evie/caddy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
caddy/modules
History
Matthew Holt 937ec34201
caddyauth: Prevent user enumeration by timing 
Always follow the code path of hashing and comparing a plaintext
password even if the account is not found by the given username; this
ensures that similar CPU cycles are spent for both valid and invalid
usernames.

Thanks to @tylerlm for helping and looking into this!
2020-10-31 10:51:05 -06:00
..
caddyhttp caddyauth: Prevent user enumeration by timing 2020-10-31 10:51:05 -06:00
caddypki caddypki: Add 'acme_server' Caddyfile directive 2020-06-03 09:59:36 -06:00
caddytls httpcaddyfile: Improve AP logic with OnDemand 2020-10-22 12:40:23 -06:00
filestorage httpcaddyfile: Minor fixes to parsing storage options 2020-05-01 09:34:32 -06:00
logging logging: Implement Caddyfile support for filter encoder (#3578) 2020-09-15 12:37:41 -06:00
metrics metrics: fix handler to not run the next route (#3769) 2020-10-01 10:57:14 -06:00
standard metrics: Initial integration of Prometheus metrics (#3709) 2020-09-17 12:01:20 -06:00