durusmail: quixote-users: small patch to session code
small patch to session code
2002-10-20
Jon Dyte
small patch to session code
Jon Dyte
2002-10-20
This removes the packbytes function, and replaces randlong with
randhexstr which uses the binascii.hexlify function instead.

Taking a string from dev/urandom converting it to a long integer
and then back to a string via "%016X" % seemed longwinded to me.
The main benefit is probably code deletion. If the hexstring
returned from randhexstr absolutely needs to be uppercase, then
the call randhexstr(8).upper() should satisfy that.


Jon

Index: session.py
===================================================================
RCS file: /home/cvs/quixote/session.py,v
retrieving revision 1.58
diff -c -r1.58 session.py
*** session.py  18 Oct 2002 21:16:23 -0000      1.58
--- session.py  20 Oct 2002 14:40:28 -0000
***************
*** 23,60 ****

  import sys, string
  from time import time, localtime, strftime, clock

  from quixote import get_publisher
  from quixote.errors import SessionError

- def packbytes(s):
-     "convert a string of bytes into a long integer"
-     n = 0L
-     for b in s:
-         n <<= 8
-         n |= ord(b)
-     return n
-
  try:
      # /dev/urandom is just as good as /dev/random for cookies (assuming
      # SHA-1 is secure) and it never blocks.
      open("/dev/urandom")
!     def randlong(bytes):
!         """Return bits of random data as a long integer."""
!         return packbytes(open("/dev/urandom").read(bytes))

  except IOError:
      # this is much less secure than the above function
      import sha
      _randstate = sha.new(str(time() + clock()))
!     def randlong(bytes):
!         """Return bits of random data as a long integer."""
          global _randstate
          s = ""
          while len(s) < bytes:
              _randstate.update(str(time() + clock()))
              s += _randstate.digest()
!         return packbytes(s[:bytes])


  class SessionManager:
--- 23,53 ----

  import sys, string
  from time import time, localtime, strftime, clock
+ from binascii import hexlify

  from quixote import get_publisher
  from quixote.errors import SessionError

  try:
      # /dev/urandom is just as good as /dev/random for cookies (assuming
      # SHA-1 is secure) and it never blocks.
      open("/dev/urandom")
!     def randhexstr(bytes):
!         """Return bits of random data as hex string of bytes."""
!         return hexlify(open("/dev/urandom").read(bytes))

  except IOError:
      # this is much less secure than the above function
      import sha
      _randstate = sha.new(str(time() + clock()))
!     def randhexstr(bytes):
!         """Return bits of random data as a hex string of bytes."""
          global _randstate
          s = ""
          while len(s) < bytes:
              _randstate.update(str(time() + clock()))
              s += _randstate.digest()
!         return hexlify(s[:bytes])


  class SessionManager:
***************
*** 255,261 ****
          # used with the session manager mapping interface.)
          id = None
          while id is None or self.has_session(id):
!             id = "%016X" % randlong(8)  # 64-bit random number
          return id

      def _create_session (self, request):
--- 248,254 ----
          # used with the session manager mapping interface.)
          id = None
          while id is None or self.has_session(id):
!             id = randhexstr(8)  # 64-bit random number
          return id

      def _create_session (self, request):
reply