[Tip#56] It may be tempting to compare keys/sensitive strings using `===`, or even `==`, but that opens you up to timing attacks! You should be using a timing attack safe string comparison function...
So would it be wise to just replace all string comparisons with hash_equals() ? Or should it just be used with secret keys.
Security Tip: Compare keys with hash_equals()
So would it be wise to just replace all string comparisons with hash_equals() ? Or should it just be used with secret keys.