@bascule @conradirwin "MessageEncryptor#decrypt is deprecated as it is not safe without a signature. "
-
-
-
@tqbf@conradirwin nice ;)
End of conversation
New conversation -
-
-
@bascule@conradirwin Is this still applicable to current Rails? Afaik, MessageEncryptor now computes an additional HMAC to prevent this? -
@bascule@conradirwin Oh, thanks! I also found https://github.com/rails/rails/blob/4f440a38330deea048e8328431c0984a04a90bfa/activesupport/lib/active_support/message_encryptor.rb#L50 … I guess "Use the source, Martin, ah Luke"
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.