|
|
|
|
|
|
by infogulch
3073 days ago
|
|
|
Yeah could the DB token lookup timings by itself be used to find a real token? It might be several layers deep and DBs are noisy, but I think it's still possible in theory. Could you get around this by only storing some hash of both the token and a DB secret? |
|
|