You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was just glancing through your code and I noticed that your Gateway AuthToken class uses a uuid3 (configured with a DNS namespace) of a timestamp. It doesn't look like it's used anywhere, but I have to warn you that this will not produce a cryptographically secure value.
I was just glancing through your code and I noticed that your Gateway AuthToken class uses a uuid3 (configured with a DNS namespace) of a timestamp. It doesn't look like it's used anywhere, but I have to warn you that this will not produce a cryptographically secure value.
I'd like to encourage you to use an HMAC based token signature using a configurable application secret. This is how Django does it (link to Signer) and Tornado (link to create_signed_value) do it.
The text was updated successfully, but these errors were encountered: