Permalink
Browse files

password hash + salt, sid gen by /dev/urandom

  • Loading branch information...
1 parent d52d02a commit 25e96f0c04dfb6cd6d590229eb1b6ceb8fa55dbd @s-aska committed Dec 14, 2010
Showing with 12 additions and 2 deletions.
  1. +10 −0 app.psgi
  2. +1 −1 lib/SampleBBS/UI/Login.pm
  3. +1 −1 sbin/create_admin.pl
View
@@ -4,10 +4,12 @@ use Plack::Request;
use Plack::Builder;
use Plack::Middleware::Session;
use Plack::Session::Store::File;
+use Plack::Session::State::Cookie;
use File::Spec::Functions;
use File::Stamped;
use Log::Minimal;
use UNIVERSAL::require;
+use String::Urandom;
my $base_class = 'SampleBBS';
@@ -68,10 +70,18 @@ if (!-d $session_dir) {
mkdir $session_dir;
}
+my $urandom = String::Urandom->new( LENGTH => 40 );
+my $sid_generator = sub { $urandom->rand_string };
+my $sid_validator = qr/\A[0-9a-zA-Z]{40}\Z/;
+
builder {
enable 'Session::Fixation',
store => Plack::Session::Store::File->new(
dir => $session_dir
+ ),
+ state => Plack::Session::State::Cookie->new(
+ sid_generator => $sid_generator,
+ sid_validator => $sid_validator
);
$app;
};
@@ -21,7 +21,7 @@ sub process {
}
my $login_id = $req->param('login_id');
- my $password_hash = sha256_hex($req->param('password'));
+ my $password_hash = sha256_hex('SampleBBS' . $req->param('password'));
$self->validate($req, [
login_id => ['NOT_BLANK', 'ASCII'],
@@ -10,7 +10,7 @@
opts my $login_id => { isa => 'Str', required => 1, comment => 'admin login_id ex. -l demo' },
my $password => { isa => 'Str', required => 1, comment => 'admin password ex. -l demo' };
-my $password_hash = sha256_hex($password);
+my $password_hash = sha256_hex('SampleBBS' . $password);
my $db = SampleBBS::Model->new;

0 comments on commit 25e96f0

Please sign in to comment.