http://distrettoict.crs4.it/labcontenuti/wiki/public/api indicates REST
requests are authenticated with sha1(secret + message). This would seem to be
vulnerable to a length-extension attack.
I think using HMAC would be more secure (
http://docs.python.org/library/hmac.html ).
Original issue reported on code.google.com by dylan.t...@gmail.com on 5 Jan 2012 at 12:02
Original issue reported on code.google.com by
dylan.t...@gmail.comon 5 Jan 2012 at 12:02