Modify

Opened 4 years ago

Closed 9 months ago

Last modified 9 months ago

#7608 closed defect (fixed)

TRAC Login problems caused by RevTree-Plugin / logged in as other user

Reported by: AlexK|Ventuz Owned by: eblot
Priority: high Component: RevtreePlugin
Severity: critical Keywords:
Cc: Trac Release: 0.11

Description

We had some weird log-in problems in the past where a user enters his user credentials but ends up logged in as another user. The source of this problem seems to be the line seed(0) in svgview.py. This messes up the random number generation used by TRAC to create the session cookies (i.e. hex_entropy in the TRAC source code). This line definitely has to be removed/replaced as soon as possible.

Attachments (0)

Change History (3)

comment:1 in reply to: ↑ description ; follow-up: Changed 4 years ago by eblot

Replying to AlexK|Ventuz:

This line definitely has to be removed/replaced as soon as possible.

I think it can be definitely removed: AFAIR, it's a left-over from a very old implementation where the branch colors where generated randomly. This feature has been dropped a long time ago, as it led to use different color for the same branch on each page refresh. For several years, the branch color is computed from the branch name, so that a constant color is always assigned to a given branch.

comment:2 Changed 9 months ago by eblot

  • Resolution set to fixed
  • Status changed from new to closed

In 13716:

Closes #7608. Remove seed initializer, keep random color generation in case a branch is not named (which should never happen)

comment:3 in reply to: ↑ 1 Changed 9 months ago by eblot

Replying to eblot:

Replying to AlexK|Ventuz: I think it can be definitely removed: AFAIR, it's a left-over from a very old implementation where the branch colors where generated randomly...

Very true.

Add Comment

Modify Ticket

Action
as closed The owner will remain eblot.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.