blob: fd7d7af2b01fa32a5072724869d90ce957aeec7e (
plain)
1
2
3
4
5
6
7
8
9
|
o Security Features:
- Provide controllers with a safer way to implement the cookie
authentication mechanism. With the old method, if another locally
running program could convince a controller that it was the Tor
process, then that program could trick the contoller into
telling it the contents of an arbitrary 32-byte file. The new
"SAFECOOKIE" authentication method uses a challenge-response
approach to prevent this. Fixes bug 5185, implements proposal 193.
|