drf-httpsig icon indicating copy to clipboard operation
drf-httpsig copied to clipboard
verified publisher icon ahknight

What about timing attacks?

Open petterreinholdtsen opened this issue 7 years ago • 0 comments

I see code in authenticate() function on this form:

  if (something)
     raise FAILED
 if (something_else)
    raise FAILED

This might make it possible to time where in the process the error was detected. Is it perhaps better to do something like this:

if (something)
   error = True
if (something_else)
  error = True
if (error)
  raise FAILURE

Or is it not needed for other reasons related to for example django?

petterreinholdtsen avatar Jun 14 '18 13:06 petterreinholdtsen