This repository has been archived by the owner on Sep 8, 2021. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use a random key to "encrypt" the remember-me cookie's value
Since Spring's default remember-me technique is terrible security-wise (`user:timstamp:md5(use:timestamp:password:key)`), we should at least use a random key, instead of a fixed one, otherwise, and attacker able to capture the cookies might be able to trivially bruteforce offline the password of the associated user.
- Loading branch information