1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-25 16:22:43 +01:00
phorge-phorge/src/applications
epriestley 0669abc5f0 Use a proper entropy source to generate file keys
Summary:
See T549. Under configurations where files are served from an alternate domain
which does not have cookie credentials, we use random keys to prevent browsing,
similar to how Facebook relies on pseudorandom information in image URIs (we
could some day go farther than this and generate file sessions on the alternate
domain or something, I guess).

Currently, we generate these random keys in a roundabout manner. Instead, use a
real entropy source and store the key on the object. This reduces the number of
sha1() calls in the codebase as per T547.

Test Plan: Ran upgrade scripts, verified database was populated correctly.
Configured alternate file domain, uploaded file, verified secret generated and
worked properly. Changed secret, was given 404.

Reviewers: jungejason, benmathews, nh, tuomaspelkonen, aran

Reviewed By: aran

CC: aran, epriestley

Differential Revision: 1036
2011-10-23 14:42:23 -07:00
..
auth Add Google as an OAuth2 provider (BETA) 2011-09-14 07:32:04 -07:00
base Make detection/recovery for bad cookies more strict 2011-08-19 15:45:35 -07:00
calendar Build a basic calendar view 2011-08-08 10:34:06 -07:00
conduit Replace callsites to sha1() that use it to asciify entropy with 2011-10-21 11:55:28 -07:00
countdown Fix some brace lint stuff. 2011-08-02 10:40:45 -07:00
daemon Refactor repository reparse scripts to be more useful 2011-09-27 17:20:04 -07:00
differential Add an optional configuration option to set 'Precedence: bulk' headers on 2011-10-23 14:25:13 -07:00
diffusion Add test to check all symbols can be loaded 2011-10-20 16:43:13 -07:00
directory Use Javelin workflow on directory item deletion 2011-05-28 11:57:31 -07:00
draft/storage Revision comment drafts. 2011-02-05 16:57:21 -08:00
feed Fix generateChronologicalKey() for 32-bit machines 2011-09-14 09:03:45 -07:00
files Use a proper entropy source to generate file keys 2011-10-23 14:42:23 -07:00
help/controller Explicitly show that "escape" closes dialogs in Phabricator 2011-08-02 09:21:28 -07:00
herald Make Herald Rules sticky in X-Herald-Rules 2011-08-17 10:38:29 -07:00
maniphest Add an optional configuration option to set 'Precedence: bulk' headers on 2011-10-23 14:25:13 -07:00
markup Allow custom hyperlinks; Pass differential.diff-id into remarkup engine config 2011-10-20 14:39:18 -07:00
metamta Add an optional configuration option to set 'Precedence: bulk' headers on 2011-10-23 14:25:13 -07:00
owners Removing reordering code that wasn't needed 2011-04-20 17:07:46 -07:00
paste Fix header display bug on forked pastes. 2011-07-21 11:22:56 -04:00
people Add a name token table so on-demand typeaheads can match last names 2011-10-23 14:25:26 -07:00
phid Replace callsites to sha1() that use it to asciify entropy with 2011-10-21 11:55:28 -07:00
phriction Some documentation updates. 2011-09-14 08:02:31 -07:00
project Fixed documentation in PhabricatorProjectSubproject 2011-09-13 21:21:12 -07:00
repository Add an optional configuration option to set 'Precedence: bulk' headers on 2011-10-23 14:25:13 -07:00
search Some documentation updates. 2011-09-14 08:02:31 -07:00
slowvote Fix link to Slowvote user guide 2011-10-20 14:33:34 -07:00
status/base Add /status/ 2011-04-08 11:13:51 -07:00
typeahead/controller Add a name token table so on-demand typeaheads can match last names 2011-10-23 14:25:26 -07:00
uiexample Add missing includes from XHPAST parse bug. 2011-04-06 23:14:58 -07:00
xhpastview Add missing includes from XHPAST parse bug. 2011-04-06 23:14:58 -07:00
xhprof Improve DarkConsole "Services" and "XHProf" plugins 2011-07-11 12:51:58 -07:00