Soledad Server should check authentication in a constant time way
Soledad server checks whether a request is properly authenticated requesting the token to the couchdb and then checking that the uuid in the token is the same as the one provided.
Soledad server should check for the hash of the token in the database and compare a hash of the uuid when a document is found. The first choice for hash method is sha512, but it will depend on what the webapp implements.
(from redmine: created on 2013-08-05, closed on 2014-06-09)
- Relations:
- blocks #3398