aboutsummaryrefslogtreecommitdiffstats
path: root/activesupport/lib/active_support/message_verifier.rb
Commit message (Collapse)AuthorAgeFilesLines
* update AS docs [ci skip]Francesco Rodriguez2012-09-171-7/+7
|
* remove ActiveSupport::Base64 in favor of ::Base64Sergey Nartimov2012-01-021-3/+3
|
* deprecate Base64.encode64s from AS. Use Base64.strict_encode64 insteadVasiliy Ermolovich2011-12-271-2/+2
|
* Remove deprecations from Active Support.José Valim2011-12-201-5/+0
|
* Fix typo in deprecation noticeClaudio Poli2011-09-161-1/+1
|
* Use an options hash to specify digest/cipher algorithm and a serializer for ↵Willem van Bergen2011-09-151-7/+10
| | | | MessageVerifier and MessageEncryptor.
* Add some documentation for the new serializer property of MessageVerifier ↵Willem van Bergen2011-09-151-0/+5
| | | | and MessageEncryptor.
* Implement API suggestions of pull request.Willem van Bergen2011-09-151-6/+5
|
* Custom serializers and deserializers in MessageVerifier and MessageEncryptor.Willem van Bergen2011-09-151-2/+6
| | | | | By default, these classes use Marshal for serializing and deserializing messages. Unfortunately, the Marshal format is closely associated with Ruby internals and even changes between different interpreters. This makes the resulting message very hard to impossible to unserialize messages generated by these classes in other environments like node.js. This patch solves this by allowing you to set your own custom serializer and deserializer lambda functions. By default, it still uses Marshal to be backwards compatible.
* more style changessuchasurge2011-03-061-1/+1
|
* Deletes trailing whitespaces (over text files only find * -type f -exec sed ↵Santiago Pastorino2010-08-141-7/+7
| | | | 's/[ \t]*$//' -i {} \;)
* Revert "Improve performance of MessageVerifier while keeping it constant time"wycats2010-07-131-4/+4
| | | | This reverts commit 8b05c5207dd5757d55d0c384740db289e6bd5415.
* Improve performance of MessageVerifier while keeping it constant timewycats2010-06-041-4/+4
|
* message_verifier.rb needs active_support/core_ext/object/blankXavier Noria2010-01-011-0/+1
|
* message_verifier.rb needs active_support/base64Xavier Noria2010-01-011-0/+2
|
* String#bytesize is not needed for Ruby >= 1.8.7Xavier Noria2009-11-091-2/+0
|
* Ensure MessageVerifier raises appropriate exception on tampered dataPratik Naik2009-10-091-1/+1
|
* MessageVerifier#verify raises InvalidSignature if the signature is blankJeffrey Hardy2009-10-051-0/+2
| | | | Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Use OpenSSL::Digest.const(...).new instead of OpenSSL::Digest::Digest.new(...)Jeremy Kemper2009-09-241-1/+1
|
* Explicitly require String#bytesize extensionJeremy Kemper2009-09-241-0/+2
|
* Prefer not to shadow a localJeremy Kemper2009-09-131-1/+1
|
* making secure_compare fasterAaron Patterson2009-09-131-28/+8
| | | | | | [#3195 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Dup the arguments to string compare so we can use force_encoding.Michael Koziarski2009-09-131-2/+2
|
* Revert "ruby 1.9 friendly secure_compare" because it breaks CI and Sam ↵Yehuda Katz2009-09-121-6/+9
| | | | | | Ruby's suite This reverts commit 5de75398c495f109772b622291362a98bc6c21d1.
* ruby 1.9 friendly secure_compareJakub Kuźma2009-09-121-9/+6
| | | | Signed-off-by: Michael Koziarski <michael@koziarski.com>
* Ruby 1.9: fix MessageVerifier#secure_compareJeremy Kemper2009-09-081-9/+27
|
* Fix timing attack vulnerability in ActiveSupport::MessageVerifier.Coda Hale2009-09-041-3/+16
| | | | | | Use a constant-time comparison algorithm to compare the candidate HMAC with the calculated HMAC to prevent leaking information about the calculated HMAC. Signed-off-by: Michael Koziarski <michael@koziarski.com>
* Lazy-require OpenSSLJeremy Kemper2008-11-231-1/+2
|
* Don't need _message as it's in the class name alreadyMichael Koziarski2008-11-231-4/+4
|
* Add ActiveSupport::MessageVerifier to aid users who need to store ↵Michael Koziarski2008-11-231-0/+45
tamper-proof messages in cookies etc. This is particularly useful for things like remember-me tokens in web applications and auto-unsubscribe links in emails.