diff options
author | Daniel Schadt <kingdread@gmx.de> | 2022-07-29 21:26:23 +0200 |
---|---|---|
committer | Daniel Schadt <kingdread@gmx.de> | 2022-07-29 21:26:23 +0200 |
commit | 0daae8ac72907101f281e34d773775636d07b059 (patch) | |
tree | adf6b9c745342de1b3d4ba2a276aaecfe436cef1 /doc/developer.rst | |
parent | 948dbb6c11f217400cd3842dc13974dc23f121b2 (diff) | |
download | fietsboek-0daae8ac72907101f281e34d773775636d07b059.tar.gz fietsboek-0daae8ac72907101f281e34d773775636d07b059.tar.bz2 fietsboek-0daae8ac72907101f281e34d773775636d07b059.zip |
use secrets to safely generate random tokens
The usage of os.urandom was fine to generate a salt, but using secrets
here makes sure that the intent is carried across.
For the share tokens, using random might be insecure. We should err on
the side of caution and use a secure PRNG here, so now we use secrets
here as well.
For tokens (password reset, ...), UUID4 is probably also fine, so we'll
leave that for now.
Diffstat (limited to 'doc/developer.rst')
0 files changed, 0 insertions, 0 deletions