Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix use of Deprecation without requiring active_support/deprecation in ↵ | Marten Veldthuis | 2012-01-31 | 1 | -0/+1 |
| | | | | message verifier | ||||
* | fix base64 requires | Sergey Nartimov | 2012-01-03 | 1 | -1/+1 |
| | |||||
* | deprecate ActiveSupport::Base64 | Sergey Nartimov | 2012-01-03 | 1 | -3/+3 |
| | | | | extend and define ::Base64 if needed | ||||
* | Fix typo in deprecation notice | Claudio Poli | 2011-09-16 | 1 | -1/+1 |
| | |||||
* | Use an options hash to specify digest/cipher algorithm and a serializer for ↵ | Willem van Bergen | 2011-09-15 | 1 | -7/+10 |
| | | | | MessageVerifier and MessageEncryptor. | ||||
* | Add some documentation for the new serializer property of MessageVerifier ↵ | Willem van Bergen | 2011-09-15 | 1 | -0/+5 |
| | | | | and MessageEncryptor. | ||||
* | Implement API suggestions of pull request. | Willem van Bergen | 2011-09-15 | 1 | -6/+5 |
| | |||||
* | Custom serializers and deserializers in MessageVerifier and MessageEncryptor. | Willem van Bergen | 2011-09-15 | 1 | -2/+6 |
| | | | | | By default, these classes use Marshal for serializing and deserializing messages. Unfortunately, the Marshal format is closely associated with Ruby internals and even changes between different interpreters. This makes the resulting message very hard to impossible to unserialize messages generated by these classes in other environments like node.js. This patch solves this by allowing you to set your own custom serializer and deserializer lambda functions. By default, it still uses Marshal to be backwards compatible. | ||||
* | more style changes | suchasurge | 2011-03-06 | 1 | -1/+1 |
| | |||||
* | Deletes trailing whitespaces (over text files only find * -type f -exec sed ↵ | Santiago Pastorino | 2010-08-14 | 1 | -7/+7 |
| | | | | 's/[ \t]*$//' -i {} \;) | ||||
* | Revert "Improve performance of MessageVerifier while keeping it constant time" | wycats | 2010-07-13 | 1 | -4/+4 |
| | | | | This reverts commit 8b05c5207dd5757d55d0c384740db289e6bd5415. | ||||
* | Improve performance of MessageVerifier while keeping it constant time | wycats | 2010-06-04 | 1 | -4/+4 |
| | |||||
* | message_verifier.rb needs active_support/core_ext/object/blank | Xavier Noria | 2010-01-01 | 1 | -0/+1 |
| | |||||
* | message_verifier.rb needs active_support/base64 | Xavier Noria | 2010-01-01 | 1 | -0/+2 |
| | |||||
* | String#bytesize is not needed for Ruby >= 1.8.7 | Xavier Noria | 2009-11-09 | 1 | -2/+0 |
| | |||||
* | Ensure MessageVerifier raises appropriate exception on tampered data | Pratik Naik | 2009-10-09 | 1 | -1/+1 |
| | |||||
* | MessageVerifier#verify raises InvalidSignature if the signature is blank | Jeffrey Hardy | 2009-10-05 | 1 | -0/+2 |
| | | | | Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net> | ||||
* | Use OpenSSL::Digest.const(...).new instead of OpenSSL::Digest::Digest.new(...) | Jeremy Kemper | 2009-09-24 | 1 | -1/+1 |
| | |||||
* | Explicitly require String#bytesize extension | Jeremy Kemper | 2009-09-24 | 1 | -0/+2 |
| | |||||
* | Prefer not to shadow a local | Jeremy Kemper | 2009-09-13 | 1 | -1/+1 |
| | |||||
* | making secure_compare faster | Aaron Patterson | 2009-09-13 | 1 | -28/+8 |
| | | | | | | [#3195 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net> | ||||
* | Dup the arguments to string compare so we can use force_encoding. | Michael Koziarski | 2009-09-13 | 1 | -2/+2 |
| | |||||
* | Revert "ruby 1.9 friendly secure_compare" because it breaks CI and Sam ↵ | Yehuda Katz | 2009-09-12 | 1 | -6/+9 |
| | | | | | | Ruby's suite This reverts commit 5de75398c495f109772b622291362a98bc6c21d1. | ||||
* | ruby 1.9 friendly secure_compare | Jakub Kuźma | 2009-09-12 | 1 | -9/+6 |
| | | | | Signed-off-by: Michael Koziarski <michael@koziarski.com> | ||||
* | Ruby 1.9: fix MessageVerifier#secure_compare | Jeremy Kemper | 2009-09-08 | 1 | -9/+27 |
| | |||||
* | Fix timing attack vulnerability in ActiveSupport::MessageVerifier. | Coda Hale | 2009-09-04 | 1 | -3/+16 |
| | | | | | | Use a constant-time comparison algorithm to compare the candidate HMAC with the calculated HMAC to prevent leaking information about the calculated HMAC. Signed-off-by: Michael Koziarski <michael@koziarski.com> | ||||
* | Lazy-require OpenSSL | Jeremy Kemper | 2008-11-23 | 1 | -1/+2 |
| | |||||
* | Don't need _message as it's in the class name already | Michael Koziarski | 2008-11-23 | 1 | -4/+4 |
| | |||||
* | Add ActiveSupport::MessageVerifier to aid users who need to store ↵ | Michael Koziarski | 2008-11-23 | 1 | -0/+45 |
tamper-proof messages in cookies etc. This is particularly useful for things like remember-me tokens in web applications and auto-unsubscribe links in emails. |