Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Unsafe token check #13

Closed
gleb-chipiga opened this issue Apr 24, 2022 · 2 comments
Closed

Unsafe token check #13

gleb-chipiga opened this issue Apr 24, 2022 · 2 comments
Assignees
@constantoine
Labels
bug Something isn't working enhancement New feature or request

Comments

@gleb-chipiga
Copy link

Currently, a simple string comparison in the check method is used to validate the token. To resist timing-attack, we need to use constant time comparison algorithm. Details https://en.wikipedia.org/wiki/Timing_attack.
@constantoine constantoine added bug Something isn't working enhancement New feature or request labels Apr 24, 2022
@constantoine constantoine self-assigned this Apr 24, 2022
@constantoine constantoine mentioned this issue Apr 24, 2022
Closed
@constantoine
Copy link
Owner

Fixed

@gleb-chipiga
Copy link
Author

Thanks!

@tdunlap607 tdunlap607 mentioned this issue Mar 31, 2023
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@constantoine constantoine

Labels
bug Something isn't working enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gleb-chipiga @constantoine