Fix timing attack vulnerability in ActiveSupport::MessageVerifier.
Use a constant-time comparison algorithm to compare the candidate HMAC with the calculated HMAC to prevent leaking information about the calculated HMAC.
Signed-off-by: NMichael Koziarski <michael@koziarski.com>
Showing
想要评论请 注册 或 登录