wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
server/core/js
History
Lukas Reschke bc6d17ed74 Add check for availability of /dev/urandom 
Without /dev/urandom being available to read the medium RNG will rely only on the following components on a Linux system:

1. MicroTime: microtime() . memory_get_usage() as seed and then a garbage collected microtime for loop
2. MTRand: chr((mt_rand() ^ mt_rand()) % 256)
3. Rand: chr((rand() ^ rand()) % 256)
4. UniqId: Plain uniqid()

An adversary with the possibility to predict the seed used by the PHP process may thus be able to predict future tokens which is an unwanted behaviour.

One should note that this behaviour is documented in our documentation to ensure that users get aware of this even without reading our documentation this will add a post setup check to the administrative interface.

Thanks to David Black from d1b.org for bringing this again to our attention.
2015-05-26 14:16:07 +02:00
..
tests Add check for availability of /dev/urandom 2015-05-26 14:16:07 +02:00
apps.js adjust animations of Share, Versions and others to OC.menuSpeed 2015-03-26 12:21:40 +01:00
avatar.js Load avatar in header via PHP 2014-10-23 23:17:18 +02:00
backgroundjobs.js add admin documentation hints to Federated Cloud Sharing and cron 2015-04-09 12:07:05 +02:00
compatibility.js Scrutinizer cleanup 2014-06-02 21:09:41 +02:00
config.js Improved Javascript docs for JSDoc 2014-10-31 13:43:30 +01:00
config.php Correctly generate the doc link via go.php 2015-04-09 12:30:18 +02:00
core.json Merge pull request #14582 from rullzer/avatar_fixes 2015-03-04 10:30:09 +01:00
eventsource.js Encode requesttoken 2015-02-16 20:28:30 +01:00
installation.js load showpassord.js conditionally in the template only if needed 2014-12-16 18:45:37 +01:00
jquery-showpassword.js Shows The Eye permanently in the Confirm Password field in Personal Settings - fix #5167 2013-10-12 12:42:23 +02:00
jquery-tipsy.js Fix size calculation with css styling of tipsy popup 2011-10-21 22:08:55 +02:00
jquery.avatar.js Color avatars of non-existing users gray and display X instead 2015-03-13 15:29:52 +01:00
jquery.ocdialog.js Resize filepicker on window size change 2015-05-06 11:00:23 +02:00
js.js remove slow fade animation for tipsy tooltip 2015-04-15 09:10:21 +02:00
l10n.js Added ext storage mount options GUI 2015-03-26 11:21:03 +01:00
lostpassword.js Use / as redirect location if webroot is set to an empty value 2014-11-21 15:38:36 +01:00
maintenance-check.js Use OC.webroot instead of calculating the URL 2015-05-11 17:01:57 +02:00
multiselect.js also add title to multiselect create new element, fix #15954 2015-05-01 13:47:37 -04:00
oc-dialogs.js add max-width of 600px to filepicker 2015-05-06 11:15:48 +02:00
oc-requesttoken.js Add OCS API header per default 2014-11-21 19:54:19 +01:00
octemplate.js Scrutinizer cleanup 2014-06-02 21:09:41 +02:00
placeholder.js Renamed current placeholder jquery plugin to imageplaceholder 2013-10-23 16:47:25 +02:00
placeholders.js move to updated version of placeholder 2014-06-03 16:18:06 +02:00
setup.js Add hint about additional PHP database modules 2015-05-18 22:59:35 +02:00
setupchecks.js Add check for availability of /dev/urandom 2015-05-26 14:16:07 +02:00
share.js Merge pull request #12401 from owncloud/add-limit-parameter-to-getSharewith 2015-05-19 12:40:37 +02:00
singleselect.js Do not close container/slider when clicking on single select field 2014-08-15 12:44:00 +02:00
tags.js Scrutinizer cleanup 2014-06-02 21:09:41 +02:00
update-notification.js Use OC.Notification for update notifications 2015-05-03 17:26:03 +02:00
update.js 3rd-party apps are disabled on upgrade - refs #14026 2015-02-24 12:02:36 +01:00
visitortimezone.js send browsers timezone back tp the server on login 2014-09-22 14:01:45 +02:00