diff options
Diffstat (limited to 'main.go')
| -rw-r--r-- | main.go | 8 |
1 files changed, 7 insertions, 1 deletions
@@ -1,6 +1,9 @@ package main import ( + "crypto/md5" + "crypto/subtle" + "encoding/hex" "html/template" "log" "net/http" @@ -45,8 +48,11 @@ func (app *App) loginHandler(w http.ResponseWriter, r *http.Request) { } else { username := r.Form.Get("username") password := r.Form.Get("password") + hash := md5.Sum([]byte(password)) + dst := make([]byte, hex.EncodedLen(md5.Size)) + hex.Encode(dst, hash[:]) u, ok := app.GetUser(username) - if ok && (u.Password == password) { + if ok && subtle.ConstantTimeCompare(u.Password, dst) == 1 { } else { |