search

seamapi / prefixed-api-key

Module for generating a prefixed API Key
MIT License
293 stars 13 forks source link

Use timing safe string comparison in checkAPIKey #12

Closed bencmbrook closed 1 year ago

bencmbrook commented 1 year ago

More about timing attacks here: https://security.stackexchange.com/questions/83660/simple-string-comparisons-not-secure-against-timing-attacks

Closes https://github.com/seamapi/prefixed-api-key/issues/1 (it seems the other subtasks were completed)

seveibar commented 1 year ago

released in 1.1.1

seveibar commented 1 year ago

Thanks @bencmbrook !