integration-platform-example fix(middleware): use constant-time compare on hmac signature

fix(middleware): use constant-time compare on hmac signature

Open mdtro opened this issue 2 years ago • 2 comments

A small fix to use a constant-time comparison on the HMAC signatures for the webhook payloads. Using the constant-time compare will help defend against timing attacks.

Jun 23 '22 21:06 mdtro

@leeandher / @armenzg - It looks like the CI/CD pipeline here might be broken after https://github.com/getsentry/integration-platform-example/pull/60 ?

Nov 10 '22 00:11 mdtro

I have fix in #62

Nov 10 '22 13:11 armenzg

integration-platform-example integration-platform-example copied to clipboard

fix(middleware): use constant-time compare on hmac signature

integration-platform-example
integration-platform-example copied to clipboard