API Guides

instance method secure_compare

Ruby on Rails 5.2.8.1

Since v3.2.22.5 Private

Available in: v3.2.22.5 v4.1.16 v4.2.9 v5.2.8.1 v6.0.6 v6.1.7.10 v7.0.10 v7.1.6 v7.2.3 v8.0.4 v8.1.2 

secure_compare(a, b)

Constant time string comparison, for variable length strings.

The values are first processed by SHA256, so that we don’t leak length info via timing attacks.

Parameters

a req
b req
Source 
# File activesupport/lib/active_support/security_utils.rb, line 26
    def secure_compare(a, b)
      fixed_length_secure_compare(::Digest::SHA256.hexdigest(a), ::Digest::SHA256.hexdigest(b)) && a == b
    end

Defined in activesupport/lib/active_support/security_utils.rb line 26 · View on GitHub · Improve this page · Find usages on GitHub

Defined in ActiveSupport::SecurityUtils

Type at least 2 characters to search.

↑↓ navigate · open · esc close