Subversion Repositories oidplus

Rev

Go to most recent revision | Show changed files | Details | Compare with Previous | Blame | RSS feed

Filtering Options

Rev Age Author Path Log message Diff
711 2021-12-26 18:33:19 daniel-marschall /trunk/ Auth keys (internally used for email verification etc.) now use HMAC instead of normal hash
Added new base config setting RA_PASSWORD_PEPPER_ALGO (dangerous! Only for experts!)
OIDplusSessionHandler.class.php: Improved internal encryption!

ATTENTION
!!! If you are updating from the TAR.GZ distibution channel, then the update *will* temporarily
!!! FAIL with the error message "Authentication failed". Once the error appears, close your
!!! browser window and delete the cookies, then log-in again, and continue the update process.
!!! (The error happens because of the update of the internal session encryption procedure)		  
622 2021-06-11 00:37:28 daniel-marschall /trunk/ Change to JWT key of HS512 (if no PKI is available)  
581 2021-05-17 22:41:35 daniel-marschall /trunk/ Privacy documentation  
574 2021-05-16 03:04:22 daniel-marschall /trunk/ NEW: JWT tokens of Automated AJAX calls can now be blacklisted
REMOVED: Automated AJAX calls using "batch_username" arguments		  
570 2021-05-15 17:00:51 daniel-marschall /trunk/ Security: JWTs are now signed using RSA if OpenSSL is available.
Security: If not, then the key of JWT (which is the server secret) is processed via PBKDF2		  
566 2021-05-14 16:07:03 daniel-marschall /trunk/ Automated AJAX requests are now protected via a JWT, which is signed and doesn't contain the user's password anymore. The old method (username+password+antiBruteforceUnlockKey) is still accepted for backwards compatibility.
REMOVED: OIDplusSessionHandler->simulate
Created new class "OIDplusAuthContentStore" to make "OIDplusAuthUtils" more flexible		  
539 2021-04-11 19:59:24 daniel-marschall /trunk/ VNag password update  
537 2021-04-10 20:53:54 daniel-marschall /trunk/ VNag is now password protected
WebWHOIS uses CR LF as line ending