Use a proper entropy source to generate file keys
Summary:
See T549. Under configurations where files are served from an alternate domain
which does not have cookie credentials, we use random keys to prevent browsing,
similar to how Facebook relies on pseudorandom information in image URIs (we
could some day go farther than this and generate file sessions on the alternate
domain or something, I guess).
Currently, we generate these random keys in a roundabout manner. Instead, use a
real entropy source and store the key on the object. This reduces the number of
sha1() calls in the codebase as per T547.
Test Plan: Ran upgrade scripts, verified database was populated correctly.
Configured alternate file domain, uploaded file, verified secret generated and
worked properly. Changed secret, was given 404.
Reviewers: jungejason, benmathews, nh, tuomaspelkonen, aran
Reviewed By: aran
CC: aran, epriestley
Differential Revision: 1036
2011-10-23 22:50:10 +02:00
|
|
|
<?php
|
|
|
|
|
2015-05-22 09:27:56 +02:00
|
|
|
echo pht('Generating file keys...')."\n";
|
2013-01-17 02:55:39 +01:00
|
|
|
$table = new PhabricatorFile();
|
|
|
|
$table->openTransaction();
|
|
|
|
$table->beginReadLocking();
|
|
|
|
|
|
|
|
$files = $table->loadAllWhere('secretKey IS NULL');
|
2015-05-22 09:27:56 +02:00
|
|
|
echo pht('%d files to generate keys for', count($files));
|
Use a proper entropy source to generate file keys
Summary:
See T549. Under configurations where files are served from an alternate domain
which does not have cookie credentials, we use random keys to prevent browsing,
similar to how Facebook relies on pseudorandom information in image URIs (we
could some day go farther than this and generate file sessions on the alternate
domain or something, I guess).
Currently, we generate these random keys in a roundabout manner. Instead, use a
real entropy source and store the key on the object. This reduces the number of
sha1() calls in the codebase as per T547.
Test Plan: Ran upgrade scripts, verified database was populated correctly.
Configured alternate file domain, uploaded file, verified secret generated and
worked properly. Changed secret, was given 404.
Reviewers: jungejason, benmathews, nh, tuomaspelkonen, aran
Reviewed By: aran
CC: aran, epriestley
Differential Revision: 1036
2011-10-23 22:50:10 +02:00
|
|
|
foreach ($files as $file) {
|
|
|
|
queryfx(
|
2013-01-17 02:55:39 +01:00
|
|
|
$file->establishConnection('w'),
|
Use a proper entropy source to generate file keys
Summary:
See T549. Under configurations where files are served from an alternate domain
which does not have cookie credentials, we use random keys to prevent browsing,
similar to how Facebook relies on pseudorandom information in image URIs (we
could some day go farther than this and generate file sessions on the alternate
domain or something, I guess).
Currently, we generate these random keys in a roundabout manner. Instead, use a
real entropy source and store the key on the object. This reduces the number of
sha1() calls in the codebase as per T547.
Test Plan: Ran upgrade scripts, verified database was populated correctly.
Configured alternate file domain, uploaded file, verified secret generated and
worked properly. Changed secret, was given 404.
Reviewers: jungejason, benmathews, nh, tuomaspelkonen, aran
Reviewed By: aran
CC: aran, epriestley
Differential Revision: 1036
2011-10-23 22:50:10 +02:00
|
|
|
'UPDATE %T SET secretKey = %s WHERE id = %d',
|
|
|
|
$file->getTableName(),
|
|
|
|
$file->generateSecretKey(),
|
|
|
|
$file->getID());
|
|
|
|
echo '.';
|
|
|
|
}
|
2013-01-17 02:55:39 +01:00
|
|
|
|
|
|
|
$table->endReadLocking();
|
|
|
|
$table->saveTransaction();
|
2015-05-22 09:27:56 +02:00
|
|
|
echo "\n".pht('Done.')."\n";
|