aboutsummaryrefslogtreecommitdiffstats
path: root/activesupport/Rakefile
diff options
context:
space:
mode:
authorCoda Hale <coda.hale@gmail.com>2009-08-13 10:03:08 -0700
committerMichael Koziarski <michael@koziarski.com>2009-09-04 09:25:38 +1200
commit5e6dab8b34152bc48c89032d20e5bda1511e28fb (patch)
treee07e5aaab885d847f4cdf7006b55fb0601d3b676 /activesupport/Rakefile
parentbd97c3044a7b135f5b84f38c3dbdce2ccc793f70 (diff)
downloadrails-5e6dab8b34152bc48c89032d20e5bda1511e28fb.tar.gz
rails-5e6dab8b34152bc48c89032d20e5bda1511e28fb.tar.bz2
rails-5e6dab8b34152bc48c89032d20e5bda1511e28fb.zip
Fix timing attack vulnerability in ActiveSupport::MessageVerifier.
Use a constant-time comparison algorithm to compare the candidate HMAC with the calculated HMAC to prevent leaking information about the calculated HMAC. Signed-off-by: Michael Koziarski <michael@koziarski.com>
Diffstat (limited to 'activesupport/Rakefile')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-09 04:02:45 +0000