Timing Attack
luikore opened this issue · 0 comments
luikore commented
There may be a timing attack potential in
https://github.com/chloerei/campo/blob/master/app/models/user.rb#L36
Better use Rack::Utils.secure_compare instead of == in token authentication.