|
|
|
|
|
|
by JoelEinbinder
1632 days ago
|
|
|
Consider a timing attack: https://en.wikipedia.org/wiki/Timing_attack Let's say a UUID comes back with an error message. This could be used to figure out how long it took to generate the error. That could tell you if a particular resource is cached, even if you don't have access to that resource. Timing attacks are usually pretty creative. It's hard to predict how extra timing information could be misused. |
|
|