val size: Int
    get() = namesAndValues.size / 2

  @JvmName("-deprecated_size")
  @Deprecated(
    message = "moved to val",
    replaceWith = ReplaceWith(expression = "size"),
    level = DeprecationLevel.ERROR,
  )
  fun size(): Int = size

  /** Returns the field at `position`. */
  fun name(index: Int): String = commonName(index)

  /** Returns the value at `index`. */

      if (result) {
        executionList.execute();
      }
      return result;
    }

    /**
     * Subclasses should invoke this method to set the result of the computation to an error, {@code
     * throwable}. This will set the state of the future to {@link OldAbstractFuture.Sync#COMPLETED}
     * and invoke the listeners if the state was successfully changed.
     *

                                "content": {"application/json": {"schema": {}}},
                            },
                            "422": {
                                "description": "Validation Error",
                                "content": {
                                    "application/json": {
                                        "schema": {

     *            HttpServletResponse.SC_UNAUTHORIZED).
     * @return True if the negotiation is complete, otherwise false
     * @throws IOException if an I/O error occurs
     * @throws ServletException if a servlet error occurs
     */
    protected NtlmPasswordAuthentication negotiate(final HttpServletRequest req, final HttpServletResponse resp,

				}
			}

			return
		}

		result, err := db.Statement.ConnPool.ExecContext(
			db.Statement.Context, db.Statement.SQL.String(), db.Statement.Vars...,
		)
		if err != nil {
			db.AddError(err)
			return
		}

		db.RowsAffected, _ = result.RowsAffected()

		if db.Statement.Result != nil {
			db.Statement.Result.Result = result

            logForbiddenAPIsOutput(forbiddenApisOutput);
            if (missingClasses.isEmpty() == false) {
                getLogger().error("Missing classes:\n{}", formatClassList(missingClasses));
            }
            if (violationsClasses.isEmpty() == false) {
                getLogger().error("Classes with violations:\n{}", formatClassList(violationsClasses));
            }

import org.codelibs.core.lang.StringUtil;
import org.codelibs.core.net.URLUtil;
import org.codelibs.fess.Constants;
import org.codelibs.fess.app.web.base.FessSearchAction;
import org.codelibs.fess.app.web.error.ErrorAction;
import org.codelibs.fess.crawler.util.CharUtil;
import org.codelibs.fess.helper.PathMappingHelper;
import org.codelibs.fess.helper.SearchLogHelper;
import org.codelibs.fess.helper.ViewHelper;

        running.set(false);

        if (serverSocket != null && !serverSocket.isClosed()) {
            try {
                serverSocket.close();
            } catch (IOException e) {
                log.debug("Error closing server socket", e);
            }
        }

        if (serverThread != null) {
            try {
                serverThread.join(5000); // Wait up to 5 seconds
            } catch (InterruptedException e) {

    default Optional<OutputStream> stdOut() {
        return Optional.ofNullable(parserRequest().stdOut());
    }

    /**
     * Returns the error stream for the Maven execution, if running in embedded mode.
     *
     * @return an {@link Optional} containing the error stream, or empty if not applicable
     */
    @Nonnull
    default Optional<OutputStream> stdErr() {

{* ../../docs_src/security/tutorial007_an_py310.py hl[1,12:24] *}

这类似于：

```Python
if not (credentials.username == "stanleyjobson") or not (credentials.password == "swordfish"):
    # Return some error
    ...
```

但使用 `secrets.compare_digest()`，可以防御**时差攻击**，更加安全。

### 时差攻击 { #timing-attacks }

什么是**时差攻击**？

假设攻击者试图猜出用户名与密码。

他们发送用户名为 `johndoe`，密码为 `love123` 的请求。

然后，Python 代码执行如下操作：