From 12ada83027694f799d6ee5caddb00f5ffe1b4d8d Mon Sep 17 00:00:00 2001
From: Jon Bergli Heier
Date: Tue, 15 Feb 2011 23:46:03 +0100
Subject: Use sha1 instead of md5.
---
fbin.py | 8 ++++----
templates/help.tmpl | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/fbin.py b/fbin.py
index 9a1a4df..507512e 100755
--- a/fbin.py
+++ b/fbin.py
@@ -85,7 +85,7 @@ class Application(object):
finally:
session.close()
- digest = hashlib.md5(str(uid) + user.password).hexdigest()
+ digest = hashlib.sha1(str(uid) + user.password).hexdigest()
return user if (digest == identifier) else None
def file(self, environ, start_response, path):
@@ -143,7 +143,7 @@ class Application(object):
}))
username = form.getvalue('username')
- password = hashlib.md5(form.getvalue('password')).hexdigest()
+ password = hashlib.sha1(form.getvalue('password')).hexdigest()
user = self.get_user(username, password)
@@ -156,7 +156,7 @@ class Application(object):
c = Cookie.SimpleCookie()
c['uid'] = user.id
- c['identifier'] = hashlib.md5(str(user.id) + password).hexdigest()
+ c['identifier'] = hashlib.sha1(str(user.id) + password).hexdigest()
dt = datetime.datetime.utcnow() + datetime.timedelta(days = 30)
expires = dt.strftime('%a, %d-%b-%y %H:%M:%S GMT')
@@ -187,7 +187,7 @@ class Application(object):
'error': 'Passwords doesn\'t match',
}))
- user = self.add_user(username, hashlib.md5(password).hexdigest())
+ user = self.add_user(username, hashlib.sha1(password).hexdigest())
if not user:
start_response('200 OK', [('Content-Type', 'text/html')])
return str(templates.register(searchList = {
diff --git a/templates/help.tmpl b/templates/help.tmpl
index 48d12bc..95748f5 100644
--- a/templates/help.tmpl
+++ b/templates/help.tmpl
@@ -3,7 +3,7 @@
#extends templates.base
#def content
Usage: POST to $scheme://$host/u with filedata given to "file" and original filename to "filename".
- Login is sent by cookies with user id in "uid" and an identifier which is md5(uid+md5(password)).
+ Login is sent by cookies with user id in "uid" and an identifier which is sha1(uid+sha1(password)).
cURL example:
curl -b 'uid=42; identifier=3858f62230ac3c915f300c664312c63f' -F 'file=@image.png' -F 'filename=image.png' http://myhost/u
Here user id is 42 and the password is "foobar".
--
cgit v1.2.3