Use secure hash algorithm in WebConfiguration.sign_text
Fix: PendingDeprecationWarning: HMAC() without an explicit digestmod argument is deprecated.
The default hash algorithm used by hmac.new is md5. As of today, md5 is so weak
that it's the equivalent of plaintext and can't be considered to be secured at all.
Therefor, we switch to a secure hash algorithm.
The rational for choosing sha3_512 is:
* the recommended algorithm is at least sha_256
* the stronger, the more secured and sha3_512 is the stronger available
* thinking about the future this should keep this part of the code safe long
enough before people think about checking it again
You can read more about choosing a secure hash algorithm in the NIST
recommendations https://csrc.nist.gov/Projects/Hash-Functions/NIST-Policy-on-Hash-Functions
This code modification should normally be transparent since check_text_sign is
exactly this code 'self.sign_text(text) == signature' and that sign_text is
only used in combination with it. The only impact is that the hash is going to
move from 32 char to 128 which might make html page a bit bigger and that
sha3_512 is slow to compute (which is a good thing for security)
=====================================================
|cubicweb| - The Semantic Web is a construction game!
=====================================================
|cubicweb| is a semantic web application framework, licensed under the LGPL,
that empowers developers to efficiently build web applications by reusing
components (called `cubes`) and following the well known object-oriented design
principles.
Main Features
~~~~~~~~~~~~~
* an engine driven by the explicit :ref:`data model
<TutosBaseCustomizingTheApplicationDataModel>` of the application,
* a query language named :ref:`RQL <RQL>` similar to W3C's SPARQL,
* a :ref:`selection+view <TutosBaseCustomizingTheApplicationCustomViews>`
mechanism for semi-automatic XHTML/XML/JSON/text generation,
* a library of reusable :ref:`components <Cube>` (data model and views) that
fulfill common needs,
* the power and flexibility of the Python_ programming language,
* the reliability of SQL databases, LDAP directories, Subversion and Mercurial
for storage backends.
Built since 2000 from an R&D effort still continued, supporting 100,000s of
daily visits at some production sites, |cubicweb| is a proven end to end solution
for semantic web application development that promotes quality, reusability and
efficiency.
QuickStart
~~~~~~~~~~
The impatient developer will move right away to :ref:`SetUpEnv` then to :ref:`ConfigEnv`.
Social
~~~~~~
* Chat on the `jabber forum`_
* Discuss on the `mailing-list`_
* Discover on the `blog`_
* Contribute on the forge_
.. _Logilab: http://www.logilab.fr/
.. _forge: http://www.cubicweb.org/project/
.. _Python: http://www.python.org/
.. _`jabber forum`: http://www.logilab.org/blogentry/6718
.. _`mailing-list`: http://lists.cubicweb.org/mailman/listinfo/cubicweb
.. _blog: http://www.cubicweb.org/blog/1238
Narrative Documentation
~~~~~~~~~~~~~~~~~~~~~~~
A.k.a. "The Book"
.. toctree::
:maxdepth: 2
book/intro/index
.. toctree::
:maxdepth: 2
tutorials/index
.. toctree::
:maxdepth: 3
book/devrepo/index
book/devweb/index
book/pyramid/index
.. toctree::
:maxdepth: 2
book/admin/index
book/additionnal_services/index
book/annexes/index
Changes
~~~~~~~
.. toctree::
:maxdepth: 2
changes/changelog
Reference documentation
~~~~~~~~~~~~~~~~~~~~~~~
API
'''
.. toctree::
:maxdepth: 1
:glob:
api/*
.. toctree::
:maxdepth: 1
book/en/devweb/js_api/index
Developpers
~~~~~~~~~~~
.. toctree::
:maxdepth: 1
:glob:
How to contribute to the code base <https://hg.logilab.org/master/cubicweb/file/tip/README#l39>
General contribution guide for cubes <https://www.logilab.org/Card/contributing>
dev/*
Indexes
~~~~~~~
* the :ref:`genindex`,
* the :ref:`modindex`,