#### The time to answer helps the attackers { #the-time-to-answer-helps-the-attackers }

At that point, by noticing that the server took some microseconds longer to send the "Incorrect username or password" response, the attackers will know that they got _something_ right, some of the initial letters were right.

그런데 공격자들이 사용자명을 `stanleyjobsox`, 비밀번호를 `love123`으로 다시 시도합니다.

그러면 애플리케이션 코드는 다음과 비슷하게 동작합니다:

```Python
if "stanleyjobsox" == "stanleyjobson" and "love123" == "swordfish":
    ...
```

Python은 두 문자열이 같지 않다는 것을 알아차리기 전까지 `stanleyjobsox`와 `stanleyjobson` 양쪽의 `stanleyjobso` 전체를 비교해야 합니다. 그래서 "Incorrect username or password"라고 응답하기까지 추가로 몇 마이크로초가 더 걸릴 것입니다.

constraints.LuhnCheck.message = The Luhn Modulo 11 checksum of {value} is incorrect.
constraints.Mod10Check.message = The Modulo 10 checksum of {value} is incorrect.
constraints.Mod11Check.message = The Modulo 11 checksum of {value} is incorrect.
constraints.ModCheck.message = The {modType} checksum of {value} is incorrect.
constraints.NotBlank.message = {item} is required.
constraints.NotEmpty.message = {item} is required.

constraints.LuhnCheck.message = The Luhn Modulo 11 checksum of {value} is incorrect.
constraints.Mod10Check.message = The Modulo 10 checksum of {value} is incorrect.
constraints.Mod11Check.message = The Modulo 11 checksum of {value} is incorrect.
constraints.ModCheck.message = The {modType} checksum of {value} is incorrect.
constraints.NotBlank.message = {item} is required.
constraints.NotEmpty.message = {item} is required.

                "input": None,
            }
        ]
    }


@pytest.mark.parametrize(
    argnames=["grant_type"],
    argvalues=[
        pytest.param("incorrect", id="incorrect value"),
        pytest.param("passwordblah", id="password with suffix"),
        pytest.param("blahpassword", id="password with prefix"),
    ],
)
def test_strict_login_incorrect_grant_type(grant_type: str):

但接著攻擊者改用使用者名稱 `stanleyjobsox` 與密碼 `love123` 嘗試。

你的應用程式程式碼會做類似：

```Python
if "stanleyjobsox" == "stanleyjobson" and "love123" == "swordfish":
    ...
```

Python 會必須先比較完整的 `stanleyjobso`（在 `stanleyjobsox` 與 `stanleyjobson` 之中都一樣），才會發現兩個字串不同。因此回覆「Incorrect username or password」會多花一些微秒。

 * MIME type detection configuration. It reads extension-to-MIME-type override
 * mappings from FessConfig to handle cases where content-based detection
 * produces incorrect results (e.g., SQL files starting with REM comments
 * being misdetected as batch files).
 */
public class FessMimeTypeHelper extends MimeTypeHelperImpl {

                "input": None,
            }
        ]
    }


@pytest.mark.parametrize(
    argnames=["grant_type"],
    argvalues=[
        pytest.param("incorrect", id="incorrect value"),
        pytest.param("passwordblah", id="password with suffix"),
        pytest.param("blahpassword", id="password with prefix"),
    ],
)
def test_strict_login_incorrect_grant_type(grant_type: str):

                "input": None,
            }
        ]
    }


@pytest.mark.parametrize(
    argnames=["grant_type"],
    argvalues=[
        pytest.param("incorrect", id="incorrect value"),
        pytest.param("passwordblah", id="password with suffix"),
        pytest.param("blahpassword", id="password with prefix"),
    ],
)
def test_strict_login_incorrect_grant_type(grant_type: str):

* Read the body of the request as JSON.
* Convert the corresponding types (if needed).
* Validate the data.
    * If the data is invalid, it will return a nice and clear error, indicating exactly where and what was the incorrect data.
* Give you the received data in the parameter `item`.
    * As you declared it in the function to be of type `Item`, you will also have all the editor support (completion, etc) for all of the attributes and their types.