[Koha-bugs] [Bug 17494] Koha generating duplicate self registration tokens
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Oct 25 13:46:21 CEST 2016
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17494
--- Comment #2 from Kyle M Hall <kyle at bywatersolutions.com> ---
(In reply to Jonathan Druart from comment #1)
> Have you seen that with your own eyes? :)
> It seems very unlikely to get twice the same memory address to calculate the
> md5.
Yes, and I agree it does seem unlikely, but I've actually seen it multiple
times! I think maybe memory re-use is possibly higher under plack?
Perhaps instead of using the patron hash to generate an md5 we should just use
a random alphanumeric string generator, check the db to make sure that number
doesn't already exist, and enforce uniqueness on the token column to ensure
this situation cannot possibly happen.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list