github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-25 00:43:24 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
36,416 Commits 190 Branches 500 Tags 938 MiB
aec26ad2f0
Commit Graph

4 Commits

Author SHA1 Message Date
David Taylor
4c9ca24ccf
FEATURE: Hash API keys in the database (#8438) 
API keys are now only visible when first created. After that, only the first four characters are stored in the database for identification, along with an sha256 hash of the full key. This makes key usage easier to audit, and ensures attackers would not have access to the live site in the event of a database leak.

This makes the merge lower risk, because we have some time to revert if needed. Once the change is confirmed to be working, we will add a second commit to drop the `key` column.
 2019-12-12 11:45:00 +00:00
Sam Saffron
4ea21fa2d0 DEV: use #frozen_string_literal: true on all spec 
This change both speeds up specs (less strings to allocate) and helps catch
cases where methods in Discourse are mutating inputs.

Overall we will be migrating everything to use #frozen_string_literal: true
it will take a while, but this is the first and safest move in this direction
 2019-04-30 10:27:42 +10:00
Robin Ward
5b3f99aa50 Don't blow up if Redis switches to READONLY 2015-04-24 14:37:16 -04:00
Robin Ward
348e2e3ef2 Support for per-user API keys 2013-10-22 17:34:39 -04:00