On Sat, Jun 27, 2009 at 06:00:32PM +0200, Julien Valroff wrote:
[...]
> I am not a security expert, and I am not sure to understand how
> your patch would make ajaxterm really secure. From what I could
> read, Math.random() is said to be inherently insecure.
Well, the primary concern (according to
Apologies--my previous message included a broken patch from an
earlier attempt rather than the current one. Here is what I'm
presently using on my sytems:
--- /usr/share/ajaxterm/ajaxterm.js 2009-02-17 13:40:43.0 +
+++ ajaxterm.js 2009-05-17 20:15:16.0 +
@@ -3,7 +3,16
Since sid is used as a string, here's a cheap way to increase its
complexity by more than 10^7 without increasing its length, simply
by adding mixed-case letters (this is what I've done on systems
where I use the application and it works fine):
--- /usr/share/ajaxterm/ajaxterm.js 2009-02-17 1
tags 442424 + patch
(tried to tag the wrong bug number in my last update--sorry!)
--
{ IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657);
SMTP([EMAIL PROTECTED]); IRC([EMAIL PROTECTED]); ICQ(114362511);
AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER([EMAIL PROTECTED]);
MUD(
tags 436187 + patch
The last few patches provided by wigge appear to mostly address this
bug:
http://sourceforge.net/tracker/?atid=525126&group_id=69596&func=browse
Confirmed working after updating the Debian package to the latest
stable upstream (0.7.8-3) and applying the patches, though note t
5 matches
Mail list logo
