Re: [pve-devel] [PATCH v4 0/3] use hmac_sha256 instead of sha1 for csrf token

On 6/19/19 9:39 AM, Oguz Bektas wrote: > we use sha1 while generating our csrf token, switched to hmac sha256 as > suggested in owasp csrf cheatsheet[0]. > > [0]: > https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md#token-based-m

[pve-devel] [PATCH v4 0/3] use hmac_sha256 instead of sha1 for csrf token

we use sha1 while generating our csrf token, switched to hmac sha256 as suggested in owasp csrf cheatsheet[0]. [0]: https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md#token-based-mitigation pve-access-control: Oguz Bektas (1):