### Timing Attacks { #timing-attacks }

But what's a "timing attack"?

Let's imagine some attackers are trying to guess the username and password.

And they send a request with a username `johndoe` and a password `love123`.

Then the Python code in your application would be equivalent to something like:

```Python
if "johndoe" == "stanleyjobson" and "love123" == "swordfish":

We are going to use **FastAPI** security utilities to get the `username` and `password`.

OAuth2 specifies that when using the "password flow" (that we are using) the client/user must send a `username` and `password` fields as form data.

And the spec says that the fields have to be named like that. So `user-name` or `email` wouldn't work.

		return
	}

	if err = validateConfig(ctx, cfg, subSys); err != nil {
		var validationErr ldap.Validation
		if errors.As(err, &validationErr) {
			// If we got an LDAP validation error, we need to send appropriate
			// error message back to client (likely mc).
			writeCustomErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigLDAPValidation),
				validationErr.FormatError(), r.URL)
			return
		}

import okio.Buffer
import okio.BufferedSource
import okio.ByteString
import okio.Source
import okio.Timeout

/**
 * Reads HTTP/2 transport frames.
 *
 * This implementation assumes we do not send an increased [frame][Settings.getMaxFrameSize] to the
 * peer. Hence, we expect all frames to have a max length of [Http2.INITIAL_MAX_FRAME_SIZE].
 */
class Http2Reader(

    /**
     * Default maximum number of receive credits
     */
    public static final int DEFAULT_RECEIVE_CREDIT_MAX = 255;

    /**
     * Default target number of send credits
     */
    public static final int DEFAULT_SEND_CREDIT_TARGET = 32;

    /**
     * Default maximum receive size (8KB)
     */
    public static final int DEFAULT_MAX_RECEIVE_SIZE = 8192;

    /**

 */
package org.apache.maven.artifact.resolver;

import org.apache.maven.artifact.Artifact;
import org.apache.maven.artifact.versioning.VersionRange;
import org.codehaus.plexus.logging.Logger;

/**
 * Send resolution warning events to the warning log.
 *
 */
@Deprecated
public class WarningResolutionListener implements ResolutionListener {
    private Logger logger;

    public WarningResolutionListener(Logger logger) {

	notificationEventsSkippedTotal    = "events_skipped_total"
)

var (
	notificationCurrentSendInProgressMD = NewCounterMD(notificationCurrentSendInProgress, "Number of concurrent async Send calls active to all targets")
	notificationEventsErrorsTotalMD     = NewCounterMD(notificationEventsErrorsTotal, "Events that were failed to be sent to the targets")

	endpointL             = "endpoint"
)

var (
	allWebhookLabels        = []string{nameL, endpointL}
	webhookFailedMessagesMD = NewCounterMD(webhookFailedMessages,
		"Number of messages that failed to send",
		allWebhookLabels...)
	webhookQueueLengthMD = NewGaugeMD(webhookQueueLength,
		"Webhook queue length",
		allWebhookLabels...)
	webhookTotalMessagesMD = NewCounterMD(webhookTotalMessages,

    const val DEFAULT_INITIAL_WINDOW_SIZE = 65535

    /** HTTP/2: Size in bytes of the table used to decode the sender's header blocks. */
    const val HEADER_TABLE_SIZE = 1

    /** HTTP/2: The peer must not send a PUSH_PROMISE frame when this is 0. */
    const val ENABLE_PUSH = 2

    /** Sender's maximum number of concurrent streams. */
    const val MAX_CONCURRENT_STREAMS = 3

    /** Window size in bytes. */

    void getSendBufferSize_throws() throws Exception {
        // Arrange
        when(handle.getSendBufferSize()).thenThrow(new CIFSException("send size failed"));

        // Act + Assert
        CIFSException ex = assertThrows(CIFSException.class, () -> handle.getSendBufferSize());
        assertEquals("send size failed", ex.getMessage());
        verify(handle).getSendBufferSize();
    }

    @Test