Timing attacks possible with example auth

[Nekyt]

Passwords must be compared using special functions, see example in nodejs link at the end.
A simple == might lead to timing attacks.
Therefore I think the examples should say that it is shown "as is" to illustrate a topic but shouldn't be used in production.
In this example https://scalatra.org/guides/3.0/http/authentication.html the password is compared with == instead of a special function
Extract from guide:
protected def validate(userName: String, password: String): Option[User] = {
if(userName == "scalatra" && password == "scalatra") Some(User("scalatra"))
else None
See
https://en.wikipedia.org/wiki/Timing_attack
https://nodejs.org/api/crypto.html#cryptotimingsafeequala-b
https://docs.oracle.com/en/java/javase/22/docs/api/java.base/java/security/MessageDigest.html#isEqual(byte%5B%5D,byte%5B%5D)