1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-14 10:52:41 +01:00
phorge-phorge/src/applications/conduit
Jakub Vrana 32f91557f8 Store hash of session key
Summary:
This prevents security by obscurity.
If I have read-only access to the database then I can pretend to be any logged-in user.

I've used `PhabricatorHash::digest()` (even though we don't need salt as the hashed string is random) to be compatible with user log.

Test Plan:
Applied patch.
Verified I'm still logged in.
Logged out.
Logged in.

  $ arc tasks

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D6080
2013-05-30 17:30:06 -07:00
..
application Made conduit permanently installed 2013-02-13 12:21:50 -08:00
call Route internal conduit calls if other hosts available 2013-05-19 04:16:10 -07:00
config Route internal conduit calls if other hosts available 2013-05-19 04:16:10 -07:00
controller Store hash of session key 2013-05-30 17:30:06 -07:00
method Uninstall Conduit calls when uninstalling applications 2013-03-13 07:09:05 -07:00
protocol Delete license headers from files 2012-11-05 11:16:51 -08:00
ssh Fix various issues with SSH receivers 2012-12-19 11:11:32 -08:00
storage Delete license headers from files 2012-11-05 11:16:51 -08:00