Preventing authentication (login) timing attacks in a nodejs application
I am using graphql and my login function is resolved using a promise. The username is an email address.
The steps in the logic are the following: –
Validate CRSF token else return generic response ("Invalid username or password"…