docs: Basic auth route mount example improvement

[Frexuz]

&& will short circuit, vulnerable to potential timing attacks, use & instead

What I use:

# initializers/good_job.rb
unless Rails.env.development?
  # https://github.com/bensheldon/good_job#dashboard
  GoodJob::Engine.middleware.use(Rack::Auth::Basic) do |username, password|
    env_username = Rails.application.credentials.config.dig(:good_job_web, :username)
    env_password = Rails.application.credentials.config.dig(:good_job_web, :password)

    # Protect against timing attacks:
    # - See https://codahale.com/a-lesson-in-timing-attacks/
    # - See https://thisdata.com/blog/timing-attacks-against-string-comparison/
    # - Use & (do not use &&) so that it doesn't short circuit.
    ActiveSupport::SecurityUtils.secure_compare(username, env_username) & ActiveSupport::SecurityUtils.secure_compare(password, env_password)
  end
end

[bensheldon]

Thank you! I'll update the docs.

btw, that second link seems dead. Here's an archive: https://web.archive.org/web/20180709235757/https://thisdata.com/blog/timing-attacks-against-string-comparison/