parent: 4791d7 | patch | commitdiff
Ryan Kelly
2011-10-15 c8c9bc80621bea468d2dbd440255b9f0b7baeb4e
refs
author Ryan Kelly <ryan@rfk.id.au>
Saturday, October 15, 2011 02:14 +0200
committer Chris McDonough <chrism@plope.com>
Sunday, November 20, 2011 18:47 +0100
commitc8c9bc80621bea468d2dbd440255b9f0b7baeb4e
tree 0c89e924cdf8b4d6b671770bdac5fecda71b3e7a tree | zip | gz
parent 4791d7b555c6f3fcbc3efaaa566fcf8423105cd3 view | diff 
Avoid timing attacks in AuthTktAutenticationPolicy

This factors out the timing-invariant string comparison code from
session.py and re-uses it for signature checking in AuthTkt code.
3 files modified
38 ■■■■ changed files
pyramid/authentication.py 6 ●●●● diff | view | raw | blame | history
pyramid/session.py 12 ●●●● diff | view | raw | blame | history
pyramid/util.py 20 ●●●●● diff | view | raw | blame | history