Make brute force attacks harder by re-generating security token on every failed login (#1490549)
Or more precissely use the same we did in git-master, i.e. do not base the token on session ID, but use random bytes instead.pull/315/head
parent
7d9a29cbc0
commit
3d9798da1f
Loading…
Reference in New Issue