aboutsummaryrefslogtreecommitdiffstats
path: root/.gitattributes
diff options
context:
space:
mode:
authorNick Malcolm <nick@revert.io>2016-04-12 00:14:09 +1200
committerNick Malcolm <nick@revert.io>2016-04-12 09:41:51 +1200
commit750e6dafd23698ad3cd363cd52c55502b1a12375 (patch)
tree50c7a31697012d318e26578dfa441dddb554b094 /.gitattributes
parent0caf8ffd7d19a3a3c8d7eca158b4ea66185ce4ae (diff)
downloadrails-750e6dafd23698ad3cd363cd52c55502b1a12375.tar.gz
rails-750e6dafd23698ad3cd363cd52c55502b1a12375.tar.bz2
rails-750e6dafd23698ad3cd363cd52c55502b1a12375.zip
[ci skip] This modifies the HTTP Token authentication example's `authenticate` method, to use the `secure_compare` method with two constant-length strings. This defends against timing attacks, and is best practice. Using `==` for sensitive actions is not recommended, and this was the source of a CVE fixed in October 2015: https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbda
Diffstat (limited to '.gitattributes')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 04:58:49 +0000