caddy

mirror of https://github.com/caddyserver/caddy.git synced 2024-11-24 01:13:06 +08:00

History

Matthew Holt 937ec34201 caddyauth: Prevent user enumeration by timing Always follow the code path of hashing and comparing a plaintext password even if the account is not found by the given username; this ensures that similar CPU cycles are spent for both valid and invalid usernames. Thanks to @tylerlm for helping and looking into this!		2020-10-31 10:51:05 -06:00
..
basicauth.go	caddyauth: Prevent user enumeration by timing	2020-10-31 10:51:05 -06:00
caddyauth.go	httpcaddyfile: Don't lowercase placeholder contents (fixes #3264 )	2020-04-14 16:11:46 -06:00
caddyfile.go	caddyhttp: Add client cert SAN placeholders	2020-06-11 16:19:07 -06:00
command.go	caddyauth: Prevent user enumeration by timing	2020-10-31 10:51:05 -06:00
hashes.go	caddyauth: Prevent user enumeration by timing	2020-10-31 10:51:05 -06:00