View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 6008 | Composr | core | public | 2024-10-19 21:49 | 2024-10-19 21:50 |
| Reporter | PDStig | Assigned To | PDStig | ||
| Priority | high | Severity | feature | ||
| Status | resolved | Resolution | fixed | ||
| Product Version | 11.beta4 | ||||
| Summary | 6008: Convert _url_to_filename to using a base64 salted sha256 | ||||
| Description | I originally changed _url_to_filename to use an md5 hash of the image URL to avoid issues with filenames being too long. But this wasn't a good idea: - MD5 is not secure; its collision potential means we could theoretically generate the same MD5 for two different images which means we leak the thumb of one (potentially restricted) image when viewing another. - We were not salting the MD5, so people could run direct requests to images to try and find thumbs. This fix changes the function to using hash_hmac with the sha256 algorithm and salting with the site salt. It then takes that binary data and base64-encodes it (but making it URL appropriate). This will be much more secure (makes collisions a lot less likely and makes guessing thumb names much harder). We have reached the point in time where we cannot reasonably say because MD5 is faster, we should be using it. A large majority of servers today can now handle a motherload of sha256 hashes just fine. And the security of SHA256 outweighs MD5's speed advantage. I may add a separate issue about changing all use of md5 in the future. | ||||
| Tags | Roadmap: v11 | ||||
| Attach Tags | |||||
| Attached Files | |||||
| Time estimation (hours) | |||||
| Sponsorship open | |||||
|
|
Fixed in Git commit c038c12071 (https://gitlab.com/composr-foundation/composr/commit/c038c12071 - link will become active once code pushed to GitLab) |
|
|
A hotfix (a TAR of files to upload) has been uploaded to this issue. Only apply this hotfix if you absolutely need it and cannot wait until the next release of Composr (releases are more reliable and strictly tested). As of Composr version 11, the recommended way to apply a hotfix is by following the same steps as an upgrade (https://baseurl/upgrader.php, use the hotfix on the step “Transfer across new/updated files”). The upgrader will automatically skip files belonging to addons you do not have installed or that are newer on disk than in the hotfix. Otherwise, you can manually extract and replace these files (do not replace if your on-disk file is newer than the one in the hotfix). Always take backups of your site or at least files you are replacing before applying a hotfix. Not sure how to extract TAR files to your Windows computer? Try 7-zip (http://www.7-zip.org/). |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-10-19 21:50 | PDStig | Tag Attached: Roadmap: v11 |
