Backport upstream bug 1179856 (Increase length of all tokens value for greater security)

RESOLVED FIXED

Status

()

bugzilla.mozilla.org
General
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: dylan, Assigned: dylan)

Tracking

Production

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Assignee)

Description

2 years ago
SSIA
(Assignee)

Updated

2 years ago
Summary: Backport upstream bug 1179856 to bmo increased logincookie & token length → Backport upstream bug 1179856 to bmo for increased logincookie & token length
(Assignee)

Comment 1

2 years ago
Created attachment 8640098 [details] [diff] [review]
1188339_1.patch

Backported patch
Attachment #8640098 - Flags: review?(glob)
Summary: Backport upstream bug 1179856 to bmo for increased logincookie & token length → Backport upstream bug 1179856 (Increase length of all tokens value for greater security)
Comment on attachment 8640098 [details] [diff] [review]
1188339_1.patch

Review of attachment 8640098 [details] [diff] [review]:
-----------------------------------------------------------------

this patch increases more than just the login cookie length - it increases the default size of all tokens (api-token, account creation, password reset, etc).

i've updated this bug's summary as well as upstream's to reflect that.


don't forget to commit just the schema change and leave this bug open.  i'll commit the token.pm changes after the schema changes have landed (no need for a second non-schema patch).
Attachment #8640098 - Flags: review?(glob) → review+
(Assignee)

Comment 3

2 years ago
Created attachment 8640768 [details] [diff] [review]
1188339_2.patch

the bug found in the upstream bug would be quite bad for bmo -- logincookies would be invalidated every time checksetup is run. Give this a once over and I'll commit the schema changes after.
Attachment #8640098 - Attachment is obsolete: true
Attachment #8640768 - Flags: review?(glob)
Comment on attachment 8640768 [details] [diff] [review]
1188339_2.patch

Review of attachment 8640768 [details] [diff] [review]:
-----------------------------------------------------------------

r=glob
Attachment #8640768 - Flags: review?(glob) → review+
(Assignee)

Comment 5

2 years ago
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   5604742..2e5fc83  master -> master
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
reopening as this code is not fully committed.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   0565d65..0cc42e2  master -> master
Status: REOPENED → RESOLVED
Last Resolved: 2 years ago2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.