diff --git a/docs/src/main/paradox/migration-guide/index.md b/docs/src/main/paradox/migration-guide/index.md index 92d5435df..2cd78f2a0 100644 --- a/docs/src/main/paradox/migration-guide/index.md +++ b/docs/src/main/paradox/migration-guide/index.md @@ -3,7 +3,7 @@ @@toc { depth=3 } * If you are currently using an old version of Akka HTTP or Spray, you should first follow the [Akka HTTP migration guide](https://doc.akka.io/docs/akka-http/10.2/migration-guide/index.html) -* The @extref:[migration guide](pekko-docs:project/migration-guides.html) for the core Apache Pekko libs is a useful guideline. +* The @extref:[migration guide](pekko-docs:migration/index.html) for the core Apache Pekko libs is a useful guideline. * for Pekko jar dependencies, the groupId is "org.apache.pekko" instead of "com.typesafe.akka" * the jar names start with "pekko" instead of "akka" - e.g. pekko-http_2.13.jar instead of akka-http_2.13.jar * If you have a dependency akka-http2-support, Pekko does not need a separate jar. The support is built into main pekko-http jars. diff --git a/docs/src/main/paradox/routing-dsl/directives/security-directives/index.md b/docs/src/main/paradox/routing-dsl/directives/security-directives/index.md index 401f600f7..27c90af0a 100644 --- a/docs/src/main/paradox/routing-dsl/directives/security-directives/index.md +++ b/docs/src/main/paradox/routing-dsl/directives/security-directives/index.md @@ -62,7 +62,7 @@ as defined in [RFC 6750](https://tools.ietf.org/html/rfc6750), and allow users t When transforming request `Credentials` into an application specific user identifier the naive solution for checking the secret (password) would be a regular string comparison, but doing this would open up the application to -timing attacks. See for example [Timing Attacks Explained](https://emerose.com/timing-attacks-explained) for an explanation of the problem. +timing attacks. See for example [Timing Attacks Explained](https://web.archive.org/web/20230902003704/https://emerose.com/timing-attacks-explained) for an explanation of the problem. To protect users of the library from that mistake the secret is not available through the API, instead the method `Credentials.Provided.verify(String)` should be used. It does a constant time comparison rather than returning early