Prevent timing attacks when validating credentials

Review Request #9795 — Created March 16, 2018 and submitted

brennie
rb-gateway
master
9840
9834
6ce24af...
rb-gateway

We now use constant time comparison to compare the credentials to the
configuration. We also do not short circuit the operation in the case
that the username is incorrect.

Ran unit tests.

brennie
david
  1. Ship It!

  2. 
      
brennie
brennie
brennie
david
  1. Ship It!
  2. 
      
brennie
Review request changed

Status: Closed (submitted)

Change Summary:

Pushed to master (c5f9103)
Loading...