module `ActiveSupport::SecurityUtils`

Public class methods

`fixed_length_secure_compare(a, b)`

Source code GitHub

# File activesupport/lib/active_support/security_utils.rb, line 11
def fixed_length_secure_compare(a, b)
  OpenSSL.fixed_length_secure_compare(a, b)
end

`secure_compare(a, b)`

Secure string comparison for strings of variable length.

While a timing attack would not be able to discern the content of a secret compared via secure_compare, it is possible to determine the secret length. This should be considered when using secure_compare to compare weak, short secrets to user input.

Source code GitHub

# File activesupport/lib/active_support/security_utils.rb, line 33
def secure_compare(a, b)
  a.bytesize == b.bytesize && fixed_length_secure_compare(a, b)
end

Definition files

activesupport/lib/active_support/security_utils.rb

module ActiveSupport::SecurityUtils

Public class methods

fixed_length_secure_compare(a, b)

secure_compare(a, b)

Definition files

module `ActiveSupport::SecurityUtils`

`fixed_length_secure_compare(a, b)`

`secure_compare(a, b)`