Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

Prevent serialization of a ConcealedString instance

Download Browse

Serializing a ConcealedString means that a secret might end up in clear text somewhere it should not. For example a ConcealedString might be added to the session of a users and sessions might be stored in a remote Redis instance. Part of request #14602: Harden handling of sensitive strings Change-Id: I23246e00297c30088b6f2062f3ad63677c5cf5d7

+39 −2
Thomas Gerbet (tgerbet) 2020-02-27 16:50
Thomas Gerbet (tgerbet) 2020-02-27 16:50
7c2cf46e021cb9bed3fc21a0db632fe8115bb9c1
28315b5ff37f9db72e419f6e7e1424712bbb1309
git #tuleap/stable/7c2cf46e021cb9bed3fc21a0db632fe8115bb9c1

Modified Files

Side by side diff
Inline diff
Name
M src/common/Cryptography/ConcealedString.php +25 −2 Go to diff View file
M tests/phpunit/common/Cryptography/ConcealedStringTest.php +14 −0 Go to diff View file