Permalink
Browse files

Use verify_in_constant_time in plaintext signature verification

  • Loading branch information...
tim committed Oct 17, 2011
1 parent 3ae1cc7 commit 72f7a87808fed14e66c82485674faff9c4bb1fbf
Showing with 1 addition and 1 deletion.
  1. +1 −1 src/oauth.erl
View
@@ -113,7 +113,7 @@ plaintext_signature(Consumer, TokenSecret) ->
uri_join([consumer_secret(Consumer), TokenSecret]).
plaintext_verify(Signature, Consumer, TokenSecret) ->
- Signature =:= plaintext_signature(Consumer, TokenSecret).
+ verify_in_constant_time(Signature, plaintext_signature(Consumer, TokenSecret)).
hmac_sha1_signature(HttpMethod, URL, Params, Consumer, TokenSecret) ->
BaseString = signature_base_string(HttpMethod, URL, Params),

0 comments on commit 72f7a87

Please sign in to comment.