RSpec
Ruby on Rails
Ruby
method
secure_compare
Ruby on Rails latest stable (v6.1.7.7)
-
0 notes -
Class: SecurityUtils
- 1.0.0
- 1.1.6
- 1.2.6
- 2.0.3
- 2.1.0
- 2.2.1
- 2.3.8
- 3.0.0
- 3.0.9
- 3.1.0
- 3.2.1
- 3.2.8
- 3.2.13
- 4.0.2
- 4.1.8
- 4.2.1 (0)
- 4.2.7 (0)
- 4.2.9 (0)
- 5.0.0.1 (0)
- 5.1.7 (0)
- 5.2.3 (-24)
- 6.0.0 (0)
- 6.1.3.1 (38)
- 6.1.7.7 (0)
- 7.0.0 (0)
- 7.1.3.2 (0)
- What's this?
-
fixed_length_secure_compare
-
secure_compare
-
variable_size_secure_compare
(<= v5.1.7)
-
fixed_length_secure_compare
-
secure_compare
-
variable_size_secure_compare
(<= v5.1.7)
= private
= protected
secure_compare(a, b)
public
Secure string comparison for strings of variable length.
While a timing attack would not be able to discern the content of a secret compared via secure_compare, it is possible to determine the secret length. This should be considered when using secure_compare to compare weak, short secrets to user input.
