This repository has been archived on 2026-03-09. You can view files and clone it. You cannot open issues or pull requests or push a commit.

Torjus Håkestad a40110f2f5 fix: address high-severity security issues from review ...

- Use subtle.ConstantTimeCompare for static credential checks to
  prevent timing side-channel attacks
- Cap failCounts (100k) and rememberedCreds (10k) maps with eviction
  to prevent memory exhaustion from botnet-scale scanning
- Sweep expired credentials on each auth attempt
- Add configurable max_connections (default 500) with semaphore to
  limit concurrent connections and prevent goroutine/fd exhaustion

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-14 16:41:23 +01:00

2.7 KiB

Raw Blame History

View Raw