Unsafe token check

Question

Unsafe token check

Closed this issue 2 years ago · 2 comments

Currently, a simple string comparison in the check method is used to validate the token. To resist timing-attack, we need to use constant time comparison algorithm. Details https://en.wikipedia.org/wiki/Timing_attack.

constantoine commented 2 years ago

Fixed

👍1

gleb-chipiga commented 2 years ago

Thanks!