aboutsummaryrefslogtreecommitdiffstats
path: root/activesupport/lib/active_support/message_verifier.rb
Commit message (Collapse)AuthorAgeFilesLines
* String#bytesize is not needed for Ruby >= 1.8.7Xavier Noria2009-11-091-2/+0
|
* Ensure MessageVerifier raises appropriate exception on tampered dataPratik Naik2009-10-091-1/+1
|
* MessageVerifier#verify raises InvalidSignature if the signature is blankJeffrey Hardy2009-10-051-0/+2
| | | | Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Use OpenSSL::Digest.const(...).new instead of OpenSSL::Digest::Digest.new(...)Jeremy Kemper2009-09-241-1/+1
|
* Explicitly require String#bytesize extensionJeremy Kemper2009-09-241-0/+2
|
* Prefer not to shadow a localJeremy Kemper2009-09-131-1/+1
|
* making secure_compare fasterAaron Patterson2009-09-131-28/+8
| | | | | | [#3195 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Dup the arguments to string compare so we can use force_encoding.Michael Koziarski2009-09-131-2/+2
|
* Revert "ruby 1.9 friendly secure_compare" because it breaks CI and Sam ↵Yehuda Katz2009-09-121-6/+9
| | | | | | Ruby's suite This reverts commit 5de75398c495f109772b622291362a98bc6c21d1.
* ruby 1.9 friendly secure_compareJakub Kuźma2009-09-121-9/+6
| | | | Signed-off-by: Michael Koziarski <michael@koziarski.com>
* Ruby 1.9: fix MessageVerifier#secure_compareJeremy Kemper2009-09-081-9/+27
|
* Fix timing attack vulnerability in ActiveSupport::MessageVerifier.Coda Hale2009-09-041-3/+16
| | | | | | Use a constant-time comparison algorithm to compare the candidate HMAC with the calculated HMAC to prevent leaking information about the calculated HMAC. Signed-off-by: Michael Koziarski <michael@koziarski.com>
* Lazy-require OpenSSLJeremy Kemper2008-11-231-1/+2
|
* Don't need _message as it's in the class name alreadyMichael Koziarski2008-11-231-4/+4
|
* Add ActiveSupport::MessageVerifier to aid users who need to store ↵Michael Koziarski2008-11-231-0/+45
tamper-proof messages in cookies etc. This is particularly useful for things like remember-me tokens in web applications and auto-unsubscribe links in emails.