cubicweb-signedrequest #3816103 signature checking is sensitive to timing attacks [resolved]

the request signature checking should be made constant-time. python 3.3 has hmac.compare_digest, django has django.utils.crypto.constant_time_compare, etc, with that purpose.

priorityimportant
typebug
done in0.1.2
load0.500
load left0.000
closed by#c105ba615a8b Don't use normal string comparison to check request signatures
patchDon't use normal string comparison to check request signatures [applied]