digest.secure_is_equal

BOOLdigest.secure_is_equalSTRINGs1STRINGs2

Available in all subroutines.

Returns true if s1 and s2 are equal. Comparison time varies on the length of s1 and s2 but not the contents of s1 and s2. For strings of the same length, the comparison is done in constant time to defend against timing attacks.

Example

if (!(table.lookup(user2hashedpass, req.http.User) && digest.secure_is_equal(req.http.HashedPass, table.lookup(user2hashedpass, req.http.User)))) {
error 401 "Unauthorized";
}

Try it out

digest.secure_is_equal is used in the following code examples. Examples apply VCL to real-world use cases and can be deployed as they are, or adapted for your own service. See the full list of code examples for more inspiration.

Click RUN on a sample below to provision a Fastly service, execute the code on Fastly, and see how the function behaves.

HTTP Basic Auth

Store username/password list in an edge dictionary, authorize user at the edge, reject requests that don't have correct credentials.