Last Comment Bug 1188339 - Backport upstream bug 1179856 (Increase length of all tokens value for greater security)
: Backport upstream bug 1179856 (Increase length of all tokens value for greate...
Classification: Other
Component: General (show other bugs)
: Production
: Unspecified Unspecified
-- normal (vote)
: ---
Assigned To: Dylan Hardison [:dylan]
Depends on:
  Show dependency treegraph
Reported: 2015-07-28 05:56 PDT by Dylan Hardison [:dylan]
Modified: 2015-08-03 23:07 PDT (History)
4 users (show)
See Also:
Due Date:
QA Whiteboard:
Iteration: ---
Points: ---

1188339_1.patch (2.94 KB, patch)
2015-07-28 13:34 PDT, Dylan Hardison [:dylan]
glob: review+
Details | Diff | Splinter Review
1188339_2.patch (3.39 KB, patch)
2015-07-29 15:30 PDT, Dylan Hardison [:dylan]
glob: review+
Details | Diff | Splinter Review

Description User image Dylan Hardison [:dylan] 2015-07-28 05:56:32 PDT
Comment 1 User image Dylan Hardison [:dylan] 2015-07-28 13:34:38 PDT
Created attachment 8640098 [details] [diff] [review]

Backported patch
Comment 2 User image Byron Jones ‹:glob› 2015-07-28 22:00:35 PDT
Comment on attachment 8640098 [details] [diff] [review]

Review of attachment 8640098 [details] [diff] [review]:

this patch increases more than just the login cookie length - it increases the default size of all tokens (api-token, account creation, password reset, etc).

i've updated this bug's summary as well as upstream's to reflect that.

don't forget to commit just the schema change and leave this bug open.  i'll commit the changes after the schema changes have landed (no need for a second non-schema patch).
Comment 3 User image Dylan Hardison [:dylan] 2015-07-29 15:30:12 PDT
Created attachment 8640768 [details] [diff] [review]

the bug found in the upstream bug would be quite bad for bmo -- logincookies would be invalidated every time checksetup is run. Give this a once over and I'll commit the schema changes after.
Comment 4 User image Byron Jones ‹:glob› 2015-07-29 22:44:06 PDT
Comment on attachment 8640768 [details] [diff] [review]

Review of attachment 8640768 [details] [diff] [review]:

Comment 5 User image Dylan Hardison [:dylan] 2015-07-30 09:32:12 PDT
To ssh://
   5604742..2e5fc83  master -> master
Comment 6 User image Byron Jones ‹:glob› 2015-07-30 21:20:30 PDT
reopening as this code is not fully committed.
Comment 7 User image Byron Jones ‹:glob› 2015-08-03 23:07:39 PDT
To ssh://
   0565d65..0cc42e2  master -> master

Note You need to log in before you can comment on or make changes to this bug.