Closed JulienTant closed 5 months ago
Use ConstantTimeCompare instead of != to reduce the risk of timing attacks on the webhook secret
ConstantTimeCompare
!=
https://mattermost.atlassian.net/browse/MM-57072
@lindy65 I'm not quite sure how to test the security part of this - for the functional side we just want to make sure that messages are synced as before.
@lindy65 deferring this to get it in
Summary
Use
ConstantTimeCompare
instead of!=
to reduce the risk of timing attacks on the webhook secretTicket Link
https://mattermost.atlassian.net/browse/MM-57072