1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-23 14:00:56 +01:00
phorge-phorge/support
epriestley 7298589c86 Proof of concept mitigation of BREACH
Summary: Ref T3684 for discussion. This could be cleaned up a bit (it would be nice to draw entropy once per request, for instance, and maybe respect CSRF_TOKEN_LENGTH more closely) but should effectively mitigate BREACH.

Test Plan: Submitted forms; submitted forms after mucking with CSRF and observed CSRF error. Verified that source now has "B@..." tokens.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3684

Differential Revision: https://secure.phabricator.com/D6686
2013-08-07 16:09:05 -07:00
..
aphlict Fix Aphlict server for newer Node 2013-07-27 16:24:12 -07:00
bin Ignore and README for support/bin 2013-04-03 12:58:39 -07:00
empty Specify HOME when invoking Git commands 2013-05-21 14:14:31 -07:00
jshint Use JsShrink if jsxmin is not available 2013-05-18 17:04:22 -07:00
phame Delete license headers from files 2012-11-05 11:16:51 -08:00
PhabricatorStartup.php Proof of concept mitigation of BREACH 2013-08-07 16:09:05 -07:00