-
Type: Improvement
-
Resolution: Done
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
The Ruby driver currently does a direct comparison to the server signature returned by the server in SCRAM-SHA-1. Best practice is to use a constant time comparison function. See here:
- is depended on by
-
DRIVERS-255 Use constant-time hash comparison functions
- Closed