nextcloud/apps/updatenotification
Lukas Reschke 5680743c2b Harden updater authentication
- Reset tokens after 2 hours as discussed at https://github.com/owncloud/updater/issues/220#issuecomment-182033453
- Used BCrypt for storing the password in the config.php. This makes it substantially harder in case of a leakage of the token to bruteforce it. In the future we can evaluate also an HMAC including the IP. That's a bit tricker though at the moment considering that we support reverse proxies. Didn't feel brave enough to touch that dragon now as well ;)
2016-02-10 16:31:11 +01:00
..
appinfo Add SSO for updater application 2016-02-09 20:28:30 +01:00
controller Harden updater authentication 2016-02-10 16:31:11 +01:00
js Add SSO for updater application 2016-02-09 20:28:30 +01:00
lib Harden updater authentication 2016-02-10 16:31:11 +01:00
templates Add SSO for updater application 2016-02-09 20:28:30 +01:00
tests Harden updater authentication 2016-02-10 16:31:11 +01:00
admin.php Add SSO for updater application 2016-02-09 20:28:30 +01:00