan Hardison [:dylan] 2015-07-28 05:56:32 PDT
SSIA
Comment 1 User image Dylan Hardison [:dylan] 2015-07-28 13:34:38 PDT
Created attachment 8640098 [details] [diff] [review]
1188339_1.patch

Backported patch
Comment 2 User image Byron Jones ‹:glob› 2015-07-28 22:00:35 PDT
Comment on attachment 8640098 [details] [diff] [review]
1188339_1.patch

Review of attachment 8640098 [details] [diff] [review]:
-----------------------------------------------------------------

this patch increases more than just the login cookie length - it increases the default size of all tokens (api-token, account creation, password reset, etc).

i've updated this bug's summary as well as upstream's to reflect that.


don't forget to commit just the schema change and leave this bug open.  i'll commit the token.pm changes after the schema changes have landed (no need for a second non-schema patch).
Comment 3 User image Dylan Hardison [:dylan] 2015-07-29 15:30:12 PDT
Created attachment 8640768 [details] [diff] [review]
1188339_2.patch

the bug found in the upstream bug would be quite bad for bmo -- logincookies would be invalidated every time checksetup is run. Give this a once over and I'll commit the schema changes after.
Comment 4 User image Byron Jones ‹:glob› 2015-07-29 22:44:06 PDT
Comment on attachment 8640768 [details] [diff] [review]
1188339_2.patch

Review of attachment 8640768 [details] [diff] [review]:
-----------------------------------------------------------------

r=glob
Comment 5 User image Dylan Hardison [:dylan] 2015-07-30 09:32:12 PDT
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   5604742..2e5fc83  master -> master
Comment 6 User image Byron Jones ‹:glob› 2015-07-30 21:20:30 PDT
reopening as this code is not fully committed.
Comment 7 User image Byron Jones ‹:glob› 2015-08-03 23:07:39 PDT
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   0565d65..0cc42e2  master -> master

Note You need to log in before you can comment on or make changes to this bug.