kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
11630 commits 72 branches 493 tags 355 MiB
Commit graph

15 commits

Author SHA1 Message Date
Xavier Noria
004db18cb0 String#bytesize is not needed for Ruby >= 1.8.7 2009-11-09 22:16:51 +01:00
Pratik Naik
69aa5e8a86 Ensure MessageVerifier raises appropriate exception on tampered data 2009-10-09 02:26:18 +01:00
Jeffrey Hardy
9212138ad0 MessageVerifier#verify raises InvalidSignature if the signature is blank 
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
 2009-10-05 13:38:26 -07:00
Jeremy Kemper
0a692e48ae Use OpenSSL::Digest.const(...).new instead of OpenSSL::Digest::Digest.new(...) 2009-09-24 22:44:40 -07:00
Jeremy Kemper
5d24827e39 Explicitly require String#bytesize extension 2009-09-24 22:44:40 -07:00
Jeremy Kemper
7e6652edbf Prefer not to shadow a local 2009-09-13 05:56:21 -07:00
Aaron Patterson
f959758687 making secure_compare faster 
[#3195 state:committed]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
 2009-09-13 02:44:52 -07:00
Michael Koziarski
e590508a9b Dup the arguments to string compare so we can use force_encoding. 2009-09-13 10:36:04 +12:00
Yehuda Katz
a8a336cbfc Revert "ruby 1.9 friendly secure_compare" because it breaks CI and Sam Ruby's suite 
This reverts commit 5de75398c4.
 2009-09-12 14:35:03 -05:00
Jakub Kuźma
b22c951e7a ruby 1.9 friendly secure_compare 
Signed-off-by: Michael Koziarski <michael@koziarski.com>
 2009-09-12 12:48:34 +12:00
Jeremy Kemper
aeab739bd5 Ruby 1.9: fix MessageVerifier#secure_compare 2009-09-08 14:05:33 +09:00
Coda Hale
5e6dab8b34 Fix timing attack vulnerability in ActiveSupport::MessageVerifier. 
Use a constant-time comparison algorithm to compare the candidate HMAC with the calculated HMAC to prevent leaking information about the calculated HMAC.

Signed-off-by: Michael Koziarski <michael@koziarski.com>
 2009-09-04 09:25:38 +12:00
Jeremy Kemper
51d155e697 Lazy-require OpenSSL 2008-11-23 15:29:03 -08:00
Michael Koziarski
f9b1aa7f4c Don't need _message as it's in the class name already 2008-11-23 16:33:56 +01:00
Michael Koziarski
d460c9a255 Add ActiveSupport::MessageVerifier to aid users who need to store tamper-proof messages in cookies etc. 
This is particularly useful for things like remember-me tokens in web applications and auto-unsubscribe links in emails.
 2008-11-23 15:33:59 +01:00