cloudflare-email icon indicating copy to clipboard operation
cloudflare-email copied to clipboard

Published 20 hours ago verified publisher icon Sh4yy

Use constant time equality check for auth token

Open pethin opened this issue 1 year ago • 4 comments

Replace === with crypto.subtle.timingSafeEqual in https://github.com/Sh4yy/cloudflare-email/blob/main/src/middlewares/auth.ts#L16 to prevent timing attacks.

Example: https://developers.cloudflare.com/workers/examples/protect-against-timing-attacks/

pethin avatar Feb 18 '24 05:02 pethin

Like this @pethin https://github.com/D3vl0per/cloudflare-email/blob/main/src/middlewares/auth.ts?

D3vl0per avatar Apr 26 '24 01:04 D3vl0per

Can you create a PR @D3vl0per?

taciturnaxolotl avatar Apr 28 '24 16:04 taciturnaxolotl

Done #18 @kcoderhtml !

D3vl0per avatar Apr 28 '24 17:04 D3vl0per

thnks! hopefully @Sh4yy can merge both our PRs soon!

taciturnaxolotl avatar Apr 28 '24 17:04 taciturnaxolotl