epriestley 7298589c86 Proof of concept mitigation of BREACH ... Summary: Ref T3684 for discussion. This could be cleaned up a bit (it would be nice to draw entropy once per request, for instance, and maybe respect CSRF_TOKEN_LENGTH more closely) but should effectively mitigate BREACH. Test Plan: Submitted forms; submitted forms after mucking with CSRF and observed CSRF error. Verified that source now has "B@..." tokens. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T3684 Differential Revision: https://secure.phabricator.com/D6686		2013-08-07 16:09:05 -07:00
..
application	Modernize email verification page	2013-07-10 18:53:09 -07:00
conduit	Implement ApplicationSearch in People	2013-05-31 10:51:20 -07:00
config	Move roles and status into properties on profile view	2013-07-10 12:34:09 -07:00
controller	Fix fatal on setting default profile picture	2013-07-16 13:54:14 -07:00
customfield	Move roles and status into properties on profile view	2013-07-10 12:34:09 -07:00
editor	Migrate PhabricatorUserLDAPInfo to PhabricatorExternalAccount	2013-06-16 09:55:55 -07:00
event	Hovercard tweaks	2013-04-06 21:16:55 -07:00
exception	Delete license headers from files	2012-11-05 11:16:51 -08:00
lipsum	Fixed Task Generation	2013-04-24 18:17:31 -07:00
phid	Restore setting "disabled" on user handles of disabled users	2013-08-01 14:50:45 -07:00
query	Move PhabricatorUser to new phid stuff	2013-07-26 14:05:19 -07:00
remarkup	Implement ApplicationSearch in People	2013-05-31 10:51:20 -07:00
search	Move PhabricatorUser to new phid stuff	2013-07-26 14:05:19 -07:00
storage	Proof of concept mitigation of BREACH	2013-08-07 16:09:05 -07:00