Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

request #12476: Identical user secrets should not be distinguishable in the SVN Redis cache

Download Browse

Secrets stored in the secret cache are now salted to ensure that two identical secret can not be detected. Performance-wise, HMAC-SHA256 is fast enough to make the cost of salting the secrets negligible. To test, you will need to: - redeploy Tuleap.pm to /usr/share/perl5/vendor_perl/Apache/Tuleap.pm - restart Apache Change-Id: I3c986e7a9d955e22589518d30e488df4655da511

+30 −11
Thomas Gerbet (tgerbet) 2018-10-31 11:57
Thomas Gerbet (tgerbet) 2018-11-19 09:58
df03d411a4c606008967eead72d562852fe2d712
78b8a3621749192d81b546ff8846ca06f6a90746
git #tuleap/stable/df03d411a4c606008967eead72d562852fe2d712

Modified Files

Side by side diff
Inline diff
Name
M src/utils/svn/Tuleap.pm +30 −11 Go to diff View file