Phalanger Fix #20

Merged
merged 1 commit into from Feb 13, 2013

Projects

None yet

2 participants

@lt
lt commented Feb 13, 2013

While mcrypt_create_iv and MCRYPT_DEV_URANDOM are both available in Phalanger, when used it will generate a warning stating that the file (/dev/urandom) cannot be read from.

The !$buffer_valid check would catch this, however there would still be a warning generated every time a password was hashed.

In my opinion it is best to check if Phalanger is being used, and prevent this path from executing in the first place.

@lt lt Phalanger Fix
While mcrypt_create_iv and MCRYPT_DEV_URANDOM are both available in
Phalanger, when used it will generate a warning stating that the file
(/dev/urandom) cannot be read from.

The !$buffer_valid check would catch this, however there would still be
a warning generated every time a password was hashed.

In my opinion it is best to check if Phalanger is being used, and
prevent this path from executing in the first place.
eadf640
@ircmaxell
Owner

Does anyone really use it in production?

@ircmaxell
Owner

I guess since it's only a constant check it should be ok. Ideally I would reject this as the problem is on the language implementation side, but since it's a trivial fix I guess it's ok...

@ircmaxell ircmaxell merged commit 733c06c into ircmaxell:master Feb 13, 2013

1 check passed

Details default The Travis build passed
@lt
lt commented Feb 13, 2013

Yes, people actually use it in production (unfortunately for me).

@lt lt deleted the unknown repository branch Feb 13, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment