loading...

Discussion on: Web Developer Security Checklist V1

Collapse
jonerer profile image
Jon Mårdsjö

Another thing: never use "===" to check auth tokens -- use a time-secure comparison like npmjs.com/package/secure-compare

EDIT: apparently it's in core now: crypto.timingSafeEqual(a, b)

Collapse
sensedeep profile image
Michael O'Brien Author

That is cool. Thank you, I was not aware of that API.

Collapse
nunoloureiro profile image
Nuno Loureiro

You can also use XOR to compare