Roundcubemail devel
parent: 7d9a29 | patch | commitdiff
Aleksander Machniak
2015-09-28 3d9798da1f9d130abffad3cb429ac3be677791c5
refs
author Aleksander Machniak <alec@alec.pl>
Monday, September 28, 2015 02:57 -0400
committer Aleksander Machniak <alec@alec.pl>
Monday, September 28, 2015 02:57 -0400
commit3d9798da1f9d130abffad3cb429ac3be677791c5
tree 26ec4f9eb84e54a5b710c473fdc2a045557fa5d6 tree | zip | gz
parent 7d9a29cbc058c1ef02a0033ec3332c229e4c6b5e view | diff 
Make brute force attacks harder by re-generating security token on every failed login (#1490549)

Or more precissely use the same we did in git-master, i.e. do not base the token on
session ID, but use random bytes instead.
2 files modified
14 ■■■■ changed files
CHANGELOG 1 ●●●● diff | view | raw | blame | history
program/lib/Roundcube/rcube.php 13 ●●●● diff | view | raw | blame | history