kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
10806 commits 72 branches 493 tags 355 MiB
Commit graph

9 commits

Author SHA1 Message Date
Aaron Patterson
f959758687 making secure_compare faster 
[#3195 state:committed]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
 2009-09-13 02:44:52 -07:00
Michael Koziarski
e590508a9b Dup the arguments to string compare so we can use force_encoding. 2009-09-13 10:36:04 +12:00
Yehuda Katz
a8a336cbfc Revert "ruby 1.9 friendly secure_compare" because it breaks CI and Sam Ruby's suite 
This reverts commit 5de75398c4.
 2009-09-12 14:35:03 -05:00
Jakub Kuźma
b22c951e7a ruby 1.9 friendly secure_compare 
Signed-off-by: Michael Koziarski <michael@koziarski.com>
 2009-09-12 12:48:34 +12:00
Jeremy Kemper
aeab739bd5 Ruby 1.9: fix MessageVerifier#secure_compare 2009-09-08 14:05:33 +09:00
Coda Hale
5e6dab8b34 Fix timing attack vulnerability in ActiveSupport::MessageVerifier. 
Use a constant-time comparison algorithm to compare the candidate HMAC with the calculated HMAC to prevent leaking information about the calculated HMAC.

Signed-off-by: Michael Koziarski <michael@koziarski.com>
 2009-09-04 09:25:38 +12:00
Jeremy Kemper
51d155e697 Lazy-require OpenSSL 2008-11-23 15:29:03 -08:00
Michael Koziarski
f9b1aa7f4c Don't need _message as it's in the class name already 2008-11-23 16:33:56 +01:00
Michael Koziarski
d460c9a255 Add ActiveSupport::MessageVerifier to aid users who need to store tamper-proof messages in cookies etc. 
This is particularly useful for things like remember-me tokens in web applications and auto-unsubscribe links in emails.
 2008-11-23 15:33:59 +01:00