我正在尝试将用户提供的身份验证令牌与存储在我服务器上的身份验证令牌进行比较.
最明显的方法是使用==,但这可能会造成时间攻击.
为了减轻我写这个安全比较功能:
# string comparison that leaks no information about the strings.
# loosely based on https://github.com/rack/rack/blob/master/lib/rack/utils.rb
# and http://security.stackexchange.com/questions/49849/timing-safe-string-comparison-avoiding-length-leak
def secure_compare(a, b)
l = a.unpack("C*")
i = 0
r |= a.length - b.length # fail if the lengths are different
b.each_byte do |v|
r |= v ^ l[i]
i = (i + 1) % a.length # make sure we compare on all bytes of b, even if a is shorter.
end
r == 0
end
唯一的问题是这 …
我正在尝试使用SCons编译一个程序,该程序需要一组依赖项,我已经安装在非标准位置.
我在/ home/dja/ocr中安装了依赖项.现在我正在尝试编译主程序,无法弄清楚如何告诉SCons在哪里查找库和头文件.
我试过(除其他外):
scons prefix=/home/dja/ocr
scons includepath=/home/dja/ocr/include libpath=/home/dja/ocr/lib
env LIBPATH=/home/dja/ocr/lib INCLUDEPATH=/home/dja/ocr/include scons
...etc...
结果总是一样的:
scons: Reading SConscript files ...
Currently supported OS version: Ubuntu 10.04
Checking for C++ library iulib... no
AssertionError: :
File "/home/dja/ocr/src/ocropus/SConstruct", line 107:
assert conf.CheckLibWithHeader("iulib","iulib/iulib.h","C++");
我无法在Google上找到答案.
什么是正确的SCons foo才能让它工作?