From 3e2d68a059d559b59cac1f513b31f4d710dab806 Mon Sep 17 00:00:00 2001
From: Andy Lutomirski <luto@amacapital.net>
Date: Mon, 11 Aug 2014 17:51:27 -0700
Subject: [PATCH] webconfig: fixes for token security

 * Use 16-byte tokens
 * Use os.urandom (random.getrandbits shouldn't be used for security)
 * Convert to hex correctly
---
 share/tools/web_config/webconfig.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/share/tools/web_config/webconfig.py b/share/tools/web_config/webconfig.py
index 452f7716e..43d2ced0d 100755
--- a/share/tools/web_config/webconfig.py
+++ b/share/tools/web_config/webconfig.py
@@ -17,7 +17,7 @@ else:
     from urllib.parse import parse_qs
 import webbrowser
 import subprocess
-import re, socket, os, sys, cgi, select, time, glob, random, string
+import re, socket, os, sys, cgi, select, time, glob, random, string, binascii
 try:
     import json
 except ImportError:
@@ -654,7 +654,7 @@ where = os.path.dirname(sys.argv[0])
 os.chdir(where)
 
 # Generate a 16-byte random key as a hexadecimal string
-authkey = hex(random.getrandbits(16*4))[2:]
+authkey = binascii.b2a_hex(os.urandom(16))
 
 # Try to find a suitable port
 PORT = 8000