== to compare sensitive hashes leaves you vulnerable to timing attacks. This is because
false as soon as it finds two characters that don’t match. An attacker can make many requests with different values and compare times to figure out how many characters were correct (the shorter the response, the fewer correct characters).
Solution: use a constant-time comparison algorithm.
An interesting idea to store large JSON data in PG with
bytea type. Though, we need to handle the compression and uncompression manually.