Unsafe token check
Closed this issue · 2 comments
gleb-chipiga commented
Currently, a simple string comparison in the check
method is used to validate the token. To resist timing-attack, we need to use constant time comparison algorithm. Details https://en.wikipedia.org/wiki/Timing_attack.
constantoine commented
Fixed
gleb-chipiga commented
Thanks!