mirror of
https://codeberg.org/forgejo/forgejo
synced 2024-09-19 05:13:11 +02:00
fe3b294f7b
- The current architecture is inherently insecure, because you can construct the 'secret' cookie value with values that are available in the database. Thus provides zero protection when a database is dumped/leaked. - This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies). - Integration testing is added to ensure the new mechanism works. - Removes a setting, because it's not used anymore. (cherry picked from commit |
||
---|---|---|
.. | ||
actions | ||
agit | ||
asymkey | ||
attachment | ||
auth | ||
automerge | ||
context | ||
convert | ||
cron | ||
externalaccount | ||
feed | ||
forgejo | ||
forms | ||
gitdiff | ||
indexer | ||
issue | ||
lfs | ||
mailer | ||
markup | ||
migrations | ||
mirror | ||
notify | ||
org | ||
packages | ||
pull | ||
release | ||
repository | ||
secrets | ||
task | ||
uinotification | ||
user | ||
webhook | ||
wiki |