Description

Avoid timing attacks by not making direct string comparisons to sensitive data. Do not compare against variables named password, secret, api, apiKey, token, auth, pass, or hash.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Files

possible-timing-attack.md

possible-timing-attack.md

Description

Further Reading

Files

possible-timing-attack.md

Latest commit

History

possible-timing-attack.md

File metadata and controls

Description

Further Reading