DEV Community

Discussion on: Web Developer Security Checklist V1

jonerer profile image
Jon Mårdsjö • Edited on

Another thing: never use "===" to check auth tokens -- use a time-secure comparison like

EDIT: apparently it's in core now: crypto.timingSafeEqual(a, b)

sensedeep profile image
Michael O'Brien Author

That is cool. Thank you, I was not aware of that API.

nunoloureiro profile image
Nuno Loureiro

You can also use XOR to compare