1

Our requirement is to block MD5 hashing in our Rails application. This would be really helpful because MD5 is prohibited on the servers, on which the application is going to be deployed. It is not just direct MD5 hashing that needs to be blocked, but also the ruby gems that internally use MD5 hashing for their working.

Is it possible to do this blocking or at least throw an error/warning while starting the rails server, if any MD5 hashing is used?

Subramanian Ramanathan
  • 11
  • 1
  • Whilst you *could* monkey patch the existing MD5 hashing methods to raise an error ... there's nothing stopping 3rd party gems providing their own MD5 hashing function. I don't see how you can prevent this other than carefully reviewing the code you're deploying to ensure it doesn't contain any MD5 hashing features. – Jon Feb 17 '21 at 10:55

0 Answers0