Skip to content

Instantly share code, notes, and snippets.

Andrew Hacking ahacking

  • Brisbane, Australia
Block or report user

Report or block ahacking

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@ahacking
ahacking / gist:f9f26d86ac9cbce486c2
Last active Aug 29, 2015
Avoiding timing based attacks with Token Authentication
View gist:f9f26d86ac9cbce486c2

By quantising the time taken for failed lookups we can mitigate timing based attacks. This allows a regular DB or cache lookup on the token to be used without revealing information about how good the candidate match is and thus thwarts timing attacks.

def authenticate_user_from_token!
  auth_token = params[Devise.token_authentication_key]
  if auth_token
    t = Time.now
    if (user = User.where(authentication_token: auth_token).first)
      sign_in user, store: false
    else
@ahacking
ahacking / gist:7874a49b64a286941fa6
Last active Aug 29, 2015
OS X Data loss workaround
View gist:7874a49b64a286941fa6

The code below demonstrates a solution that is immune to the Data loss on OS X Broccoli issue and demonstrated in this gist

Save the following code to linktest.js:

var fs = require('fs');

// setup structure
fs.mkdirSync(process.cwd() + '/vendor');
fs.mkdirSync(process.cwd() + '/vendor/my_lib');
fs.writeFileSync(process.cwd() + '/vendor/my_lib/foo.js', '// better than nothing');
@ahacking
ahacking / app.scss
Created Feb 10, 2015
Demonstrate node-sass 2.0.0-beta segfault
View app.scss
@import 'bower_components/bourbon/dist/bourbon';
@import 'bower_components/neat/app/assets/stylesheets/neat';
You can’t perform that action at this time.