```Python
if not (credentials.username == "stanleyjobson") or not (credentials.password == "swordfish"):
    # Return some error
    ...
```

But by using the `secrets.compare_digest()` it will be secure against a type of attacks called "timing attacks".

### Timing Attacks { #timing-attacks }

But what's a "timing attack"?

Let's imagine some attackers are trying to guess the username and password.

        return params.get(key);
    }

    /**
     * Retrieves a parameter value as a String.
     * If the stored value is already a String, it is returned directly.
     * Otherwise, the toString() method is called on the value.
     *
     * @param key the parameter key to look up
     * @return the parameter value as a String, null if not found or value is null
     */
    public String getAsString(final String key) {

    @Test
    @DisplayName("Test constructor with invalid information level")
    void testConstructorWithInvalidInformationLevel() {
        // The exception is thrown during writeParametersWireFormat when mapInformationLevel is called
        Trans2QueryFSInformation trans2 = new Trans2QueryFSInformation(config, 99);
        assertNotNull(trans2);

        // Exception should be thrown when trying to write parameters
        byte[] buffer = new byte[256];

            return null;
        }).when(mockDcerpcHandle).sendrecv(any(MsrpcLsarClose.class));

        // Act
        handle.close();

        // Assert
        // Verify sendrecv was called once for open and once for close
        verify(mockDcerpcHandle, times(1)).sendrecv(any(MsrpcLsarOpenPolicy2.class));
        verify(mockDcerpcHandle, times(1)).sendrecv(any(MsrpcLsarClose.class));
    }

    @Test

        for (int dos : inputs) {
            int nt = findNtStatusOrMinusOne(dos);
            if (nt != -1) {
                consumer.accept(dos, nt);
            }
        }

        // Assert: consumer called exactly for the 3 known codes, with the right arguments
        ArgumentCaptor<Integer> dosCaptor = ArgumentCaptor.forClass(Integer.class);
        ArgumentCaptor<Integer> ntCaptor = ArgumentCaptor.forClass(Integer.class);

    * `bearer`: a header `Authorization` with a value of `Bearer ` plus a token. This is inherited from OAuth2.
    * HTTP Basic authentication.
    * HTTP Digest, etc.
* `oauth2`: all the OAuth2 ways to handle security (called "flows").
    * Several of these flows are appropriate for building an OAuth 2.0 authentication provider (like Google, Facebook, X (Twitter), GitHub, etc):
        * `implicit`
        * `clientCredentials`

     */
    protected FilterChain filterChain;

    /**
     * Initializes the query processor after construction.
     * This method creates the initial filter chain from the registered filters.
     * Called automatically by the DI container after bean construction.
     */
    @PostConstruct
    public void init() {
        createFilterChain();
    }

    /**
     * Executes query processing through the filter chain.

	// "SCHILY.xattr." namespace.
	//
	// The following are semantically equivalent:
	//  h.Xattrs[key] = value
	//  h.PAXRecords["SCHILY.xattr."+key] = value
	//
	// When Writer.WriteHeader is called, the contents of Xattrs will take
	// precedence over those in PAXRecords.
	//
	// Deprecated: Use PAXRecords instead.
	Xattrs map[string]string

	// PAXRecords is a map of PAX extended header records.
	//

    }

    @Override
    public void xsetPaging(boolean paging) {
        // Do nothing because this is unsupported on ConditionBean.
        // And it is possible that this method is called by PagingInvoker.
    }

    @Override
    public void enablePagingCountLater() {
        // nothing
    }

    @Override
    public void disablePagingCountLater() {
        // nothing
    }

    }

    @Override
    public void xsetPaging(boolean paging) {
        // Do nothing because this is unsupported on ConditionBean.
        // And it is possible that this method is called by PagingInvoker.
    }

    @Override
    public void enablePagingCountLater() {
        // nothing
    }

    @Override
    public void disablePagingCountLater() {
        // nothing
    }