diff options
| author | bwarsaw | 2000-07-19 20:49:55 +0000 |
|---|---|---|
| committer | bwarsaw | 2000-07-19 20:49:55 +0000 |
| commit | 2daf1c8f2e33b4b2eb08ebd8afc7bb627fb6a7a6 (patch) | |
| tree | 4c2d625c6b69e81da3ae7adca504fe37ec351001 /misc/Cookie.py | |
| parent | 6f1d369434d939642355b94845598cbab09d6b79 (diff) | |
| download | mailman-2daf1c8f2e33b4b2eb08ebd8afc7bb627fb6a7a6.tar.gz mailman-2daf1c8f2e33b4b2eb08ebd8afc7bb627fb6a7a6.tar.zst mailman-2daf1c8f2e33b4b2eb08ebd8afc7bb627fb6a7a6.zip | |
Several changes which will hopefully fix the cookie re-authentication
problem. Specifically,
WebAuthenticate(): Coding style changes.
MakeCookie(): Create the cookie value in such a way as to guarantee
that only the characters [0-9][a-f] are used. This should eliminate
the need for the ugly quote-hack in CheckCookie(), and eliminate the
possibility that wacky characters like semicolon, comma, and space
(not to mention binary data) can confuse the browsers. Specifically,
we marshal the tuple ourselves and hexlify the results, setting the
key to a string. That way we avoid the Cookie module pickling the
data and creating a binary string.
Also, coerce both `issued' and `expires' to integers. Use sha
module and hexdigest() instead of md5 and digest() to hash
password+now+expires.
CheckCookie(): Remove the crufty cookie data quote-hack. Decode the
cookie value by unhexlifying and unmarshaling the string value
ourselves. Use sha module hexdigest() instead of md5's digest().
Diffstat (limited to 'misc/Cookie.py')
0 files changed, 0 insertions, 0 deletions