Store the digest of the registration key, not the key itslef
e71564fc75fd
Actions

Authored by epriestley <git@epriestley.com> on Jun 16 2013, 19:19.

Description

Store the digest of the registration key, not the key itslef

Summary: Ref T1536. Like D6080, we don't need to store the registration key itself. This prevents a theoretical attacker who can read the database but not write to it from hijacking registrations.

Test Plan: Registered a new account.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1536

Differential Revision: https://secure.phabricator.com/D6188

Details

Committed

epriestley <git@epriestley.com>

Jun 16 2013, 19:19

Pushed

aubort

Jan 31 2017, 17:16

Parents

rPH8c3ef4b73c66: Support "state" parameter in OAuth

Branches

Unknown

Tags

Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPHe71564fc75fd: Store the digest of the registration key, not the key itslef (authored by epriestley <git@epriestley.com>).Jun 16 2013, 19:19

Changes (2)

				Path
	M			src/applications/auth/controller/PhabricatorAuthLoginController.php
	M			src/applications/auth/controller/PhabricatorAuthRegisterController.php

Store the digest of the registration key, not the key itslefe71564fc75fdActions

Description

Details

Event Timeline

Changes (2)

rPHe71564fc75fd

src/applications/auth/controller/PhabricatorAuthLoginController.php

src/applications/auth/controller/PhabricatorAuthRegisterController.php

Store the digest of the registration key, not the key itslef
e71564fc75fd
Actions