r888888888
122970bc11
fixes #2620 : Users who logged in securely should always be redirected to the HTTPS version of Danbooru
2016-07-18 16:48:10 -07:00
r888888888
8ea992168b
add httponly constraint to user_name cookie #2621
2016-07-12 12:30:01 -07:00
r888888888
5b3a4b768c
fixes #2557
2015-12-17 14:29:17 -08:00
r888888888
7e07b874a4
implementation for #1469
...
This reverts commit 18edc937fd
2014-03-14 18:39:31 -07:00
r888888888
18edc937fd
Revert "implementation for #1469 "
...
This reverts commit 08b9b2771f
2014-03-10 16:31:38 -07:00
r888888888
08b9b2771f
implementation for #1469
2014-03-07 15:55:49 -08:00
r888888888
80c1c13ce3
fixes #1851
2013-07-26 17:37:44 -07:00
小太
cba839ba76
Kill trailing whitespace in ruby files
2013-03-19 23:10:10 +11:00
albert
5ab9887923
only store partial hash in cookies for validation
2013-03-05 16:49:09 -05:00
albert
f52181db94
Major revamp of security. Passwords are first SHA1 hashed and then
...
that hash is bcrypted. Bcrypted hashes are stored in a new column on
users. This separate column is only to allow for rollbacks,
eventually the old SHA1 hash column will be removed. Sensitive cookie
details are now encrypted to prevent user tampering and more stringent
checks on secret_token and session_secret_key are enforced.
2013-03-04 22:55:41 -05:00
albert
d324f4a071
refactored login process, added remember option for login
2011-10-15 16:36:07 -04:00
