sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use random bytes instead of time 

Thanks for the heads-up @VicDeo :-)
remotes/origin/stable6
Lukas Reschke 2013-04-04 01:05:44 +07:00
parent ba7c0cf548
commit 6645a54cac
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/setup.php
Unescape Escape View File

@ -243,7 +243,7 @@ class OC_Setup {
$dbusername=substr('oc_'.$username, 0, 16);
if($dbusername!=$oldUser) {
//hash the password so we don't need to store the admin config in the config file
$dbpassword=md5(time().$dbpass);
$dbpassword=OC_Util::generate_random_bytes(30);
self::createDBUser($dbusername, $dbpassword, $connection);
@ -333,7 +333,7 @@ class OC_Setup {
//add prefix to the postgresql user name to prevent collisions
$dbusername='oc_'.$username;
//create a new password so we don't need to store the admin config in the config file
$dbpassword=md5(OC_Util::generate_random_bytes(30));
$dbpassword=OC_Util::generate_random_bytes(30);
self::pg_createDBUser($dbusername, $dbpassword, $connection);
@ -476,7 +476,7 @@ class OC_Setup {
//add prefix to the oracle user name to prevent collisions
$dbusername='oc_'.$username;
//create a new password so we don't need to store the admin config in the config file
$dbpassword=md5(time().$dbpass);
$dbpassword=OC_Util::generate_random_bytes(30);
//oracle passwords are treated as identifiers:
// must start with aphanumeric char