securecompare is a gem that implements a constant time string comparison method safe for use in cryptographic functions.
securecompare borrows the secure_compare private method from ActiveSupport::MessageVerifier which lets you do safely compare strings without being vulnerable to timing attacks. Useful for Basic HTTP Authentication in your rack/rails application.
Add this line to your application's Gemfile:
gem "securecompare"
And then execute:
$ bundle install
Or install it yourself as:
$ gem install securecompare
require "securecompare"
SecureCompare.compare("password", "password") # => true
SecureCompare.compare("password", "passw0rd") # => false
require "securecompare"
class Password < String
include SecureCompare
def ==(other)
secure_compare(self, other)
end
end
Password.new("password") == "password" # => true
Password.new("password") == "passw0rd" # => false
require "securecompare"
class ApplicationController < ActionController::Base
include SecureCompare
before_filter :authenticate
proctected
def authenticate
authenticate_or_request_with_http_basic("My Rails App") do |username, password|
secure_compare(username, "username") & secure_compare(password, "password")
end
end
end
Fork, branch & pull request.
FAQs
Unknown package
We found that securecompare demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.