Skip to content

Instantly share code, notes, and snippets.


Andrew Hacking ahacking

  • Brisbane, Australia
View GitHub Profile
ahacking / gist:f9f26d86ac9cbce486c2
Last active Aug 29, 2015
Avoiding timing based attacks with Token Authentication
View gist:f9f26d86ac9cbce486c2

By quantising the time taken for failed lookups we can mitigate timing based attacks. This allows a regular DB or cache lookup on the token to be used without revealing information about how good the candidate match is and thus thwarts timing attacks.

def authenticate_user_from_token!
  auth_token = params[Devise.token_authentication_key]
  if auth_token
    t =
    if (user = User.where(authentication_token: auth_token).first)
      sign_in user, store: false
ahacking / gist:7874a49b64a286941fa6
Last active Aug 29, 2015
OS X Data loss workaround
View gist:7874a49b64a286941fa6

The code below demonstrates a solution that is immune to the Data loss on OS X Broccoli issue and demonstrated in this gist

Save the following code to linktest.js:

var fs = require('fs');

// setup structure
fs.mkdirSync(process.cwd() + '/vendor');
fs.mkdirSync(process.cwd() + '/vendor/my_lib');
fs.writeFileSync(process.cwd() + '/vendor/my_lib/foo.js', '// better than nothing');
ahacking / app.scss
Created Feb 10, 2015
Demonstrate node-sass 2.0.0-beta segfault
View app.scss
@import 'bower_components/bourbon/dist/bourbon';
@import 'bower_components/neat/app/assets/stylesheets/neat';