| 123456789 |
- o Security Features:
- - Provide controllers with a safer way to implement the cookie
- authentication mechanism. With the old method, if another locally
- running program could convince a controller that it was the Tor
- process, then that program could trick the contoller into
- telling it the contents of an arbitrary 32-byte file. The new
- "SAFECOOKIE" authentication method uses a challenge-response
- approach to prevent this. Fixes bug 5185, implements proposal 193.
|
