Upstream
/
dynmap
mirror of https://github.com/webbukkit/dynmap.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Switch to SecureRandom for web auth token (avoid hugely unlikely 

compromise during login register process...).
This commit is contained in:
Michael Primm 2023-09-27 12:25:14 -05:00
parent 92b9016c65
commit 79f354b111
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
DynmapCore/src/main/java/org/dynmap/WebAuthManager.java
View File

@ -7,11 +7,11 @@ import java.io.IOException;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.security.MessageDigest; import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.Properties; import java.util.Properties;
import java.util.Random;
import java.util.Set; import java.util.Set;
import org.dynmap.common.DynmapCommandSender; import org.dynmap.common.DynmapCommandSender;
@ -26,7 +26,7 @@ public class WebAuthManager {
public static final String WEBAUTHFILE = "webauth.txt"; public static final String WEBAUTHFILE = "webauth.txt";
private static final String HASHSALT = "$HASH_SALT$"; private static final String HASHSALT = "$HASH_SALT$";
private static final String PWDHASH_PREFIX = "hash."; private static final String PWDHASH_PREFIX = "hash.";
private Random rnd = new Random(); private SecureRandom rnd = new SecureRandom();
private DynmapCore core; private DynmapCore core;
private String publicRegistrationURL; private String publicRegistrationURL;