phorge-phorge

mirror of https://we.phorge.it/source/phorge.git synced 2025-01-24 13:38:19 +01:00

History

Jakub Vrana 32f91557f8 Store hash of session key Summary: This prevents security by obscurity. If I have read-only access to the database then I can pretend to be any logged-in user. I've used `PhabricatorHash::digest()` (even though we don't need salt as the hashed string is random) to be compatible with user log. Test Plan: Applied patch. Verified I'm still logged in. Logged out. Logged in. $ arc tasks Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Differential Revision: https://secure.phabricator.com/D6080	2013-05-30 17:30:06 -07:00
..
patches	Store hash of session key	2013-05-30 17:30:06 -07:00
quickstart.sql	Kill some PhutilSafeHTML	2013-02-07 18:01:01 -08:00

Jakub Vrana 32f91557f8 Store hash of session key

Summary:
This prevents security by obscurity.
If I have read-only access to the database then I can pretend to be any logged-in user.

I've used `PhabricatorHash::digest()` (even though we don't need salt as the hashed string is random) to be compatible with user log.

Test Plan:
Applied patch.
Verified I'm still logged in.
Logged out.
Logged in.

  $ arc tasks

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6080

2013-05-30 17:30:06 -07:00

patches

Store hash of session key

2013-05-30 17:30:06 -07:00

quickstart.sql

Kill some PhutilSafeHTML

2013-02-07 18:01:01 -08:00