# Return some error
    ...
```

But by using the `secrets.compare_digest()` it will be secure against a type of attacks called "timing attacks".

### Timing Attacks { #timing-attacks }

But what's a "timing attack"?

Let's imagine some attackers are trying to guess the username and password.

And they send a request with a username `johndoe` and a password `love123`.

```Python
if not (credentials.username == "stanleyjobson") or not (credentials.password == "swordfish"):
    # 어떤 오류를 반환
    ...
```

하지만 `secrets.compare_digest()`를 사용하면 "timing attacks"라고 불리는 한 유형의 공격에 대해 안전해집니다.

### 타이밍 공격 { #timing-attacks }

그렇다면 "timing attack"이란 무엇일까요?

공격자들이 사용자명과 비밀번호를 추측하려고 한다고 가정해봅시다.

그리고 사용자명 `johndoe`, 비밀번호 `love123`으로 요청을 보냅니다.

그러면 애플리케이션의 Python 코드는 대략 다음과 같을 것입니다:

```Python

* load balancer: load balancer (do not translate to "balanceador de carga")
* load balance: load balance (do not translate to "balancear carga")
* self hosting: self hosting (do not translate to "auto alojamiento")

* Pydantic model: Pydantic-модель (`модель Pydantic` and `Pydantic модель` are also fine)
* declare: объявить
* have the next best performance, after: быть на следующем месте по производительности после
* timing attack: тайминговая атака (clarify `атака по времени` if needed)
* OAuth2 scope: OAuth2 scope (clarify `область` if needed)
* TLS Termination Proxy: прокси-сервер TSL-терминации
* utilize (resources): использовать

  public static final String SERVER = "Server";

  /**
   * The HTTP <a href="https://www.w3.org/TR/server-timing/">{@code Server-Timing}</a> header field
   * name.
   *
   * @since 23.6
   */
  public static final String SERVER_TIMING = "Server-Timing";

  /**
   * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">{@code

这类似于：

```Python
if not (credentials.username == "stanleyjobson") or not (credentials.password == "swordfish"):
    # Return some error
    ...
```

但使用 `secrets.compare_digest()`，可以防御**时差攻击**，更加安全。

### 时差攻击 { #timing-attacks }

什么是**时差攻击**？

假设攻击者试图猜出用户名与密码。

他们发送用户名为 `johndoe`，密码为 `love123` 的请求。

然后，Python 代码执行如下操作：

```Python
if "johndoe" == "stanleyjobson" and "love123" == "swordfish":
    ...
```

這大致等同於：

```Python
if not (credentials.username == "stanleyjobson") or not (credentials.password == "swordfish"):
    # 回傳錯誤
    ...
```

但藉由使用 `secrets.compare_digest()`，可以防禦一種稱為「計時攻擊」的攻擊。

### 計時攻擊 { #timing-attacks }

什麼是「計時攻擊」呢？

想像有攻擊者在嘗試猜測使用者名稱與密碼。

他們送出一個帶有使用者名稱 `johndoe` 與密碼 `love123` 的請求。

接著，你的應用程式中的 Python 程式碼等同於：

```Python
if "johndoe" == "stanleyjobson" and "love123" == "swordfish":
    ...

            }
        }, CrawlingInfoService.class.getCanonicalName());

        crawlingInfoHelper.updateParams(sessionId, "Test Crawl", 5);

        // Verify documentExpires is set (don't check exact timing due to test environment timing issues)
        assertTrue("documentExpires should be set", crawlingInfoHelper.documentExpires > 0);
    }

    @Test
    public void test_updateParams_defaultName() {

 *   <li>Thread pool management for crawler execution</li>
 *   <li>Session-based crawling with cleanup operations</li>
 *   <li>Old document deletion after successful crawling</li>
 *   <li>Crawling execution monitoring and timing</li>
 * </ul>
 */
public class DataIndexHelper {

    /** Logger instance for this class */
    private static final Logger logger = LogManager.getLogger(DataIndexHelper.class);

```Python
if not (credentials.username == "stanleyjobson") or not (credentials.password == "swordfish"):
    # 何らかのエラーを返す
    ...
```

しかし `secrets.compare_digest()` を使うことで、「タイミング攻撃」と呼ばれる種類の攻撃に対して安全になります。

### タイミング攻撃 { #timing-attacks }

「タイミング攻撃」とは何でしょうか？

攻撃者がユーザー名とパスワードを推測しようとしていると想像してください。

そして、ユーザー名 `johndoe`、パスワード `love123` を使ってリクエストを送ります。

その場合、アプリケーション内の Python コードは次のようなものと等価になります:

```Python