Search Options

Display Count
Sort
Preferred Language
Advanced Search

Results 1 - 10 of 53 for attaches (0.04 seconds)

The search processing time has exceeded the limit. The displayed results may be partial.

  1. docs/en/docs/advanced/security/http-basic-auth.md

        # Return some error
        ...
    ```
    
    But by using the `secrets.compare_digest()` it will be secure against a type of attacks called "timing attacks".
    
    ### Timing Attacks { #timing-attacks }
    
    But what's a "timing attack"?
    
    Let's imagine some attackers are trying to guess the username and password.
    
    And they send a request with a username `johndoe` and a password `love123`.
    
    Created: Sun Apr 05 07:19:11 GMT 2026
    - Last Modified: Thu Mar 05 18:13:19 GMT 2026
    - 5K bytes
    - Click Count (0)
  2. docs/en/docs/advanced/strict-content-type.md

    ## CSRF Risk { #csrf-risk }
    
    This default behavior provides protection against a class of **Cross-Site Request Forgery (CSRF)** attacks in a very specific scenario.
    
    These attacks exploit the fact that browsers allow scripts to send requests without doing any CORS preflight check when they:
    
    * don't have a `Content-Type` header (e.g. using `fetch()` with a `Blob` body)
    Created: Sun Apr 05 07:19:11 GMT 2026
    - Last Modified: Mon Feb 23 17:45:20 GMT 2026
    - 3.2K bytes
    - Click Count (0)
  3. docs/tr/docs/advanced/security/http-basic-auth.md

        # Bir hata döndür
        ...
    ```
    
    Ancak `secrets.compare_digest()` kullanarak, "timing attacks" denilen bir saldırı türüne karşı güvenli olursunuz.
    
    ### Timing Attacks { #timing-attacks }
    
    Peki "timing attack" nedir?
    
    Bazı saldırganların kullanıcı adı ve şifreyi tahmin etmeye çalıştığını düşünelim.
    
    Created: Sun Apr 05 07:19:11 GMT 2026
    - Last Modified: Fri Mar 20 07:53:17 GMT 2026
    - 5.5K bytes
    - Click Count (0)
  4. docs/es/docs/advanced/security/http-basic-auth.md

        # Devuelve algún error
        ...
    ```
    
    Pero al usar `secrets.compare_digest()` será seguro contra un tipo de ataques llamados "timing attacks".
    
    ### Timing attacks { #timing-attacks }
    
    ¿Pero qué es un "timing attack"?
    
    Imaginemos que algunos atacantes están tratando de adivinar el nombre de usuario y la contraseña.
    
    Created: Sun Apr 05 07:19:11 GMT 2026
    - Last Modified: Thu Mar 19 18:15:55 GMT 2026
    - 5.3K bytes
    - Click Count (0)
  5. docs/ru/docs/advanced/security/http-basic-auth.md

    #### Время ответа помогает злоумышленникам { #the-time-to-answer-helps-the-attackers }
    
    Замечая, что сервер прислал «Неверное имя пользователя или пароль» на несколько микросекунд позже, злоумышленники поймут, что какая-то часть была угадана — начальные буквы верны.
    
    Created: Sun Apr 05 07:19:11 GMT 2026
    - Last Modified: Thu Mar 19 17:56:20 GMT 2026
    - 7.4K bytes
    - Click Count (0)
  6. docs/zh/docs/advanced/security/http-basic-auth.md

        ...
    ```
    
    此时,Python 要对比 `stanleyjobsox` 与 `stanleyjobson` 中的 `stanleyjobso`,才能知道这两个字符串不一样。因此会多花费几微秒来返回**错误的用户或密码**。
    
    #### 反应时间对攻击者的帮助 { #the-time-to-answer-helps-the-attackers }
    
    通过服务器花费了更多微秒才发送**错误的用户或密码**响应,攻击者会知道猜对了一些内容,起码开头字母是正确的。
    
    然后,他们就可以放弃 `johndoe`,再用类似 `stanleyjobsox` 的内容进行尝试。
    
    #### **专业**攻击 { #a-professional-attack }
    
    当然,攻击者不用手动操作,而是编写每秒能执行成千上万次测试的攻击程序,每次都会找到更多正确字符。
    
    Created: Sun Apr 05 07:19:11 GMT 2026
    - Last Modified: Fri Mar 20 17:06:37 GMT 2026
    - 4.4K bytes
    - Click Count (0)
  7. docs/pt/docs/advanced/security/http-basic-auth.md

        # Return some error
        ...
    ```
    
    Porém, ao utilizar o `secrets.compare_digest()`, isso estará seguro contra um tipo de ataque chamado "timing attacks".
    
    ### Ataques de Temporização { #timing-attacks }
    
    Mas o que é um "timing attack"?
    
    Vamos imaginar que alguns invasores estão tentando adivinhar o usuário e a senha.
    
    Created: Sun Apr 05 07:19:11 GMT 2026
    - Last Modified: Thu Mar 19 18:20:43 GMT 2026
    - 5.2K bytes
    - Click Count (0)
  8. docs/zh-hant/docs/advanced/security/http-basic-auth.md

        ...
    ```
    
    Python 會必須先比較完整的 `stanleyjobso`(在 `stanleyjobsox` 與 `stanleyjobson` 之中都一樣),才會發現兩個字串不同。因此回覆「Incorrect username or password」會多花一些微秒。
    
    #### 回應時間幫了攻擊者 { #the-time-to-answer-helps-the-attackers }
    
    此時,透過觀察伺服器回覆「Incorrect username or password」多花了幾個微秒,攻擊者就知道他們有某些地方猜對了,前幾個字母是正確的。
    
    接著他們會再嘗試,知道它更可能接近 `stanleyjobsox` 而不是 `johndoe`。
    
    #### 「專業」的攻擊 { #a-professional-attack }
    
    Created: Sun Apr 05 07:19:11 GMT 2026
    - Last Modified: Fri Mar 20 17:05:38 GMT 2026
    - 4.7K bytes
    - Click Count (0)
  9. docs/de/docs/advanced/security/http-basic-auth.md

    #### Die Zeit zum Antworten hilft den Angreifern { #the-time-to-answer-helps-the-attackers }
    
    Created: Sun Apr 05 07:19:11 GMT 2026
    - Last Modified: Thu Mar 19 17:58:09 GMT 2026
    - 6.1K bytes
    - Click Count (0)
  10. docs/uk/docs/advanced/async-tests.md

    /// tip | Порада
    
    Created: Sun Apr 05 07:19:11 GMT 2026
    - Last Modified: Thu Mar 19 18:27:41 GMT 2026
    - 5.9K bytes
    - Click Count (0)
Back to Top