re: Web Developer Security Checklist V1 VIEW POST

FULL DISCUSSION
 

Another thing: never use "===" to check auth tokens -- use a time-secure comparison like npmjs.com/package/secure-compare

EDIT: apparently it's in core now: crypto.timingSafeEqual(a, b)

 

That is cool. Thank you, I was not aware of that API.

 
code of conduct - report abuse