Skip to content
This repository has been archived by the owner on Jan 19, 2020. It is now read-only.

Fix X-Hub-Signature Exploit #74

Open
jcampbell05 opened this issue Nov 10, 2016 · 1 comment
Open

Fix X-Hub-Signature Exploit #74

jcampbell05 opened this issue Nov 10, 2016 · 1 comment
Labels
bug

Comments

@jcampbell05
Copy link
Collaborator

jcampbell05 commented Nov 10, 2016
edited

https://chatbotsmagazine.com/how-to-kill-a-bot-with-10-http-requests-ca7eb57c2ad1#.j685u0tdj

Implement https://github.com/alexcurtis/express-x-hub into clients and consider implementing #36
@davidmann4
Copy link

Also make sure to use a constant time algorithm to compare the two values to avoid potential timing attacks.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jcampbell05 @davidmann4