digest.secure_is_equal
Available inall subroutines.
Returns true
if s1
and s2
are equal. Comparison
time varies on the length of s1
and s2
but not the contents of s1
and
s2
. For strings of the same length, the comparison is done in constant time
to defend against timing attacks.
Example
if (!(table.lookup(user2hashedpass, req.http.User) && digest.secure_is_equal(req.http.HashedPass, table.lookup(user2hashedpass, req.http.User)))) { error 401 "Unauthorized";}
Try it out
digest.secure_is_equal
is used in the following code examples. Examples apply VCL to real-world use cases and can be deployed as they are, or adapted for your own service. See the full list of code examples for more inspiration.
Click RUN on a sample below to provision a Fastly service, execute the code on Fastly, and see how the function behaves.
Apply HTTP basic auth to private endpoints
Store username/password list in an edge dictionary, authorize user at the edge, reject requests that don't have correct credentials.