Homec4science

Proof of concept mitigation of BREACH

Authored by epriestley <git@epriestley.com> on Aug 8 2013, 01:09.

Description

Proof of concept mitigation of BREACH

Summary: Ref T3684 for discussion. This could be cleaned up a bit (it would be nice to draw entropy once per request, for instance, and maybe respect CSRF_TOKEN_LENGTH more closely) but should effectively mitigate BREACH.

Test Plan: Submitted forms; submitted forms after mucking with CSRF and observed CSRF error. Verified that source now has "B@..." tokens.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3684

Differential Revision: https://secure.phabricator.com/D6686

Details

Committed
epriestley <git@epriestley.com>Aug 8 2013, 01:09
Pushed
aubortJan 31 2017, 17:16
Parents
rPHab7a0912126e: Fix text-mode rendering of object and Asana link views
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH7298589c86ec: Proof of concept mitigation of BREACH (authored by epriestley <git@epriestley.com>).Aug 8 2013, 01:09