Subject: The mailing list for listmasters using Sympa
List archive
[sympa-users] replacing cookie value for existing sympa installation
- From: "Philip Crandall" <address@concealed>
- To: <address@concealed>
- Subject: [sympa-users] replacing cookie value for existing sympa installation
- Date: Tue, 14 Oct 2008 14:29:06 -0500
|
Hello, We need to replace the cookie secret value for our sympa installation. I know that the secret is used for passwords stored in the database as well as for generating session cookies. Most of our users are ldap users, and I’ve figured out how to decrypt and re-encrypt the passwords in the database manually. I also see that the cookie.history file would need to be changed to allow sympa to start with the new value. Is there anywhere else that the secret is used? Are there other caveats to changing this value?
Additionally, we feel that an 8 byte hash probably does not provide sufficient protection of the secret. Is there a specific reason for an 8-byte length (in cookielib.pm)? Would it be safe to increase the length to 16 or 32 bytes?
Thanks,
Philip Crandall NSIT Network-Based Services University of Chicago
|
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
-
[sympa-users] replacing cookie value for existing sympa installation,
Philip Crandall, 10/14/2008
-
Re: [sympa-users] replacing cookie value for existing sympa installation,
Serge Aumont, 10/15/2008
- RE: [sympa-users] replacing cookie value for existing sympa installation, Philip Crandall, 10/20/2008
-
Re: [sympa-users] replacing cookie value for existing sympa installation,
Serge Aumont, 10/15/2008
Archive powered by MHonArc 2.6.19+.