From 293735eca715c7cc5221e551e5eb41f92b6abd0f Mon Sep 17 00:00:00 2001
From: 0livd <github@destras.fr>
Date: Mon, 23 Oct 2017 23:03:44 +0200
Subject: Make authentication logic simpler and safer (#270)

* Fixed exposed password in session

The project password was set in clear text
in the session cookie. The cookie payload is
only base64 encoded so it must not be used to
store private information. The password is
simply replaced by a boolean.

* Simplify authentication logic
---
 CHANGELOG.rst | 1 +
 1 file changed, 1 insertion(+)

(limited to 'CHANGELOG.rst')

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 27c6cbd..c2dba84 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -17,6 +17,7 @@ Changed
 =======
 
 - Logged admin can see any project (#262)
+- Simpler and safer authentication logic (#270)
 - Better install doc (#275)
 
 Added
-- 
cgit v1.1