Comments (2)
namelessjon
commented on June 2, 2024
The amount of information in the two strings is identical. rack-protection calls SecureRandom.hex(32), rack_csrf calls SecureRandom.base64(32). They both call SecureRandom.random_bytes(n) under the hood (i.e. the argument is the number of random bytes, not the resultant string length after encoding), so they both generate 256bit random strings. You could argue it should use the Base64 encoding to make a more compact string which is 20 less bytes to send on a page, store in a cookie etc, but security wise, they're identical.
from rack-protection.
acrispino
commented on June 2, 2024
You're right about that, now I don't even know what I was thinking. I may mixed up the outputs from a couple different windows I had open. ugh. Closing this because I was dumb.
from rack-protection.
Related Issues (20)
- Is AuthenticityToken broken? HOT 2
- Consider changing the repo description HOT 3
- undefined method `[]' for nil:NilClass HOT 4
- AuthenticityToken HOT 3
- Forbidden + signout using sidekiq/devise/activeadmin on production server with nginx/haproxy/thin HOT 4
- Regenerate docs
- Sinatra problem with rack-protection HOT 1
- Could not find gem 'rack-protection' in git://github.com/sinatra/rack-protection.git (at master@f405fec) HOT 2
- New stable release before merging? HOT 7
- How can I update AuthenticityToken automatically? HOT 1
- Mention the migration in GitHub Pages
- AuthenticityToken check in a rails app when no session['_csrf_token'] is set HOT 6
- JsonCsrf for GET image. HOT 4
- Rack Protection blocks all requests from proxy/frontend HOT 5
- [Warning] Session Hijacking default of HTTP_ACCEPT_LANGUAGE is broken for iOS 8+ HOT 2
- Token changes between retrieval and request HOT 1
- escaped params silently removing files HOT 3
- Rack::Protection::SessionHijacking HOT 2
- Homepage link is broken HOT 2
- Session Hijacking default of HTTP_ACCEPT_LANGUAGE is broken for IE with XHR HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rack-protection.