#5760: Use keyed hashing for session data, remove duplicate code --------------------------------------------+------------------------------- Reporter: Nir Soffer <[EMAIL PROTECTED]> | Owner: nobody Status: new | Component: django.contrib.sessions Version: 0.96 | Keywords: Stage: Unreviewed | Has_patch: 1 --------------------------------------------+------------------------------- Use hmac instead of md5 to create a digest of session data. Using hmac is probably more secure than the home built md5 implementation. Also, the current implementation uses hexdigest() when digest() is just fine.
While replacing the hash, extract the digest code to a new function to remove duplicate code. Issues: - Old session will be invalidated with this patch -- Ticket URL: <http://code.djangoproject.com/ticket/5760> Django Code <http://code.djangoproject.com/> The web framework for perfectionists with deadlines --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-updates?hl=en -~----------~----~----~----~------~----~------~--~---
