this.fid = fid;
        this.offset = offset;
        this.remaining = remaining;
        this.b = b;
        this.off = off;
        dataLength = len;
        digest = null; /* otherwise recycled commands
                        * like writeandx will choke if session
                        * closes in between */
    }

    @Override
    int getBatchLimit(final byte command) {

# Integration tests (*Tests.java) - requires running Fess server
mvn test -P integrationTests -Dtest.fess.url="http://localhost:8080" -Dtest.search_engine.url="http://localhost:9201"
```

### Running
```bash
./bin/fess              # From command line
# Or run org.codelibs.fess.FessBoot from IDE
# Access: http://localhost:8080/ (Admin: admin/admin)
```

### Code Formatting
```bash

    }

    /**
     * @param digest
     */
    public void setDigest(final SMBSigningDigest digest) {
        this.digest = digest;
    }

    /**
     * @return the digest
     */
    public SMBSigningDigest getDigest() {
        return this.digest;
    }

    /**
     * @return the context associated with this transport connection

#### **专业**攻击 { #a-professional-attack }

当然，攻击者不用手动操作，而是编写每秒能执行成千上万次测试的攻击程序，每次都会找到更多正确字符。

但是，在您的应用的**帮助**下，攻击者利用时间差，就能在几分钟或几小时内，以这种方式猜出正确的用户名和密码。

#### 使用 `secrets.compare_digest()` 修补 { #fix-it-with-secrets-compare-digest }

在此，代码中使用了 `secrets.compare_digest()`。

简单的说，它使用相同的时间对比 `stanleyjobsox` 和 `stanleyjobson`，还有 `johndoe` 和 `stanleyjobson`。对比密码时也一样。

在代码中使用 `secrets.compare_digest()` ，就可以安全地防御这整类安全攻击。

#### 「專業」的攻擊 { #a-professional-attack }

當然，攻擊者不會手動嘗試這一切，他們會寫程式來做，可能每秒進行上千或上百萬次測試，一次只多猜中一個正確字母。

但這樣做，幾分鐘或幾小時內，他們就能在我們應用程式「協助」下，僅靠回應時間就猜出正確的使用者名稱與密碼。

#### 用 `secrets.compare_digest()` 修正 { #fix-it-with-secrets-compare-digest }

但在我們的程式碼中實際使用的是 `secrets.compare_digest()`。

簡而言之，將 `stanleyjobsox` 與 `stanleyjobson` 比較所花的時間，會與將 `johndoe` 與 `stanleyjobson` 比較所花的時間相同；密碼也一樣。

如此一來，在應用程式程式碼中使用 `secrets.compare_digest()`，就能安全地防禦這整類的安全攻擊。

        });
    }

    /**
     * Generates a hashed ID from the provided URL ID string.
     * Encodes special characters using URL encoding or Base64 encoding as needed,
     * then applies a message digest algorithm to create a unique hash.
     *
     * @param urlId the URL ID string to generate a hash for
     * @return a hashed ID string generated from the input URL ID
     */

    * A cookie.
* `http`: standard HTTP authentication systems, including:
    * `bearer`: a header `Authorization` with a value of `Bearer ` plus a token. This is inherited from OAuth2.
    * HTTP Basic authentication.
    * HTTP Digest, etc.
* `oauth2`: all the OAuth2 ways to handle security (called "flows").
    * Several of these flows are appropriate for building an OAuth 2.0 authentication provider (like Google, Facebook, X (Twitter), GitHub, etc):

#### Fix it with `secrets.compare_digest()` { #fix-it-with-secrets-compare-digest }

But in our code we are actually using `secrets.compare_digest()`.

                    return "alerts,roles";

                case FessConfig.INDEX_FIELD_CACHE:
                    return "cache";
                case FessConfig.INDEX_FIELD_DIGEST:
                    return "digest";
                case FessConfig.INDEX_FIELD_HOST:
                    return "host";
                case FessConfig.INDEX_FIELD_SITE:
                    return "site";

        if ("sha512".equalsIgnoreCase(digestAlgorithm)) {
            oneWay = OneWayCryptographer.createSha512Cryptographer();
        } else if ("md5".equalsIgnoreCase(digestAlgorithm)) {
            logger.warn("MD5 digest is deprecated due to its collision vulnerabilities. Please consider migrating to SHA-256. algorithm={}",
                    digestAlgorithm);
            oneWay = new OneWayCryptographer("MD5", OneWayCryptographer.ENCODING_UTF8);