Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
to your account
@Nashe advised us to use hash_equals() which is a PHP 5.6 thing instead of in our github web hook
Since we should always follow the advice of people that know more about security than us, let's do it :)
The text was updated successfully, but these errors were encountered:
Issue mozfr#680: improve security of our GitHub Web hook
- use hash_equals() instead of ==
- store the log file in our logs folder, outside of the web root
Merge pull request #683 from pascalchevrel/issue680_update_github_hook
Issue #680: improve security of our GitHub Web hook
No branches or pull requests