What about DB queries ? is this working as well for methods which queries a DB for username and password ?
I tried to find how MySQL does string comparison but I couldn't find an exact answer...
I don't know the technical answer with 100% certainty, but I learned about timing attacks while working on a Rails app that uses ActiveRecord to talk to MySQL database so I assume it applies to DB queries as well.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.