diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2014-01-27 16:15:54 -0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2014-01-27 16:15:54 -0800 |
| commit | 24eb677117e79322fb07c2c807eef7bf2996828f (patch) | |
| tree | ff8a52f5c314dece8dfefc2859943b7dc81e2930 | |
| parent | e62829e8bf52bdfc8b482c71fc245a64d53a7be6 (diff) | |
| download | cryptography-24eb677117e79322fb07c2c807eef7bf2996828f.tar.gz cryptography-24eb677117e79322fb07c2c807eef7bf2996828f.tar.bz2 cryptography-24eb677117e79322fb07c2c807eef7bf2996828f.zip | |
DOcument that verify() apis should be provided
| -rw-r--r-- | docs/contributing.rst | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/contributing.rst b/docs/contributing.rst index 3de41fd5..f4bc769c 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -60,6 +60,12 @@ always indistinguishable. As a result ``cryptography`` has, as a design philosophy: "make it hard to do insecure things". Here are a few strategies for API design which should be both followed, and should inspire other API choices: +If a user will need to compare a user provided value with a computed value (for +example, checking a signature on something), there should be an API provided +which performs the check for the user in a secure way (for example, using a +constant time comparison), rather than requiring the user to perform the +comparison themselves. + If it is incorrect to ignore the result of a method, it should raise an exception, and not return a boolean ``True``/``False`` flag. For example, a method to verify a signature should raise ``InvalidSignature``, and not return |