Demi Marie Obenour
Demi Marie Obenour
@SergioBenitez May I ask why? Generating a token is *easy*. It should be as simple as grabbing a few bytes from an optimized implementation of ChaCha20 or (if AES-NI is...
@jrozner What about having some sort of per-request state? I really really really don’t want the solution to be dependent on JS. I personally use NoScript, for instance, and believe...
That still means that some users behind corporate proxies cannot use the app. This is bad! On Nov 25, 2017 8:06 PM, "Sean Linsley" wrote: > @ssokolow could you link...
I think that global (well, request-local) state is not a big deal. On Nov 26, 2017 2:09 PM, "Sean Linsley" wrote: > FWIW the above-linked Smart Referer browser extension only...
BINGO!!!!!!!! On Nov 26, 2017 2:41 PM, "Maxim Avanov" wrote: > From my point of view, if you have corporate customers you can either > afford the budget to write...
@SergioBenitez > Additionally, this approach will also protect Rocket applications against XSS attacks. In fact, if all goes well, Rocket will provide a compile-time guarantee against CSRF and XSS attacks,...
I propose using as the HTTP layer. It has the following features * Extremely fast * Asynchronous * HTTP/2 support * TLS support * Middleware for CSRF, CORS, and others...
C code (at least) _can_ be constant-time. Libsodium uses C code almost exclusively – even the AES-GCM implementation is in C with AES-NI intrinsics.
> So, how can Vulkano support this flag? It's obviously very useful, but we have to accept that it's going to be `unsafe` somehow. Is there a way that the...
Is there a reason to support this?