Scoop authentication problem
I'm using version 0.9.0-15 of the Scoop CMS, installed via apt-get from
the Unstable distribution. When I tried to create a new user account, I
got the message "Invalid IP or form key".
I threw some debugging statements into /usr/share/perl5/Scoop/Utility.pm
and determined that when it unhashes the IP addresses stored in the
database, the first few characters get screwed up somehow. So it
encrypts a string like "94.229.179.109:1145843199" but when it decrypts
it, it ends up with something like "ûÁ÷¢Ö´$¢79.109:1145843199".
If it had the wrong key, it wouldn't get the second half right. Is
there a known issue with the Debian release of one of the relevant
crypto packages (I think it uses Blowfish)?
Thanks!
mark
Reply to: