Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use hash_equals in github() webhook #680

Closed
pascalchevrel opened this issue Mar 11, 2016 · 0 comments
Closed

Use hash_equals in github() webhook #680

pascalchevrel opened this issue Mar 11, 2016 · 0 comments

Comments

@pascalchevrel
Copy link
Member

@Nashe advised us to use hash_equals() which is a PHP 5.6 thing instead of in our github web hook
reference: mozfr/www#107

Since we should always follow the advice of people that know more about security than us, let's do it :)

pascalchevrel added a commit to pascalchevrel/transvision that referenced this issue Mar 11, 2016
- use hash_equals() instead of ==
- store the log file in our logs folder, outside of the web root
pascalchevrel added a commit that referenced this issue Mar 11, 2016
Issue  #680: improve security of our GitHub Web hook
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant