Closed Bug 1188339 Opened 4 years ago Closed 4 years ago

Backport upstream bug 1179856 (Increase length of all tokens value for greater security)

Categories

(bugzilla.mozilla.org :: General, defect)

Production
defect
Not set

Tracking

()

RESOLVED FIXED

People

(Reporter: dylan, Assigned: dylan)

Details

Attachments

(1 file, 1 obsolete file)

SSIA
Summary: Backport upstream bug 1179856 to bmo increased logincookie & token length → Backport upstream bug 1179856 to bmo for increased logincookie & token length
Attached patch 1188339_1.patch (obsolete) — Splinter Review
Backported patch
Attachment #8640098 - Flags: review?(glob)
Summary: Backport upstream bug 1179856 to bmo for increased logincookie & token length → Backport upstream bug 1179856 (Increase length of all tokens value for greater security)
Comment on attachment 8640098 [details] [diff] [review]
1188339_1.patch

Review of attachment 8640098 [details] [diff] [review]:
-----------------------------------------------------------------

this patch increases more than just the login cookie length - it increases the default size of all tokens (api-token, account creation, password reset, etc).

i've updated this bug's summary as well as upstream's to reflect that.


don't forget to commit just the schema change and leave this bug open.  i'll commit the token.pm changes after the schema changes have landed (no need for a second non-schema patch).
Attachment #8640098 - Flags: review?(glob) → review+
Attached patch 1188339_2.patchSplinter Review
the bug found in the upstream bug would be quite bad for bmo -- logincookies would be invalidated every time checksetup is run. Give this a once over and I'll commit the schema changes after.
Attachment #8640098 - Attachment is obsolete: true
Attachment #8640768 - Flags: review?(glob)
Comment on attachment 8640768 [details] [diff] [review]
1188339_2.patch

Review of attachment 8640768 [details] [diff] [review]:
-----------------------------------------------------------------

r=glob
Attachment #8640768 - Flags: review?(glob) → review+
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   5604742..2e5fc83  master -> master
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
reopening as this code is not fully committed.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   0565d65..0cc42e2  master -> master
Status: REOPENED → RESOLVED
Closed: 4 years ago4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.