digest.secure_is_equal

BOOLdigest.secure_is_equalSTRINGs1STRINGs2

Available in all subroutines.

Returns true if s1 and s2 are equal. Comparison time varies on the length of s1 and s2 but not the contents of s1 and s2. For strings of the same length, the comparison is done in constant time to defend against timing attacks.

Example

if (!(table.lookup(user2hashedpass, req.http.User) && digest.secure_is_equal(req.http.HashedPass, table.lookup(user2hashedpass, req.http.User)))) {
error 401 "Unauthorized";
}

Try it out

digest.secure_is_equal is used in the following solution recipes, which show real world use cases. Click RUN to provision a Fastly service, execute the code on Fastly, and see how the function behaves.

HTTP Basic Auth

Store username/password list in an edge dictionary, authorize user at the edge, reject requests that don't have correct credentials.

User contributed notes

We welcome comments that add use cases, ideas, tips, and caveats. All comments will be moderated before publication. To post support questions, visit our support center and we'll find you the help you need.