1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-18 21:02:41 +01:00
phorge-phorge/resources/sql/patches
epriestley 0669abc5f0 Use a proper entropy source to generate file keys
Summary:
See T549. Under configurations where files are served from an alternate domain
which does not have cookie credentials, we use random keys to prevent browsing,
similar to how Facebook relies on pseudorandom information in image URIs (we
could some day go farther than this and generate file sessions on the alternate
domain or something, I guess).

Currently, we generate these random keys in a roundabout manner. Instead, use a
real entropy source and store the key on the object. This reduces the number of
sha1() calls in the codebase as per T547.

Test Plan: Ran upgrade scripts, verified database was populated correctly.
Configured alternate file domain, uploaded file, verified secret generated and
worked properly. Changed secret, was given 404.

Reviewers: jungejason, benmathews, nh, tuomaspelkonen, aran

Reviewed By: aran

CC: aran, epriestley

Differential Revision: 1036
2011-10-23 14:42:23 -07:00
..
000.project.sql Task -> Project assocation, file uploads 2011-02-20 20:08:53 -08:00
001.maniphest_projects.sql Fully-qualify this SQL patchfile. 2011-02-20 20:10:07 -08:00
002.oauth.sql Github OAuth 2011-02-21 00:23:24 -08:00
003.more_oauth.sql Store OAuth tokens and more OAuth account info. 2011-02-22 10:27:27 -08:00
004.daemonrepos.sql Rough cut of repository tracking 2011-03-06 22:29:22 -08:00
005.workers.sql Rough cut of Workers 2011-03-10 13:48:29 -08:00
006.repository.sql durf durf sql 2011-03-15 20:51:53 +00:00
007.daemonlog.sql Diffusion/phd/console improvements. 2011-03-15 13:38:14 -07:00
008.repoopt.sql Fix various parsing bugs in Differential. 2011-03-19 14:42:17 -07:00
009.repo_summary.sql Sorta need this file. 2011-03-20 17:55:31 -07:00
010.herald.sql Allow databases to be created outside upgrade_schema scrpt. 2011-10-17 13:59:56 -07:00
011.badcommit.sql Derp derp, apparentl neglected to save this file. 2011-03-26 23:59:29 -07:00
012.dropphidtype.sql Removed "PHID Types" storage object and interface components 2011-03-31 14:01:13 -07:00
013.commitdetail.sql More Diffusion junk. 2011-03-30 22:08:41 -07:00
014.shortcuts.sql Restore "Shortcuts" feature to Diffusion. 2011-03-31 00:33:44 -07:00
015.preferences.sql User preferences ported from tools 2011-03-31 13:44:20 -07:00
016.userrealnameindex.sql Add basic detail-parser functionality. 2011-04-01 17:11:55 -07:00
017.sessionkeys.sql Optimize session query for nontrivial number of user accounts. 2011-04-02 16:39:40 -07:00
018.owners.sql Allow databases to be created outside upgrade_schema scrpt. 2011-10-17 13:59:56 -07:00
019.arcprojects.sql Sync up UUIDs and create project configs. 2011-04-05 21:55:04 -07:00
020.pathcapital.sql Fix field capitalization. 2011-04-05 22:30:10 -07:00
021.xhpastview.sql Allow databases to be created outside upgrade_schema scrpt. 2011-10-17 13:59:56 -07:00
022.differentialcommit.sql Close the loop on Diffusion commits posting back to Differential. 2011-04-07 21:59:42 -07:00
023.dxkeys.sql Turns out MySQL tables need keys. Who knew?! 2011-04-09 22:19:10 -07:00
024.mlistkeys.sql Properly support mailing lists, with actual testing! 2011-04-10 10:16:14 -07:00
025.commentopt.sql Lint and unit star support. 2011-04-10 17:19:01 -07:00
026.diffpropkey.sql Missing key for large datasizes. 2011-04-10 17:25:24 -07:00
027.metamtakeys.sql Add some metamta keys. 2011-04-12 18:19:24 -07:00
028.systemagent.sql Very basic system agent support. 2011-04-12 18:19:25 -07:00
029.cursors.sql Avoid Timeline race condition 2011-04-14 10:12:10 -07:00
030.imagemacro.sql Image macros for Phabricator! 2011-04-13 20:08:13 -07:00
031.workerrace.sql Prevent a race in Phabricator workers 2011-04-14 12:09:56 -07:00
032.viewtime.sql Differential Updates View 2011-04-28 14:40:41 -07:00
033.privtest.sql Improve schema upgrade workflow for unprivileged users 2011-04-30 00:50:48 -07:00
034.savedheader.sql Make X-Herald-Rules header sticky 2011-05-03 06:06:57 -07:00
035.proxyimage.sql Restore image proxying to Remarkup 2011-05-03 18:49:06 -07:00
036.mailkey.sql Support email replies in Phabricator 2011-05-05 14:58:57 -07:00
037.setuptest.sql Add a "setup" mode which guides new users through application configuration 2011-05-10 15:12:30 -07:00
