diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-01-27 16:54:41 -0800 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-01-27 16:54:41 -0800 |
| commit | 1b1c3515717c4ed184ea50bcb71be5a10431f68c (patch) | |
| tree | e87b9d14353715d99ecfaa7eff50c23b632d93c3 | |
| parent | e62829e8bf52bdfc8b482c71fc245a64d53a7be6 (diff) | |
| parent | 61137bcd771f5e7e9f2f11625a75d15cb32b2816 (diff) | |
| download | cryptography-1b1c3515717c4ed184ea50bcb71be5a10431f68c.tar.gz cryptography-1b1c3515717c4ed184ea50bcb71be5a10431f68c.tar.bz2 cryptography-1b1c3515717c4ed184ea50bcb71be5a10431f68c.zip | |
Merge pull request #516 from alex/design-principle-verify
DOcument that verify() apis should be provided
| -rw-r--r-- | docs/contributing.rst | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/contributing.rst b/docs/contributing.rst index 3de41fd5..184ba214 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -60,6 +60,12 @@ always indistinguishable. As a result ``cryptography`` has, as a design philosophy: "make it hard to do insecure things". Here are a few strategies for API design which should be both followed, and should inspire other API choices: +If it is necessary to compare a user provided value with a computed value (for +example, verifying a signature), there should be an API provided which performs +the verification in a secure way (for example, using a constant time +comparison), rather than requiring the user to perform the comparison +themselves. + If it is incorrect to ignore the result of a method, it should raise an exception, and not return a boolean ``True``/``False`` flag. For example, a method to verify a signature should raise ``InvalidSignature``, and not return |