Update of /cvsroot/monetdb/MonetDB5/src/modules/mal
In directory sc8-pr-cvs16.sourceforge.net:/tmp/cvs-serv29209
Modified Files:
mserver.mx
Log Message:
An OMG experience.
It makes absolutely no sense to use a challenge for security if you can
simply guess the challenge because its always the same sequence of
challenges because the randomiser isn't seeded...
Seed the randomiser in the listen function, as the epilogue isn't
called.
Index: mserver.mx
===================================================================
RCS file: /cvsroot/monetdb/MonetDB5/src/modules/mal/mserver.mx,v
retrieving revision 1.92
retrieving revision 1.93
diff -u -d -r1.92 -r1.93
--- mserver.mx 29 Oct 2007 20:09:57 -0000 1.92
+++ mserver.mx 24 Nov 2007 20:15:39 -0000 1.93
@@ -410,9 +410,8 @@
size_t chr;
size_t i;
- /* don't seed the randomiser, or you get the same challenge during
- * the same second */
- /* srand(time(NULL)); */
+ /* don't seed the randomiser here, or you get the same challenge
+ * during the same second */
size = rand();
size = (size % (max - min)) + min;
for (i = 0; i < size; i++) {
@@ -740,6 +739,11 @@
snprintf(msg, (int) 512, "#Ready to accept connections on %s:%d\n",
host, port);
stream_printf(GDKout, "%s", msg);
#endif
+
+ /* seed the randomiser such that our challenges aren't
+ * predictable... */
+ srand(time(NULL));
+
SERVERannounce(server.sin_addr, port, 0);
return MAL_SUCCEED;
}
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Monetdb-checkins mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/monetdb-checkins
