Rev 539 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
537 | daniel-mar | 1 | Where is SERVER_SECRET being used? |
2 | ---------------------------------- |
||
3 | |||
4 | System: |
||
566 | daniel-mar | 5 | - Auth content Store |
6 | OIDplusAuthContentStoreJWT.class: Key to sign JWT tokens (used for Automated AJAX requests) using HMAC |
||
537 | daniel-mar | 7 | - Session Handler: Encryption of session contents |
8 | - Auth utils: Generation of auth keys |
||
9 | makeAuthKey(data) = sha3_512(SERVER_SECRET + "/AUTHKEY/" + data) |
||
10 | used at plugin invite RA (ra/092): |
||
11 | makeAuthKey("activate_ra;" + email + ";" + timestamp) |
||
12 | = sha3_512(SERVER_SECRET + "/AUTHKEY/activate_ra;" + email + ";" + timestamp) |
||
13 | used at plugin change RA email (ra/102): |
||
14 | makeAuthKey("activate_new_ra_email;" + old_email + ";" + new_email + ";" + timestamp) |
||
15 | = sha3_512(SERVER_SECRET + "/AUTHKEY/activate_new_ra_email;" + old_email + ";" + new_email + ";" + timestamp) |
||
16 | used at plugin forgot RA password (public/091): |
||
17 | makeAuthKey("reset_password;" + email + ";" + timestamp) |
||
18 | = sha3_512(SERVER_SECRET + "/AUTHKEY/reset_password;" + email + ";" + timestamp) |
||
19 | used at plugin ViaThinkSoft FreeOID activation (public/200): |
||
20 | makeAuthKey("com.viathinksoft.freeoid.activate_freeoid;" + email + ";" + timestamp) |
||
21 | = sha3_512(SERVER_SECRET + "/AUTHKEY/com.viathinksoft.freeoid.activate_freeoid;" + email + ";" + timestamp) |
||
22 | |||
23 | Plugin WHOIS (public/100): |
||
24 | - Authentication token for hidden OIDs = smallhash(SERVER_SECRET + "/WHOIS/" + id); |
||
25 | |||
26 | Plugin VNag version check (admin/901): |
||
539 | daniel-mar | 27 | - Webreader password = sha3_512(SERVER_SECRET + "/VNAG") |
537 | daniel-mar | 28 | |
29 | Plugin automated AJAX calls (admin/910): |
||
30 | - Unlock key (to avoid brute force attacks) = sha3_512("ANTI-BRUTEFORCE-AJAX/admin/" + SERVER_SECRET) |
||
31 | |||
32 | Plugin automated AJAX calls (ra/910): |
||
33 | - Unlock key (to avoid brute force attacks) = sha3_512("ANTI-BRUTEFORCE-AJAX/" + email + "/" + SERVER_SECRET) |
||
34 |