tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: const time authentication in bozohttpd

To: "Terry Moore" <tmm%mcci.com@localhost>
Subject: Re: const time authentication in bozohttpd
From: Mindaugas Rasiukevicius <rmind%netbsd.org@localhost>
Date: Wed, 25 Jun 2014 20:08:57 +0100

"Terry Moore" <tmm%mcci.com@localhost> wrote:
> Perhaps this is a silly comment; but wouldn't it be easier to simply time
> stamp the incoming request, and then spin for any authentication failure
> until a suitable fixed time has elapsed after the inbound arrival? Or are
> you worried about local cache-interference attacks as well? 

Why fixed time?  Make it random time.

-- 
Mindaugas

Follow-Ups:
- Re: const time authentication in bozohttpd
  - From: Joerg Sonnenberger

Prev by Date: Re: const time authentication in bozohttpd
Next by Date: Re: const time authentication in bozohttpd
Previous by Thread: Re: const time authentication in bozohttpd
Next by Thread: Re: const time authentication in bozohttpd
Indexes:

Home | Main Index | Thread Index | Old Index