Skip to content
This repository

Jan 31, 2012

  1. Marten Veldthuis

    Fix use of Deprecation without requiring active_support/deprecation i…

    …n message verifier
    authored January 31, 2012

Jan 02, 2012

  1. Sergey Nartimov

    fix base64 requires

    authored January 03, 2012
  2. Sergey Nartimov

    deprecate ActiveSupport::Base64

    extend and define ::Base64 if needed
    authored January 03, 2012

Sep 16, 2011

  1. Claudio Poli

    Fix typo in deprecation notice

    authored September 16, 2011

Sep 15, 2011

  1. Willem van Bergen

    Use an options hash to specify digest/cipher algorithm and a serializ…

    …er for MessageVerifier and MessageEncryptor.
    authored September 15, 2011
  2. Willem van Bergen

    Add some documentation for the new serializer property of MessageVeri…

    …fier and MessageEncryptor.
    authored September 15, 2011
  3. Willem van Bergen

    Implement API suggestions of pull request.

    authored September 15, 2011
  4. Willem van Bergen

    Custom serializers and deserializers in MessageVerifier and MessageEn…

    …cryptor.
    
    By default, these classes use Marshal for serializing and deserializing messages. Unfortunately, the Marshal format is closely associated with Ruby internals and even changes between different interpreters. This makes the resulting message very hard to impossible to unserialize messages generated by these classes in other environments like node.js.
    
    This patch solves this by allowing you to set your own custom serializer and deserializer lambda functions. By default, it still uses Marshal to be backwards compatible.
    authored September 15, 2011

Mar 06, 2011

  1. Frank Müller

    more style changes

    authored March 06, 2011

Aug 14, 2010

  1. Santiago Pastorino

    Deletes trailing whitespaces (over text files only find * -type f -ex…

    …ec sed 's/[ \t]*$//' -i {} \;)
    authored August 14, 2010

Jul 13, 2010

  1. Yehuda Katz

    Revert "Improve performance of MessageVerifier while keeping it const…

    …ant time"
    
    This reverts commit 8b05c52.
    authored July 13, 2010

Jun 05, 2010

  1. Yehuda Katz

    Improve performance of MessageVerifier while keeping it constant time

    authored June 04, 2010

Jan 01, 2010

  1. Xavier Noria

    message_verifier.rb needs active_support/core_ext/object/blank

    authored January 01, 2010 jeremy committed January 01, 2010
  2. Xavier Noria

    message_verifier.rb needs active_support/base64

    authored January 01, 2010 jeremy committed January 01, 2010

Nov 09, 2009

  1. Xavier Noria

    String#bytesize is not needed for Ruby >= 1.8.7

    authored November 09, 2009

Oct 09, 2009

  1. Pratik

    Ensure MessageVerifier raises appropriate exception on tampered data

    authored October 09, 2009

Oct 05, 2009

  1. Jeffrey Hardy

    MessageVerifier#verify raises InvalidSignature if the signature is blank

    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
    authored October 05, 2009 jeremy committed October 05, 2009

Sep 25, 2009

  1. Jeremy Kemper

    Use OpenSSL::Digest.const(...).new instead of OpenSSL::Digest::Digest…

    ….new(...)
    authored September 24, 2009
  2. Jeremy Kemper

    Explicitly require String#bytesize extension

    authored September 24, 2009

Sep 13, 2009

  1. Jeremy Kemper

    Prefer not to shadow a local

    authored September 13, 2009
  2. Aaron Patterson

    making secure_compare faster

    [#3195 state:committed]
    
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
    authored September 13, 2009 jeremy committed September 13, 2009

Sep 12, 2009

  1. Michael Koziarski

    Dup the arguments to string compare so we can use force_encoding.

    authored September 13, 2009
  2. Yehuda Katz

    Revert "ruby 1.9 friendly secure_compare" because it breaks CI and Sa…

    …m Ruby's suite
    
    This reverts commit 5de7539.
    authored September 12, 2009
  3. Kuba Kuźma

    ruby 1.9 friendly secure_compare

    Signed-off-by: Michael Koziarski <michael@koziarski.com>
    authored September 11, 2009 NZKoz committed September 12, 2009

Sep 08, 2009

  1. Jeremy Kemper

    Ruby 1.9: fix MessageVerifier#secure_compare

    authored September 08, 2009

Sep 03, 2009

  1. Coda Hale

    Fix timing attack vulnerability in ActiveSupport::MessageVerifier.

    Use a constant-time comparison algorithm to compare the candidate HMAC with the calculated HMAC to prevent leaking information about the calculated HMAC.
    
    Signed-off-by: Michael Koziarski <michael@koziarski.com>
    authored August 13, 2009 NZKoz committed September 04, 2009

Nov 23, 2008

  1. Jeremy Kemper

    Lazy-require OpenSSL

    authored November 23, 2008
  2. Michael Koziarski

    Don't need _message as it's in the class name already

    authored November 23, 2008
  3. Michael Koziarski

    Add ActiveSupport::MessageVerifier to aid users who need to store tam…

    …per-proof messages in cookies etc.
    
    This is particularly useful for things like remember-me tokens in web applications and auto-unsubscribe links in emails.
    authored November 23, 2008
Something went wrong with that request. Please try again.