Timing Attack
luikore opened this issue · comments
There may be a timing attack potential in
https://github.com/chloerei/campo/blob/master/app/models/user.rb#L36
Better use Rack::Utils.secure_compare instead of == in token authentication.
[Closed] Campo 3
luikore opened this issue · comments
There may be a timing attack potential in
https://github.com/chloerei/campo/blob/master/app/models/user.rb#L36
Better use Rack::Utils.secure_compare instead of == in token authentication.