nextcloud

Commit Graph

Author	SHA1	Message	Date
Lukas Reschke	5680743c2b	Harden updater authentication - Reset tokens after 2 hours as discussed at https://github.com/owncloud/updater/issues/220#issuecomment-182033453 - Used BCrypt for storing the password in the config.php. This makes it substantially harder in case of a leakage of the token to bruteforce it. In the future we can evaluate also an HMAC including the IP. That's a bit tricker though at the moment considering that we support reverse proxies. Didn't feel brave enough to touch that dragon now as well ;)	2016-02-10 16:31:11 +01:00
Lukas Reschke	b9e3ed1468	Add SSO for updater application Allows logging-in into the updater application by visiting the admin panel and pressing "Open updater".	2016-02-09 20:28:30 +01:00

Author

SHA1

Message

Date

Lukas Reschke

5680743c2b

Harden updater authentication

- Reset tokens after 2 hours as discussed at https://github.com/owncloud/updater/issues/220#issuecomment-182033453
- Used BCrypt for storing the password in the config.php. This makes it substantially harder in case of a leakage of the token to bruteforce it. In the future we can evaluate also an HMAC including the IP. That's a bit tricker though at the moment considering that we support reverse proxies. Didn't feel brave enough to touch that dragon now as well ;)

2016-02-10 16:31:11 +01:00

Lukas Reschke

b9e3ed1468

Add SSO for updater application

Allows logging-in into the updater application by visiting the admin panel and pressing "Open updater".

2016-02-09 20:28:30 +01:00

2 Commits