revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-23 13:08:18 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/resources
History
Jakub Vrana 32f91557f8 Store hash of session key 
Summary:
This prevents security by obscurity.
If I have read-only access to the database then I can pretend to be any logged-in user.

I've used `PhabricatorHash::digest()` (even though we don't need salt as the hashed string is random) to be compatible with user log.

Test Plan:
Applied patch.
Verified I'm still logged in.
Logged out.
Logged in.

  $ arc tasks

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6080
2013-05-30 17:30:06 -07:00
..
builtin Provide "builtin" files and use them to fix Pholio when files are deleted 2013-05-08 18:12:52 -07:00
chatbot Improve some documentation/examples for bot stuff 2013-02-14 12:47:39 -08:00
font Made Meme Generator 2013-01-19 18:43:43 -08:00
sprite Apply sprite sheet changes to Phabricator 2013-05-18 10:34:10 -07:00
sql Store hash of session key 2013-05-30 17:30:06 -07:00