Security
Last updated
Last updated
This gem takes the following steps to ensure security.
This gem uses auth tokens that are:
(can be ),
,
hashed using (not stored in plain-text),
securely compared (to protect against timing attacks),
invalidated after 2 weeks (thus requiring users to login again)
These measures were inspired by .
This gem further mitigates timing attacks by using .
But the most important step is to use HTTPS. You are on the hook for that.