Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If you try to call computeHmac from checkHmac surely you'll get some sort of error or warning, wouldn't you? You have no guarantee computeHmac will your secret will be treated as a secret by computeHmac, if its signature is simply "str". Unboxing it is never safe.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: