Upstream
/
dynmap
mirror of https://github.com/webbukkit/dynmap.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Switch to SecureRandom for web auth token (avoid hugely unlikely 

compromise during login register process...).
This commit is contained in:
Michael Primm 2023-09-27 12:25:14 -05:00
parent 92b9016c65
commit 79f354b111
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
DynmapCore/src/main/java/org/dynmap/WebAuthManager.java
View File

@ -7,11 +7,11 @@ import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Properties;
import java.util.Random;
import java.util.Set;
import org.dynmap.common.DynmapCommandSender;
@ -26,7 +26,7 @@ public class WebAuthManager {
public static final String WEBAUTHFILE = "webauth.txt";
private static final String HASHSALT = "$HASH_SALT$";
private static final String PWDHASH_PREFIX = "hash.";
private Random rnd = new Random();
private SecureRandom rnd = new SecureRandom();
private DynmapCore core;
private String publicRegistrationURL;