[Openstack-security] [openstack/horizon] SecurityImpact review request change I6774b9b7215d191259586e4721e357487bb777cd
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Fri Oct 10 09:00:19 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/127452
Log:
commit 3a64723917366eff4d8896b2b2d3d82fa462d25d
Author: Brant Knudson <bknudson at us.ibm.com>
Date: Sun Aug 24 10:04:10 2014 -0500
Document token hash algorithm option
With https://review.openstack.org/#/c/116509/ ,
django-openstack-auth will support a new option for the token hash
algorithm. This adds the documentation to Horizon's local settings
example file.
This is for security hardening. The token hash algorithm defaults
to MD5, which is considered too weak due to the potential for hash
collisions. Some security standards require a SHA2 hash algorithm to
be used.
DocImpact
SecurityImpact
Change-Id: I6774b9b7215d191259586e4721e357487bb777cd
Closes-Bug: #1174499
(cherry picked from commit 372d033d89c0f5d305959a6ad5fd3e1159cc91ed)
More information about the Openstack-security
mailing list