From 12ada83027694f799d6ee5caddb00f5ffe1b4d8d Mon Sep 17 00:00:00 2001 From: Jon Bergli Heier Date: Tue, 15 Feb 2011 23:46:03 +0100 Subject: Use sha1 instead of md5. --- fbin.py | 8 ++++---- templates/help.tmpl | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/fbin.py b/fbin.py index 9a1a4df..507512e 100755 --- a/fbin.py +++ b/fbin.py @@ -85,7 +85,7 @@ class Application(object): finally: session.close() - digest = hashlib.md5(str(uid) + user.password).hexdigest() + digest = hashlib.sha1(str(uid) + user.password).hexdigest() return user if (digest == identifier) else None def file(self, environ, start_response, path): @@ -143,7 +143,7 @@ class Application(object): })) username = form.getvalue('username') - password = hashlib.md5(form.getvalue('password')).hexdigest() + password = hashlib.sha1(form.getvalue('password')).hexdigest() user = self.get_user(username, password) @@ -156,7 +156,7 @@ class Application(object): c = Cookie.SimpleCookie() c['uid'] = user.id - c['identifier'] = hashlib.md5(str(user.id) + password).hexdigest() + c['identifier'] = hashlib.sha1(str(user.id) + password).hexdigest() dt = datetime.datetime.utcnow() + datetime.timedelta(days = 30) expires = dt.strftime('%a, %d-%b-%y %H:%M:%S GMT') @@ -187,7 +187,7 @@ class Application(object): 'error': 'Passwords doesn\'t match', })) - user = self.add_user(username, hashlib.md5(password).hexdigest()) + user = self.add_user(username, hashlib.sha1(password).hexdigest()) if not user: start_response('200 OK', [('Content-Type', 'text/html')]) return str(templates.register(searchList = { diff --git a/templates/help.tmpl b/templates/help.tmpl index 48d12bc..95748f5 100644 --- a/templates/help.tmpl +++ b/templates/help.tmpl @@ -3,7 +3,7 @@ #extends templates.base #def content

Usage: POST to $scheme://$host/u with filedata given to "file" and original filename to "filename". - Login is sent by cookies with user id in "uid" and an identifier which is md5(uid+md5(password)).

+ Login is sent by cookies with user id in "uid" and an identifier which is sha1(uid+sha1(password)).

cURL example: curl -b 'uid=42; identifier=3858f62230ac3c915f300c664312c63f' -F 'file=@image.png' -F 'filename=image.png' http://myhost/u Here user id is 42 and the password is "foobar".

-- cgit v1.2.3