1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

session.rb: SHA512

Browse Source 
* lib/cgi/session.rb (create_new_id): use SHA512 instead of MD5.
  pointed out by SARWAR JAHAN.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51748 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
nobu 2015-09-03 12:12:14 +00:00
parent 5f6dedda01
commit 16dbb79e88
2 changed files with 19 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -1,3 +1,8 @@
Thu Sep 3 21:12:12 2015 Nobuyoshi Nakada <nobu@ruby-lang.org>
* lib/cgi/session.rb (create_new_id): use SHA512 instead of MD5.
pointed out by SARWAR JAHAN.
Thu Sep 3 20:29:18 2015 Koichi Sasada <ko1@atdot.net> Thu Sep 3 20:29:18 2015 Koichi Sasada <ko1@atdot.net>
* gc.c (rb_raw_obj_info): iseq->body->location.first_lineno is Fixnum. * gc.c (rb_raw_obj_info): iseq->body->location.first_lineno is Fixnum.

26
lib/cgi/session.rb
View File

@ -163,24 +163,26 @@ class CGI
# Create a new session id. # Create a new session id.
# #
# The session id is an MD5 hash based upon the time, # The session id is a secure random number by SecureRandom
# a random number, and a constant string. This routine # if possible, otherwise an SHA512 hash based upon the time,
# is used internally for automatically generated # a random number, and a constant string. This routine is
# session ids. # used internally for automatically generated session ids.
def create_new_id def create_new_id
require 'securerandom' require 'securerandom'
begin begin
# by OpenSSL, or system provided entropy pool
session_id = SecureRandom.hex(16) session_id = SecureRandom.hex(16)
rescue NotImplementedError rescue NotImplementedError
require 'digest/md5' # never happens on modern systems
md5 = Digest::MD5::new require 'digest'
d = Digest('SHA512').new
now = Time::now now = Time::now
md5.update(now.to_s) d.update(now.to_s)
md5.update(String(now.usec)) d.update(String(now.usec))
md5.update(String(rand(0))) d.update(String(rand(0)))
md5.update(String($$)) d.update(String($$))
md5.update('foobar') d.update('foobar')
session_id = md5.hexdigest session_id = d.hexdigest[0, 32]
end end
session_id session_id
end end