API Guides

instance method secure_compare

Ruby on Rails 2.2.3

Since v2.2.3 Last seen in v2.2.3 Private 
secure_compare(a, b)

constant-time comparison algorithm to prevent timing attacks

Parameters

a req
b req
Source 
# File actionpack/lib/action_controller/session/cookie_store.rb, line 170
      def secure_compare(a, b)
        a = a.dup.force_encoding(Encoding::BINARY)
        b = b.dup.force_encoding(Encoding::BINARY)
    
        if a.length == b.length
          result = 0
          for i in 0..(a.length - 1)
            result |= a[i].ord ^ b[i].ord
          end
          result == 0
        else
          false
        end
      end

Defined in actionpack/lib/action_controller/session/cookie_store.rb line 170 · View on GitHub · Improve this page · Find usages on GitHub

Defined in CGI::Session::CookieStore

Type at least 2 characters to search.

↑↓ navigate · open · esc close