Use hash_equals in github() webhook #680

Closed
pascalchevrel opened this Issue Mar 11, 2016 · 0 comments

Comments

Projects
None yet
1 participant
@pascalchevrel
Member

pascalchevrel commented Mar 11, 2016

@nashe advised us to use hash_equals() which is a PHP 5.6 thing instead of in our github web hook
reference: mozfr/www#107

Since we should always follow the advice of people that know more about security than us, let's do it :)

pascalchevrel added a commit to pascalchevrel/transvision that referenced this issue Mar 11, 2016

Issue #680: improve security of our GitHub Web hook
- use hash_equals() instead of ==
- store the log file in our logs folder, outside of the web root

pascalchevrel added a commit that referenced this issue Mar 11, 2016

Merge pull request #683 from pascalchevrel/issue680_update_github_hook
Issue  #680: improve security of our GitHub Web hook
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment