diff options
| author | Joseph Reynolds <joseph.reynolds1@ibm.com> | 2019-08-15 23:29:06 +0300 |
|---|---|---|
| committer | Ed Tanous <ed.tanous@intel.com> | 2019-08-17 01:34:10 +0300 |
| commit | 368b1d4a52c1742d3952ddba850cf3c01303220f (patch) | |
| tree | d373029abd7aea0f0fde51d7b94059802f1c004f | |
| parent | cfcd5f6bd9289c97e25d809068e579f7f3d45aeb (diff) | |
| download | bmcweb-368b1d4a52c1742d3952ddba850cf3c01303220f.tar.xz | |
Add 5 bits of entropy
Some of the alphanumeric characters used to generate session IDs and CSRF
tokens were incorrectly lowercase; that reduced their entropy.
Tested: no; not needed
Change-Id: I383813ea9af77b1393fba516cd7e61570d5b5667
Signed-off-by: Joseph Reynolds <joseph.reynolds1@ibm.com>
| -rw-r--r-- | include/sessions.hpp | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/include/sessions.hpp b/include/sessions.hpp index 75952e35c1..c7c92ce38f 100644 --- a/include/sessions.hpp +++ b/include/sessions.hpp @@ -354,9 +354,9 @@ class SessionStore // TODO(ed) find a secure way to not generate session identifiers if // persistence is set to SINGLE_REQUEST static constexpr std::array<char, 62> alphanum = { - '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'b', 'C', - 'D', 'E', 'F', 'g', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', - 'Q', 'r', 'S', 'T', 'U', 'v', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', + '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', + 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', + 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'}; |