Project

General

Profile

Actions

Architecture #23291

closed

Use constant time comparison for system token

Added by Alexis Mousset over 1 year ago. Updated about 1 year ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Effort required:
Name check:
To do
Fix check:
To do
Regression:
No

Description

Not a problem as in case of failure an LDAP request is made, and very likely prevents time attacks as it is a lot slower.

But still a best practice and prevents future problems in refactoring.

Actions

Also available in: Atom PDF