API Guides

instance method secure_compare

Ruby on Rails 8.0.4

Since v3.2.22.5 Private

Available in: v3.2.22.5 v4.1.16 v4.2.9 v5.2.8.1 v6.0.6 v6.1.7.10 v7.0.10 v7.1.6 v7.2.3 v8.0.4 v8.1.2 

secure_compare(a, b)

Secure string comparison for strings of variable length.

While a timing attack would not be able to discern the content of a secret compared via secure_compare, it is possible to determine the secret length. This should be considered when using secure_compare to compare weak, short secrets to user input.

Parameters

a req
b req
Source 
# File activesupport/lib/active_support/security_utils.rb, line 33
    def secure_compare(a, b)
      a.bytesize == b.bytesize && fixed_length_secure_compare(a, b)
    end

Defined in activesupport/lib/active_support/security_utils.rb line 33 · View on GitHub · Improve this page · Find usages on GitHub

Defined in ActiveSupport::SecurityUtils

Type at least 2 characters to search.

↑↓ navigate · open · esc close