diff options
| author | Jon Bergli Heier <snakebite@jvnv.net> | 2011-02-15 23:46:03 +0100 |
|---|---|---|
| committer | Jon Bergli Heier <snakebite@jvnv.net> | 2011-02-15 23:51:24 +0100 |
| commit | 12ada83027694f799d6ee5caddb00f5ffe1b4d8d (patch) | |
| tree | 36ea4f69059c4eb6ed603ff510ad3e2f0338ef7c | |
| parent | 5695704aed741e3443fa5c4d87856cab475128b8 (diff) | |
Use sha1 instead of md5.
| -rwxr-xr-x | fbin.py | 8 | ||||
| -rw-r--r-- | templates/help.tmpl | 2 |
2 files changed, 5 insertions, 5 deletions
@@ -85,7 +85,7 @@ class Application(object): finally: session.close() - digest = hashlib.md5(str(uid) + user.password).hexdigest() + digest = hashlib.sha1(str(uid) + user.password).hexdigest() return user if (digest == identifier) else None def file(self, environ, start_response, path): @@ -143,7 +143,7 @@ class Application(object): })) username = form.getvalue('username') - password = hashlib.md5(form.getvalue('password')).hexdigest() + password = hashlib.sha1(form.getvalue('password')).hexdigest() user = self.get_user(username, password) @@ -156,7 +156,7 @@ class Application(object): c = Cookie.SimpleCookie() c['uid'] = user.id - c['identifier'] = hashlib.md5(str(user.id) + password).hexdigest() + c['identifier'] = hashlib.sha1(str(user.id) + password).hexdigest() dt = datetime.datetime.utcnow() + datetime.timedelta(days = 30) expires = dt.strftime('%a, %d-%b-%y %H:%M:%S GMT') @@ -187,7 +187,7 @@ class Application(object): 'error': 'Passwords doesn\'t match', })) - user = self.add_user(username, hashlib.md5(password).hexdigest()) + user = self.add_user(username, hashlib.sha1(password).hexdigest()) if not user: start_response('200 OK', [('Content-Type', 'text/html')]) return str(templates.register(searchList = { diff --git a/templates/help.tmpl b/templates/help.tmpl index 48d12bc..95748f5 100644 --- a/templates/help.tmpl +++ b/templates/help.tmpl @@ -3,7 +3,7 @@ #extends templates.base #def content <p>Usage: POST to <a href="$scheme://$host/u">$scheme://$host/u</a> with filedata given to "file" and original filename to "filename". - Login is sent by cookies with user id in "uid" and an identifier which is md5(uid+md5(password)).</p> + Login is sent by cookies with user id in "uid" and an identifier which is sha1(uid+sha1(password)).</p> <p>cURL example: <code>curl -b 'uid=42; identifier=3858f62230ac3c915f300c664312c63f' -F 'file=@image.png' -F 'filename=image.png' http://myhost/u</code> Here user id is 42 and the password is "foobar".</p> |