kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
10755 commits 72 branches 493 tags 355 MiB
Commit graph

4 commits

Author SHA1 Message Date
Coda Hale
5e6dab8b34 Fix timing attack vulnerability in ActiveSupport::MessageVerifier. 
Use a constant-time comparison algorithm to compare the candidate HMAC with the calculated HMAC to prevent leaking information about the calculated HMAC.

Signed-off-by: Michael Koziarski <michael@koziarski.com>
 2009-09-04 09:25:38 +12:00
Jeremy Kemper
51d155e697 Lazy-require OpenSSL 2008-11-23 15:29:03 -08:00
Michael Koziarski
f9b1aa7f4c Don't need _message as it's in the class name already 2008-11-23 16:33:56 +01:00
Michael Koziarski
d460c9a255 Add ActiveSupport::MessageVerifier to aid users who need to store tamper-proof messages in cookies etc. 
This is particularly useful for things like remember-me tokens in web applications and auto-unsubscribe links in emails.
 2008-11-23 15:33:59 +01:00