kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

session.rb: SHA512

Browse source 
* lib/cgi/session.rb (create_new_id): use SHA512 instead of MD5.
  pointed out by SARWAR JAHAN.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51748 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
nobu 2015-09-03 12:12:14 +00:00
parent 5f6dedda01
commit 16dbb79e88
2 changed files with 19 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog
View file

@ -1,3 +1,8 @@
Thu Sep 3 21:12:12 2015 Nobuyoshi Nakada <nobu@ruby-lang.org>
* lib/cgi/session.rb (create_new_id): use SHA512 instead of MD5.
pointed out by SARWAR JAHAN.
Thu Sep 3 20:29:18 2015 Koichi Sasada <ko1@atdot.net>
* gc.c (rb_raw_obj_info): iseq->body->location.first_lineno is Fixnum.

26
lib/cgi/session.rb
View file

@ -163,24 +163,26 @@ class CGI
# Create a new session id.
#
# The session id is an MD5 hash based upon the time,
# a random number, and a constant string. This routine
# is used internally for automatically generated
# session ids.
# The session id is a secure random number by SecureRandom
# if possible, otherwise an SHA512 hash based upon the time,
# a random number, and a constant string. This routine is
# used internally for automatically generated session ids.
def create_new_id
require 'securerandom'
begin
# by OpenSSL, or system provided entropy pool
session_id = SecureRandom.hex(16)
rescue NotImplementedError
require 'digest/md5'
md5 = Digest::MD5::new
# never happens on modern systems
require 'digest'
d = Digest('SHA512').new
now = Time::now
md5.update(now.to_s)
md5.update(String(now.usec))
md5.update(String(rand(0)))
md5.update(String($$))
md5.update('foobar')
session_id = md5.hexdigest
d.update(now.to_s)
d.update(String(now.usec))
d.update(String(rand(0)))
d.update(String($$))
d.update('foobar')
session_id = d.hexdigest[0, 32]
end
session_id
end