1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-22 23:02:42 +01:00
No description
Find a file
Jakub Vrana 32f91557f8 Store hash of session key
Summary:
This prevents security by obscurity.
If I have read-only access to the database then I can pretend to be any logged-in user.

I've used `PhabricatorHash::digest()` (even though we don't need salt as the hashed string is random) to be compatible with user log.

Test Plan:
Applied patch.
Verified I'm still logged in.
Logged out.
Logged in.

  $ arc tasks

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6080
2013-05-30 17:30:06 -07:00
bin Provide 'bin/cache', for managing caches 2013-05-20 10:16:35 -07:00
conf Using PhabricatorExternalAccount 2013-04-28 13:22:33 -07:00
externals Add WePay as a one-time payment provider 2013-05-21 15:34:46 -07:00
resources Store hash of session key 2013-05-30 17:30:06 -07:00
scripts Add a bin/files purge workflow 2013-05-29 06:28:57 -07:00
src Store hash of session key 2013-05-30 17:30:06 -07:00
support Specify HOME when invoking Git commands 2013-05-21 14:14:31 -07:00
webroot Allow datetime inputs to be optional 2013-05-30 16:19:43 -07:00
.arcconfig Use JsShrink if jsxmin is not available 2013-05-18 17:04:22 -07:00
.divinerconfig Centralize rendering of application mail bodies 2012-07-16 19:01:43 -07:00
.editorconfig Specify config for text editors 2012-11-03 22:34:44 -07:00
.gitignore Ignore and README for support/bin 2013-04-03 12:58:39 -07:00
LICENSE Delete license headers from files 2012-11-05 11:16:51 -08:00
NOTICE Increment year. 2013-01-03 05:45:08 -08:00
README Undo accidental commit of garbage to README 2013-05-20 16:16:49 -07:00

Phabricator is an open source collection of web applications which make it
easier to write, review, and share source code. Phabricator was developed at
Facebook.

This is an early release. It's pretty high-quality and usable, but under
active development so things may change quickly.

You can learn more about the project and find links to documentation and
resources at: http://phabricator.org/

LICENSE

Phabricator is released under the Apache 2.0 license except as otherwise noted.