Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
20 most recent check-ins by user dmitry
|
2012-11-06
| ||
| 18:38 | Make sure file names in file browser don't wrap by adding white-space property to default CSS. ... (check-in: b83278f6ff user: dmitry tags: trunk) | |
|
2012-11-04
| ||
| 12:59 | Fix typos. ... (Closed-Leaf check-in: 45065c5c28 user: dmitry tags: spelling) | |
|
2011-12-16
| ||
| 22:00 | Add SSL SNI support (suggested by BohwaZ on mailing list). Simplify setting of port for SSL connection. ... (Closed-Leaf check-in: 132dbcedbc user: dmitry tags: dmitry-fixes) | |
|
2011-10-04
| ||
| 15:20 | Add HMAC-SHA1 implementation. ... (Closed-Leaf check-in: dcee34b25f user: dmitry tags: multisession) | |
| 15:15 | Merge protection against timing attacks into trunk. ... (check-in: d4a341b49d user: dmitry tags: trunk) | |
| 14:38 | Merge trunk into dmitry-security branch. ... (Closed-Leaf check-in: f4eb0f5afc user: dmitry tags: dmitry-security) | |
| 14:34 | Rename constant_time_eq to constant_time_cmp to better indicate that these functions return 0 when values are equal, like memcmp, strcmp, etc., not truth, to avoid possible mistakes. ... (check-in: d244c484e7 user: dmitry tags: dmitry-security) | |
| 14:28 | Revert the previous change after thinking more about it. Login cards in the sync protocol have the following format: login userid nonce signature Nonce is SHA-1 of the message that follows this line, signature is SHA-1 of the concatenation of the nonce and user's shared secret. The successful timing attack can reveal only signature for this particular packet due to nonce. However, as nonce is known to the attacker, it's theoretically possible for them to bruteforce the shared secret_offline_. The whole scenario sounds highly improbable, but using constant-time comparison function for such things by default is a good practice. ... (check-in: 13a9a1244c user: dmitry tags: dmitry-security) | |
|
2011-09-30
| ||
| 10:51 | It seems like blob_constant_time_eq() is unnecessary for sync protocol signatures; removed. ... (check-in: 48bcfbd47b user: dmitry tags: dmitry-security) | |
| 09:41 | Catch zero length early in blob_constant_time_eq(). ... (check-in: e3d022dffa user: dmitry tags: dmitry-security) | |
|
2011-09-29
| ||
| 21:06 | Fix to the previous fix: install function to the correct database. ... (check-in: 3782276da6 user: dmitry tags: dmitry-security) | |
| 21:04 | Fix login groups. ... (check-in: 6f29649ef3 user: dmitry tags: dmitry-security) | |
| 17:26 | Fix comment. ... (check-in: a0fa120b74 user: dmitry tags: dmitry-security) | |
| 17:21 | Protect against timing attacks by using constant-time comparison function to compare passwords and cookies. ... (check-in: 7f110475ec user: dmitry tags: dmitry-security) | |
| 14:07 | When creating a manifest, get isExe and isLink bits from filesystem at once instead of doing two stat(2) calls. ... (check-in: 9bfa186be0 user: dmitry tags: trunk) | |
| 11:45 | Change file_size() to file_wd_size() in file_is_the_same(). ... (check-in: 13a771ce18 user: dmitry tags: trunk) | |
| 11:05 | Cache "manifest" setting in fossil_reserved_name() instead of reading it from the database on every call. This speeds up adding many files. ... (check-in: a369dc7721 user: dmitry tags: trunk) | |
|
2011-09-27
| ||
| 19:28 | Call file_wd_isdir() in file_mkdir(). ... (check-in: 13120e9620 user: dmitry tags: trunk) | |
| 19:15 | Change a few instances of file_isdir() to file_wd_isdir(). ... (check-in: f1329470c0 user: dmitry tags: trunk) | |
|
2011-09-25
| ||
| 11:14 | Fix double LI tags when listing wiki attachments for users without permissions. ... (check-in: 12272b7ff0 user: dmitry tags: trunk) | |