Store the digest of the registration key, not the key itslef
e71564fc75fd
Actions

Description

Store the digest of the registration key, not the key itslef

Summary: Ref T1536. Like D6080, we don't need to store the registration key itself. This prevents a theoretical attacker who can read the database but not write to it from hijacking registrations.

Test Plan: Registered a new account.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1536

Differential Revision: https://secure.phabricator.com/D6188

Details

Provenance

epriestley	Authored on Jun 16 2013, 10:19 AM
themackabu	Pushed on Mar 25 2025, 8:07 PM

Parents

rP8c3ef4b73c66: Support "state" parameter in OAuth

Branches

Unknown

Tags

Unknown

Event Timeline

Changes (2)

Path

Size

src/

applications/

auth/

controller/

PhabricatorAuthLoginController.php

PhabricatorAuthRegisterController.php

rPe71564fc75fd

View Options

src/applications/auth/controller/PhabricatorAuthLoginController.php