Homestyx hydra
Diffusion hydra e71564fc75fd

Store the digest of the registration key, not the key itslef
e71564fc75fd
Actions

Description

Store the digest of the registration key, not the key itslef

Summary: Ref T1536. Like D6080, we don't need to store the registration key itself. This prevents a theoretical attacker who can read the database but not write to it from hijacking registrations.

Test Plan: Registered a new account.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1536

Differential Revision: https://secure.phabricator.com/D6188

Details

Provenance
epriestleyAuthored on Jun 16 2013, 1:19 PM
sirocylPushed on Oct 16 2024, 5:49 AM
Parents
R1:8c3ef4b73c66: Support "state" parameter in OAuth
Branches
Unknown
Tags
Unknown

Event Timeline

Changes (2)

PathSize
src/
applications/
auth/
controller/

R1:e71564fc75fd

View Options

src/applications/auth/controller/PhabricatorAuthLoginController.php

Loading...
View Options

src/applications/auth/controller/PhabricatorAuthRegisterController.php

Loading...
styx copyright 2020 sirocyl / ellie (kymkdd) / ncommander / styx contributors
Use of other names and brands is not intended to reflect a claim of, or right to, use the name or brand.
styx is an operating system using the Linux kernel and components, and "styx Linux" as a phrase does not reflect the inclusion of the Linux brand or trademark in the styx project.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
Terms and Conditions (TODO: fix this!)