1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-24 07:42:40 +01:00
phorge-phorge/src/infrastructure/util
epriestley 7298589c86 Proof of concept mitigation of BREACH
Summary: Ref T3684 for discussion. This could be cleaned up a bit (it would be nice to draw entropy once per request, for instance, and maybe respect CSRF_TOKEN_LENGTH more closely) but should effectively mitigate BREACH.

Test Plan: Submitted forms; submitted forms after mucking with CSRF and observed CSRF error. Verified that source now has "B@..." tokens.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3684

Differential Revision: https://secure.phabricator.com/D6686
2013-08-07 16:09:05 -07:00
..
__tests__ Allow slugs to contain most utf8 characters 2013-03-03 10:56:33 -08:00
PhabricatorGlobalLock.php Reduce wait_timeout to max. allowed value 2013-04-05 22:42:27 -07:00
PhabricatorHash.php Proof of concept mitigation of BREACH 2013-08-07 16:09:05 -07:00
PhabricatorSlug.php Allow slugs to contain most utf8 characters 2013-03-03 10:56:33 -08:00