[pve-devel] [PATCH common 2/3] use hmac_sha256 when assembling csrf token
Oguz Bektas
o.bektas at proxmox.com
Wed Jun 19 09:39:32 CEST 2019
Signed-off-by: Oguz Bektas <o.bektas at proxmox.com>
---
src/PVE/Ticket.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PVE/Ticket.pm b/src/PVE/Ticket.pm
index b5d2758..d5d0041 100644
--- a/src/PVE/Ticket.pm
+++ b/src/PVE/Ticket.pm
@@ -20,7 +20,7 @@ sub assemble_csrf_prevention_token {
my $timestamp = sprintf("%08X", time());
- my $digest = Digest::SHA::sha1_base64("$timestamp:$username", $secret);
+ my $digest = Digest::SHA::hmac_sha256_base64("$timestamp:$username", $secret);
return "$timestamp:$digest";
}
--
2.11.0
More information about the pve-devel
mailing list