epriestley 0669abc5f0 Use a proper entropy source to generate file keys ... Summary: See T549. Under configurations where files are served from an alternate domain which does not have cookie credentials, we use random keys to prevent browsing, similar to how Facebook relies on pseudorandom information in image URIs (we could some day go farther than this and generate file sessions on the alternate domain or something, I guess). Currently, we generate these random keys in a roundabout manner. Instead, use a real entropy source and store the key on the object. This reduces the number of sha1() calls in the codebase as per T547. Test Plan: Ran upgrade scripts, verified database was populated correctly. Configured alternate file domain, uploaded file, verified secret generated and worked properly. Changed secret, was given 404. Reviewers: jungejason, benmathews, nh, tuomaspelkonen, aran Reviewed By: aran CC: aran, epriestley Differential Revision: 1036		2011-10-23 14:42:23 -07:00
..
controller	Use a proper entropy source to generate file keys	2011-10-23 14:42:23 -07:00
engine	Replace callsites to sha1() that use it to asciify entropy with	2011-10-21 11:55:28 -07:00
engineselector	Add an Amazon S3 storage engine for Phabricator	2011-08-03 10:58:03 -07:00
exception/upload	Improve error messages when hitting PHP file upload issues	2011-08-16 13:16:41 -07:00
storage	Use a proper entropy source to generate file keys	2011-10-23 14:42:23 -07:00
transform	Allow affiliations to carry project ownership information; transform profile	2011-06-28 06:40:41 -07:00
uri	Provide a setting which forces all file views to be served from an alternate	2011-08-16 13:21:46 -07:00