038.admin.sql Admin and disabled flags for users 2011-05-12 11:17:50 -07:00
039.userlog.sql Provide an activity log for login and administrative actions 2011-05-20 19:08:26 -07:00
040.transform.sql Basic image thumbnailing 2011-05-27 09:33:33 -07:00
041.heraldrepetition.sql herald: add the ability to execute a rule the first time only 2011-06-09 10:35:37 -07:00
042.commentmetadata.sql Store metadata with Differential and Maniphest comments, and store added 2011-06-09 10:43:25 -07:00
043.pastebin.sql Allow databases to be created outside upgrade_schema scrpt. 2011-10-17 13:59:56 -07:00
044.countdown.sql Allow databases to be created outside upgrade_schema scrpt. 2011-10-17 13:59:56 -07:00
045.timezone.sql Provide a default non-NULL timezone in the PhabricatorUser class 2011-06-20 13:13:51 -07:00
046.conduittoken.sql Fix syntax clowning in patch 046. 2011-06-20 05:59:42 -07:00
047.projectstatus.sql Project list and profile view modifications 2011-06-20 16:13:44 -03:00
048.relationshipkeys.sql Properly scope some SQL. 2011-06-21 14:46:59 -07:00
049.projectowner.sql Allow affiliations to carry project ownership information; transform profile 2011-06-28 06:40:41 -07:00
050.taskdenormal.sql Allow Maniphest to scale to a massive size 2011-06-28 06:41:05 -07:00
051.projectfilter.sql Allow Maniphest tasks to be filtered by Project 2011-06-29 21:56:47 -07:00
052.pastelanguage.sql Add a syntax highlight dropdown, if pygments is enabled. 2011-07-04 12:23:43 -04:00
053.feed.sql Allow databases to be created outside upgrade_schema scrpt. 2011-10-17 13:59:56 -07:00
054.subscribers.sql Added subscriber view to Maniphest. 2011-07-07 14:08:52 -07:00
055.add_author_to_files.sql Drag-drop file upload. 2011-07-08 15:20:57 -04:00
056.slowvote.sql Allow databases to be created outside upgrade_schema scrpt. 2011-10-17 13:59:56 -07:00
057.parsecache.sql Add Differential parse cache to the GC daemon 2011-07-08 17:31:25 -07:00
058.missingkeys.sql Add missing keys to some tables 2011-07-09 10:55:15 -07:00
059.engines.php Script to selectively convert MyISAM tables to InnoDB 2011-07-11 11:42:28 -07:00
060.phriction.sql Allow databases to be created outside upgrade_schema scrpt. 2011-10-17 13:59:56 -07:00
061.phrictioncontent.sql Basic edit/create workflow for Phriction 2011-07-11 14:47:33 -07:00
062.phrictionmenu.sql Add Phriction to the main nav menu 2011-07-12 09:26:51 -07:00
063.pasteforks.sql Store parents of forked pastes, and list child pastes if there are any. 2011-07-15 18:42:08 -04:00
064.subprojects.sql Allow users to associate SSH Public Keys with their accounts 2011-07-23 09:15:20 -07:00
065.sshkeys.sql Allow users to associate SSH Public Keys with their accounts 2011-07-23 09:15:20 -07:00
066.phrictioncontent.sql Add a 'description' field to Phriction 2011-07-23 21:11:42 -07:00
067.preferences.sql Move "Preferences" to "Settings" 2011-07-24 12:25:43 -07:00
068.maniphestauxiliarystorage.sql Key Value Store for ManiphestTask 2011-07-25 19:11:55 -07:00
069.heraldxscript.sql Improve GC performance for Herald Transcripts 2011-07-28 18:50:54 -07:00
070.differentialaux.sql Add basic auxiliary field storage for Differential 2011-08-14 10:04:21 -07:00
071.contentsource.sql Track content sources (email, web, conduit, mobile) for replies 2011-08-30 11:08:27 -07:00
072.blamerevert.sql Remove blameRevision and revertPlan from the DifferentialRevision schema 2011-09-04 16:19:12 -07:00
073.reposymbols.sql Add storage for repository symbol tracking 2011-09-13 08:49:44 -07:00
074.affectedpath.sql Build an "affected path" index when attaching diffs to revisions 2011-09-15 07:45:14 -07:00
075.revisionhash.sql Add a relation table for Revisions to local commit hashes 2011-09-26 15:02:37 -07:00
076.indexedlanguages.sql Tie all the pieces for symbol cross-references together 2011-10-09 17:58:17 -07:00
077.originalemail.sql Allow bugs@ addresses to blanket-accept tasks 2011-10-20 14:26:19 -07:00
078.nametoken.sql Add a name token table so on-demand typeaheads can match last names 2011-10-23 14:25:26 -07:00
079.nametokenindex.php Add a name token table so on-demand typeaheads can match last names 2011-10-23 14:25:26 -07:00
080.filekeys.sql Use a proper entropy source to generate file keys 2011-10-23 14:42:23 -07:00
081.filekeys.php Use a proper entropy source to generate file keys 2011-10-23 14:42:23 -07:00