View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0010710 | mantisbt | security | public | 2009-07-10 23:26 | 2009-10-07 14:19 |
| Reporter | dhx | Assigned To | jreese | ||
| Priority | normal | Severity | minor | Reproducibility | N/A |
| Status | closed | Resolution | fixed | ||
| Product Version | 1.2.0rc2 | ||||
| Target Version | 1.2.0rc2 | Fixed in Version | 1.2.0rc2 | ||
| Summary | 0010710: Improve form token lookup performance beyond O(n) | ||||
| Description | Currently when validating form tokens we look through every single token stored in a user's session. This is a slow O(n) operation that can be sped up drastically by using an associate array of tokens instead. This also allows token purging to be performed in constant time. | ||||
| Tags | No tags attached. | ||||
|
MantisBT: master-1.2.x f4e05d1c 2009-07-01 14:32 Committer: dhx Details Diff |
Form security validation and purge performance Rather than iterate through all form security tokens to validate and purge tokens given to a page, partition the token data structure into blocks by date, and use the token itself as the key. This allows for constant-time lookups, as well as more performant purges of old token data by purging entire days in one step. Signed-off-by: David Hicks <hickseydr@optusnet.com.au> |
Affected Issues 0010710 |
|
| mod - core/form_api.php | Diff File | ||
|
MantisBT: master df7987b0 2009-07-01 14:32 Committer: dhx Details Diff |
Form security validation and purge performance Rather than iterate through all form security tokens to validate and purge tokens given to a page, partition the token data structure into blocks by date, and use the token itself as the key. This allows for constant-time lookups, as well as more performant purges of old token data by purging entire days in one step. Signed-off-by: David Hicks <hickseydr@optusnet.com.au> |
Affected Issues 0010710 |
|
| mod - core/form_api.php | Diff File | ||
