diff options
| author | Andy Staudacher <andy.st@gmail.com> | 2010-01-30 21:42:57 -0800 |
|---|---|---|
| committer | Andy Staudacher <andy.st@gmail.com> | 2010-01-30 21:42:57 -0800 |
| commit | 1470b99d1facd07fcb46c0c4e46896d339f5a75a (patch) | |
| tree | 2e5198c80e014b94c5b5156cc8d7ee5b9e7480c6 /modules/rest/helpers | |
| parent | cb92e58d40bfa866c07b10fe189bd653074a9917 (diff) | |
Protect REST login controller from brute force attacks too.
And make the REST auth token less predictable by using a better source for randomness.
Diffstat (limited to 'modules/rest/helpers')
| -rw-r--r-- | modules/rest/helpers/rest.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php index 3883794a..b3f80a55 100644 --- a/modules/rest/helpers/rest.php +++ b/modules/rest/helpers/rest.php @@ -64,7 +64,7 @@ class rest_Core { if (!$key->loaded()) { $key->user_id = $user_id; - $key->access_key = md5(rand()); + $key->access_key = md5(md5(uniqid(mt_rand(), true) . access::private_key())); $key->save(); } return $key; |