phorge-phorge

mirror of https://we.phorge.it/source/phorge.git synced 2024-11-28 09:42:41 +01:00

History

epriestley 29948eaa5b Use phutil_hashes_are_identical() when comparing hashes in Phabricator Summary: See D14025. In all cases where we compare hashes, use strict, constant-time comparisons. Test Plan: Logged in, logged out, added TOTP, ran Conduit, terminated sessions, submitted forms, changed password. Tweaked CSRF token, got rejected. Reviewers: chad Reviewed By: chad Subscribers: chenxiruanhai Differential Revision: https://secure.phabricator.com/D14026	2015-09-01 15:52:44 -07:00
..
PhabricatorAuthInviteEngine.php	Use PhutilInvalidStateException	2015-06-18 07:09:02 +10:00
PhabricatorAuthSessionEngine.php	Use phutil_hashes_are_identical() when comparing hashes in Phabricator	2015-09-01 15:52:44 -07:00

epriestley 29948eaa5b Use phutil_hashes_are_identical() when comparing hashes in Phabricator

Summary: See D14025. In all cases where we compare hashes, use strict, constant-time comparisons.

Test Plan: Logged in, logged out, added TOTP, ran Conduit, terminated sessions, submitted forms, changed password. Tweaked CSRF token, got rejected.

Reviewers: chad

Reviewed By: chad

Subscribers: chenxiruanhai

Differential Revision: https://secure.phabricator.com/D14026

2015-09-01 15:52:44 -07:00

PhabricatorAuthInviteEngine.php

Use PhutilInvalidStateException

2015-06-18 07:09:02 +10:00

PhabricatorAuthSessionEngine.php

Use phutil_hashes_are_identical() when comparing hashes in Phabricator

2015-09-01 15:52:44 -07:00