]> git.openstreetmap.org Git - rails.git/commit
projects / rails.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5819048) | patch
Use secure_compare to compare passwords and tokens
authorTom Hughes <tom@compton.nu>
Tue, 7 Nov 2023 17:16:21 +0000 (17:16 +0000)
committerTom Hughes <tom@compton.nu>
Tue, 7 Nov 2023 17:22:40 +0000 (17:22 +0000)
commit55a05d9e809775a6ea6305add096022ef1ec70e4
treefc2d08a0a7426c8b9ea56c515c86921a5f3c4611tree | snapshot
parent58190488f831de3f59e3ef046aeca9e2dacfd606commit | diff
Use secure_compare to compare passwords and tokens

It's unlikely there is an explotable attack here given than network
latencies and variability will swamp any local timing differences but
it's best practice and there's no reason not to.
lib/password_hash.rb diff | blob | history
script/deliver-message diff | blob | history
The OpenStreetMap web site