diff options
author | Helmut Grohne <helmut@subdivi.de> | 2009-03-29 23:27:33 +0200 |
---|---|---|
committer | Helmut Grohne <helmut@subdivi.de> | 2009-03-29 23:27:33 +0200 |
commit | 56be1861917a9081a3883ae3b080d4683b52402c (patch) | |
tree | 9645dda500527e80bbc33470294a91344ea1f004 /wsgitools/scgi.py | |
parent | 58149dfd3d67399a47dbf3035ab0f5a866abcd23 (diff) | |
download | wsgitools-56be1861917a9081a3883ae3b080d4683b52402c.tar.gz |
improve digest module (killed isnonce method)
Prior to this change the digest module would check whether a nonce
looks like a nonce, verify the response and then verify the nonce.
This left a bit more room for brute forcing passwords, as the same
nonce could be used in arbitrary many tries and a stale response
would indicate an authentication success. Now authentication is only
tried for valid nonces. This also makes the NonceStoreBase.isnonce
method superfluous.
Diffstat (limited to 'wsgitools/scgi.py')
0 files changed, 0 insertions, 0 deletions