Proof of concept mitigation of BREACH
7298589c86ec
Actions

Description

Proof of concept mitigation of BREACH

Summary: Ref T3684 for discussion. This could be cleaned up a bit (it would be nice to draw entropy once per request, for instance, and maybe respect CSRF_TOKEN_LENGTH more closely) but should effectively mitigate BREACH.

Test Plan: Submitted forms; submitted forms after mucking with CSRF and observed CSRF error. Verified that source now has "B@..." tokens.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3684

Differential Revision: https://secure.phabricator.com/D6686

Details

Provenance

epriestley

Authored on Aug 7 2013, 11:09 PM

Reviewer

btrahan

Differential Revision

D6686: Proof of concept mitigation of BREACH

Parents

rPab7a0912126e: Fix text-mode rendering of object and Asana link views

Branches

Unknown

Tags

Unknown

Tasks

T3684: Determine if we need to mitigate BREACH

Event Timeline

Changes (3)

Path

Size

src/

applications/

people/

storage/

PhabricatorUser.php

infrastructure/

util/

PhabricatorHash.php

support/

PhabricatorStartup.php

rP7298589c86ec

View Options

src/applications/people/storage/PhabricatorUser.php

View Options

src/infrastructure/util/PhabricatorHash.php

View Options

support/PhabricatorStartup.php

Proof of concept mitigation of BREACH7298589c86ecActions

Description

Details

Event Timeline

Changes (3)

rP7298589c86ec

src/applications/people/storage/PhabricatorUser.php

src/infrastructure/util/PhabricatorHash.php

support/PhabricatorStartup.php

Proof of concept mitigation of BREACH
7298589c86ec
Actions