# Devuelve algún error
    ...
```

Pero al usar `secrets.compare_digest()` será seguro contra un tipo de ataques llamados "timing attacks".

### Timing attacks { #timing-attacks }

¿Pero qué es un "timing attack"?

Imaginemos que algunos atacantes están tratando de adivinar el nombre de usuario y la contraseña.

Y envían un request con un nombre de usuario `johndoe` y una contraseña `love123`.

## `TrustedHostMiddleware` { #trustedhostmiddleware }

Enforces that all incoming requests have a correctly set `Host` header, in order to guard against HTTP Host Header attacks.

{* ../../docs_src/advanced_middleware/tutorial002_py39.py hl[2,6:8] *}

The following arguments are supported:

     * in the data store plugin directory and extracts component class names.
     *
     * <p>The method uses secure XML parsing features to prevent XXE attacks and
     * other XML-based vulnerabilities. Component class names are extracted from
     * the 'class' attribute of 'component' elements in the XML files.</p>
     *

will fail early. The default value is `httpcookiemaxnum=3000`. Setting
`httpcookiemaxnum=0` will allow the cookie parsing to accept an indefinite
number of cookies. To avoid denial of service attacks, this setting and default
was backported to Go 1.25.2 and Go 1.24.8.

Go 1.26 added a new `urlstrictcolons` setting that controls whether `net/url.Parse`

    ```

 *  New: `Cookie.sameSite` determines whether cookies should be sent on cross-site requests. This
    is used by servers to defend against Cross-Site Request Forgery (CSRF) attacks.

 *  New: Log the total time of the HTTP call in `HttpLoggingInterceptor`.

 *  New: `OkHttpClient.Builder` now has APIs that use `kotlin.time.Duration`.

                return fessConfig.getRoleSearchGroupPrefix();
            }
        }
        return null;
    }

    /**
     * Escapes special characters in an LDAP search filter to prevent LDAP injection attacks.
     *
     * <p>This method escapes the following characters as per RFC 4515:
     * <ul>
     * <li>\ (backslash) → \5c</li>
     * <li>* (asterisk) → \2a</li>
     * <li>( (left parenthesis) → \28</li>

            String message;
            if (isMultiModule) {
                // Multi-module project: artifactId may match any declared module name
                message = String.format(
                        "Cannot attach artifact to project: groupId and version must match the project, "
                                + "and artifactId must match either the project or a declared module name.%n"

* load balancer: load balancer (do not translate to "balanceador de carga")
* load balance: load balance (do not translate to "balancear carga")
* self hosting: self hosting (do not translate to "auto alojamiento")

  - 💾 [PostgreSQL](https://www.postgresql.org) als SQL-Datenbank.
- 🚀 [React](https://react.dev) für das Frontend.
  - 💃 Verwendung von TypeScript, Hooks, Vite und anderen Teilen eines modernen Frontend-Stacks.
  - 🎨 [Tailwind CSS](https://tailwindcss.com) und [shadcn/ui](https://ui.shadcn.com) für die Frontend-Komponenten.
  - 🤖 Ein automatisch generierter Frontend-Client.

### Upgrades

* ⬆️ Upgrade Starlette to 0.25.0. PR [#5996](https://github.com/tiangolo/fastapi/pull/5996) by [@tiangolo](https://github.com/tiangolo).
    * This solves a vulnerability that could allow denial of service attacks by using many small multipart fields/files (parts), consuming high CPU and memory.
    * Only applications using forms (e.g. file uploads) could be affected.
    * For most cases, upgrading won't have any breaking changes.