Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Update lib/rack/auth/digest/md5.rb

secure_compare for digest authentication
  • Loading branch information...
commit df06eb25fc20b308ccee2987f66d87c454f5628d 1 parent 7367a70
@snyff authored
Showing with 1 addition and 1 deletion.
  1. +1 −1  lib/rack/auth/digest/md5.rb
View
2  lib/rack/auth/digest/md5.rb
@@ -96,7 +96,7 @@ def valid_nonce?(auth)
def valid_digest?(auth)
pw = @authenticator.call(auth.username)
- pw && digest(auth, pw) == auth.response
+ pw && Rack::Utils.secure_compare(digest(auth, pw), auth.response)
end
def md5(data)
Please sign in to comment.
Something went wrong with that request. Please try again.