QT/sure
1
0
Fork 0
mirror of https://github.com/we-promise/sure.git synced 2026-04-13 00:57:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

&& will short circuit, vulnerable to potential timing attacks, use & instead (#1429)

Browse Source
This commit is contained in:
Akshay Birajdar
2026-04-11 01:21:24 +05:30
committed by GitHub
parent 65c5f8eb07
commit a9a7a89f71
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/initializers/sidekiq.rb
View File

@@ -5,7 +5,7 @@ if Rails.env.production?
configured_username = ::Digest::SHA256.hexdigest(ENV.fetch("SIDEKIQ_WEB_USERNAME", "sure"))
configured_password = ::Digest::SHA256.hexdigest(ENV.fetch("SIDEKIQ_WEB_PASSWORD", "sure"))
ActiveSupport::SecurityUtils.secure_compare(::Digest::SHA256.hexdigest(username), configured_username) &&
ActiveSupport::SecurityUtils.secure_compare(::Digest::SHA256.hexdigest(username), configured_username) &
ActiveSupport::SecurityUtils.secure_compare(::Digest::SHA256.hexdigest(password), configured_password)
end
end