File tree Expand file tree Collapse file tree 1 file changed +9
-0
lines changed Expand file tree Collapse file tree 1 file changed +9
-0
lines changed Original file line number Diff line number Diff line change @@ -278,6 +278,14 @@ the ``PasswordDigest`` header value matches with the user's password.
278278 provider for the given token. In the case of multiple providers, the
279279 authentication manager will then move to the next provider in the list.
280280
281+ .. note ::
282+
283+ The comparsion of the expected and the provided digests uses a constant
284+ time comparison provided by the
285+ :method: `Symfony\\ Component\\ Security\\ Core\\ Util\\ StringUtils::equals `
286+ method of the ``StringUtils `` class. It is used to mitigate possible
287+ `timing attacks `_.
288+
281289The Factory
282290-----------
283291
@@ -605,3 +613,4 @@ in the factory and consumed or passed to the other classes in the container.
605613
606614.. _`WSSE` : http://www.xml.com/pub/a/2003/12/17/dive.html
607615.. _`nonce` : http://en.wikipedia.org/wiki/Cryptographic_nonce
616+ .. _`timing attacks` : http://en.wikipedia.org/wiki/Timing_attack
You can’t perform that action at this time.
0 commit comments