View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0010710 | mantisbt | security | public | 2009-07-10 23:26 | 2009-10-07 14:19 |
Reporter | dhx | Assigned To | jreese | ||
Priority | normal | Severity | minor | Reproducibility | N/A |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.0rc2 | ||||
Target Version | 1.2.0rc2 | Fixed in Version | 1.2.0rc2 | ||
Summary | 0010710: Improve form token lookup performance beyond O(n) | ||||
Description | Currently when validating form tokens we look through every single token stored in a user's session. This is a slow O(n) operation that can be sped up drastically by using an associate array of tokens instead. This also allows token purging to be performed in constant time. | ||||
Tags | No tags attached. | ||||
MantisBT: master-1.2.x f4e05d1c 2009-07-01 14:32 Committer: dhx Details Diff |
Form security validation and purge performance Rather than iterate through all form security tokens to validate and purge tokens given to a page, partition the token data structure into blocks by date, and use the token itself as the key. This allows for constant-time lookups, as well as more performant purges of old token data by purging entire days in one step. Signed-off-by: David Hicks <hickseydr@optusnet.com.au> |
Affected Issues 0010710 |
|
mod - core/form_api.php | Diff File | ||
MantisBT: master df7987b0 2009-07-01 14:32 Committer: dhx Details Diff |
Form security validation and purge performance Rather than iterate through all form security tokens to validate and purge tokens given to a page, partition the token data structure into blocks by date, and use the token itself as the key. This allows for constant-time lookups, as well as more performant purges of old token data by purging entire days in one step. Signed-off-by: David Hicks <hickseydr@optusnet.com.au> |
Affected Issues 0010710 |
|
mod - core/form_api.php | Diff File |