Skip to content
  • Rafael Mendonça França's avatar
    4ace047c
    Add back Rack::Runtime to the default middleware stack. · 4ace047c
    Rafael Mendonça França authored 
    We were planning to remove this middleware because we thought it could
make easier to attacker to do a Time Attack. However, while
Rack::Runtime can indeed be used to know how long a request took, and
compare with other requests, it doesn't provide any information that
can't be found in the total time of the request as well.

Instead of removing the middleware, we decided to keep it, and direct
users to instead of removing it, use its information to uncover actions
that are vulnerable to Time Attack.

This reverts commit 127dd06d, reversing
changes made to 4354e3ae.
    4ace047c
    Add back Rack::Runtime to the default middleware stack.
    Rafael Mendonça França authored 
    We were planning to remove this middleware because we thought it could
make easier to attacker to do a Time Attack. However, while
Rack::Runtime can indeed be used to know how long a request took, and
compare with other requests, it doesn't provide any information that
can't be found in the total time of the request as well.

Instead of removing the middleware, we decided to keep it, and direct
users to instead of removing it, use its information to uncover actions
that are vulnerable to Time Attack.

This reverts commit 127dd06d, reversing
changes made to 4354e3ae.