> P.S. Yes, I appreciate that the attack surface is fairly limited here, bit I > feel the point still holds.
I disagree, I wouldn't want to extend my fame into publicizing a massive security vulnerability. I think this one stems from a misunderstanding of salting. I've forked C:P:A on gitpan and I'll probably port some (or all) of it to Moose along with my own fix to this soonish. > P.P.S. I expect to be uploading a fix this in the next 24-48 hours for > anyone who concerned that evil people in possession of their application > configuration are generating the relevant rainbow tables right now... -- Evan Carroll System Lord of the Internets _______________________________________________ List: [email protected] Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
