1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-13 10:22:42 +01:00
phorge-phorge/src/applications/people
epriestley 7298589c86 Proof of concept mitigation of BREACH
Summary: Ref T3684 for discussion. This could be cleaned up a bit (it would be nice to draw entropy once per request, for instance, and maybe respect CSRF_TOKEN_LENGTH more closely) but should effectively mitigate BREACH.

Test Plan: Submitted forms; submitted forms after mucking with CSRF and observed CSRF error. Verified that source now has "B@..." tokens.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3684

Differential Revision: https://secure.phabricator.com/D6686
2013-08-07 16:09:05 -07:00
..
application Modernize email verification page 2013-07-10 18:53:09 -07:00
conduit Implement ApplicationSearch in People 2013-05-31 10:51:20 -07:00
config Move roles and status into properties on profile view 2013-07-10 12:34:09 -07:00
controller Fix fatal on setting default profile picture 2013-07-16 13:54:14 -07:00
customfield Move roles and status into properties on profile view 2013-07-10 12:34:09 -07:00
editor Migrate PhabricatorUserLDAPInfo to PhabricatorExternalAccount 2013-06-16 09:55:55 -07:00
event Hovercard tweaks 2013-04-06 21:16:55 -07:00
exception Delete license headers from files 2012-11-05 11:16:51 -08:00
lipsum Fixed Task Generation 2013-04-24 18:17:31 -07:00
phid Restore setting "disabled" on user handles of disabled users 2013-08-01 14:50:45 -07:00
query Move PhabricatorUser to new phid stuff 2013-07-26 14:05:19 -07:00
remarkup Implement ApplicationSearch in People 2013-05-31 10:51:20 -07:00
search Move PhabricatorUser to new phid stuff 2013-07-26 14:05:19 -07:00
storage Proof of concept mitigation of BREACH 2013-08-07 16:09:05 -07:00