August 1st, 2002

ljcom

Module Name: ljcom
Committed By: bradfitz
Date: Fri Aug 2 00:42:07 UTC 2002

Modified Files:
---------------
ljcom/cgi-bin/bml/scheme/dystopia: generic.look
ljcom/htdocs: comment_recv.bml

Log Message:
------------
- remove some crap code in comment_recv.bml
- make dystopia get full remote


To generate a diff of this commit:
cvs rdiff -r1.32 -r1.33 ljcom/cgi-bin/bml/scheme/dystopia/generic.look
http://cvs.livejournal.org/browse.cgi/ljcom/cgi-bin/bml/scheme/dystopia/generic.look.diff?r1=1.32&r2=1.33
cvs rdiff -r1.7 -r1.8 ljcom/htdocs/comment_recv.bml
http://cvs.livejournal.org/browse.cgi/ljcom/htdocs/comment_recv.bml.diff?r1=1.7&r2=1.8

livejournal

Module Name: livejournal
Committed By: bradfitz
Date: Fri Aug 2 00:46:16 UTC 2002

Modified Files:
---------------
livejournal/bin/upgrading: en.dat update-db-general.pl
livejournal/cgi-bin: ljlib.pl ljprotocol.pl
livejournal/htdocs: changepassword.bml login.bml logout.bml
modify_do.bml talkpost_do.bml
livejournal/htdocs/friends: edit_do.bml

Log Message:
------------
Phase 1 of security enhancements.

-- login cookies no longer have md5 password in them ... use sessions

-- rate limit more (all?) places where passwords are checked. if there
are ones I missed, I'd be very interested in knowing where.

-- don't mail clear text password on password change.

If no problems are found with this, the next phase will begin,
involving challenge/response logins (already working on fotobilder),
and the complete elimination of hidden hpassword fields, including
those in HTML emails. Instead, single use/single purpose cookies will
be used there.

Please, test this code out so we can get it running on livejournal.com
and begin phase 2.


To generate a diff of this commit:
cvs rdiff -r1.28 -r1.29 livejournal/bin/upgrading/en.dat
http://cvs.livejournal.org/browse.cgi/livejournal/bin/upgrading/en.dat.diff?r1=1.28&r2=1.29
cvs rdiff -r1.72 -r1.73 livejournal/bin/upgrading/update-db-general.pl
http://cvs.livejournal.org/browse.cgi/livejournal/bin/upgrading/update-db-general.pl.diff?r1=1.72&r2=1.73
cvs rdiff -r1.231 -r1.232 livejournal/cgi-bin/ljlib.pl
http://cvs.livejournal.org/browse.cgi/livejournal/cgi-bin/ljlib.pl.diff?r1=1.231&r2=1.232
cvs rdiff -r1.117 -r1.118 livejournal/cgi-bin/ljprotocol.pl
http://cvs.livejournal.org/browse.cgi/livejournal/cgi-bin/ljprotocol.pl.diff?r1=1.117&r2=1.118
cvs rdiff -r1.11 -r1.12 livejournal/htdocs/changepassword.bml
http://cvs.livejournal.org/browse.cgi/livejournal/htdocs/changepassword.bml.diff?r1=1.11&r2=1.12
cvs rdiff -r1.14 -r1.15 livejournal/htdocs/login.bml
http://cvs.livejournal.org/browse.cgi/livejournal/htdocs/login.bml.diff?r1=1.14&r2=1.15
cvs rdiff -r1.12 -r1.13 livejournal/htdocs/logout.bml
http://cvs.livejournal.org/browse.cgi/livejournal/htdocs/logout.bml.diff?r1=1.12&r2=1.13
cvs rdiff -r1.26 -r1.27 livejournal/htdocs/modify_do.bml
http://cvs.livejournal.org/browse.cgi/livejournal/htdocs/modify_do.bml.diff?r1=1.26&r2=1.27
cvs rdiff -r1.71 -r1.72 livejournal/htdocs/talkpost_do.bml
http://cvs.livejournal.org/browse.cgi/livejournal/htdocs/talkpost_do.bml.diff?r1=1.71&r2=1.72
cvs rdiff -r1.20 -r1.21 livejournal/htdocs/friends/edit_do.bml
http://cvs.livejournal.org/browse.cgi/livejournal/htdocs/friends/edit_do.bml.diff?r1=1.20&r2=1.21