oauth2orize icon indicating copy to clipboard operation
oauth2orize copied to clipboard

Published 20 hours ago verified publisher icon jaredhanson

use uid-safe instead

Open knoxcard opened this issue 4 years ago • 4 comments

use uid-safe instead: Create cryptographically secure UIDs safe for both cookie and URL usage. This is in contrast to modules such as rand-token and uid2 whose UIDs are actually skewed due to the use of % and unnecessarily truncate the UID. Use this if you could still use UIDs with - and _ in them.

** READ THIS FIRST! **

Are you implementing a new feature?

Requests for new features should first be discussed on the developer forum. This allows the community to gather feedback and assess whether or not there is an existing way to achieve the desired functionality.

If it is determined that a new feature needs to be implemented, include a link to the relevant discussion along with the pull request.

Is this a security patch?

Do not open pull requests that might have security implications. Potential security vulnerabilities should be reported privately to [email protected]. Once any vulnerabilities have been repaired, the details will be disclosed publicly in a responsible manner. This also allows time for coordinating with affected parties in order to mitigate negative consequences.

If neither of the above two scenarios apply to your situation, you should open a pull request. Delete this paragraph and the text above, and fill in the information requested below.

Checklist

  • [ ] I have read the CONTRIBUTING guidelines.
  • [ ] I have added test cases which verify the correct operation of this feature or patch.
  • [ ] I have added documentation pertaining to this feature or patch.
  • [ ] The automated test suite ($ make test) executes successfully.
  • [ ] The automated code linting ($ make lint) executes successfully.

knoxcard avatar Sep 09 '19 07:09 knoxcard

Coverage Status

Coverage remained the same at 99.789% when pulling 44bb9dc65ceb716d4203eb9120758fdcfccad0c9 on knoxcard:patch-1 into 97f46de0c8e58a133495a9b6ac69d1b4ff3ee715 on jaredhanson:master.

coveralls avatar Sep 09 '19 07:09 coveralls

There's a single line change to package.json here. Wouldn't require statements in the code also need to be changed to reference the new module (and unreference the old module)?

jaredhanson avatar Sep 09 '19 13:09 jaredhanson

Yes that is correct, not sure how to actually do that on here via the web interface.

knoxcard avatar Sep 10 '19 03:09 knoxcard

@jaredhanson if you think this change is a good suggestion I can work on this pull request.

0xKayvan avatar Dec 07 '19 14:12 0xKayvan