aboutsummaryrefslogtreecommitdiffstats
path: root/railties/lib/rails/generators/erb/controller/templates
diff options
context:
space:
mode:
authorNick Malcolm <nick@revert.io>2016-04-12 00:14:09 +1200
committerNick Malcolm <nick@revert.io>2016-04-12 09:41:51 +1200
commit750e6dafd23698ad3cd363cd52c55502b1a12375 (patch)
tree50c7a31697012d318e26578dfa441dddb554b094 /railties/lib/rails/generators/erb/controller/templates
parent0caf8ffd7d19a3a3c8d7eca158b4ea66185ce4ae (diff)
downloadrails-750e6dafd23698ad3cd363cd52c55502b1a12375.tar.gz
rails-750e6dafd23698ad3cd363cd52c55502b1a12375.tar.bz2
rails-750e6dafd23698ad3cd363cd52c55502b1a12375.zip
[ci skip] This modifies the HTTP Token authentication example's `authenticate` method, to use the `secure_compare` method with two constant-length strings. This defends against timing attacks, and is best practice. Using `==` for sensitive actions is not recommended, and this was the source of a CVE fixed in October 2015: https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbda
Diffstat (limited to 'railties/lib/rails/generators/erb/controller/templates')
0 files changed, 0 insertions, 0 deletions