mirror of https://github.com/caddyserver/caddy.git
937ec34201
Always follow the code path of hashing and comparing a plaintext password even if the account is not found by the given username; this ensures that similar CPU cycles are spent for both valid and invalid usernames. Thanks to @tylerlm for helping and looking into this! |
||
---|---|---|
.. | ||
basicauth.go | ||
caddyauth.go | ||
caddyfile.go | ||
command.go | ||
hashes.go |