Search Options

Display Count
Sort
Preferred Language
Advanced Search

Results 51 - 60 of 287 for attacks (0.08 seconds)

  2. github.com/tiangolo/fastapi

    docs/es/docs/advanced/security/http-basic-auth.md 

        # Devuelve algún error
    ...
```

Pero al usar `secrets.compare_digest()` será seguro contra un tipo de ataques llamados "timing attacks".

### Timing attacks { #timing-attacks }

¿Pero qué es un "timing attack"?

Imaginemos que algunos atacantes están tratando de adivinar el nombre de usuario y la contraseña.

Y envían un request con un nombre de usuario `johndoe` y una contraseña `love123`.
    Created: Sun Apr 05 07:19:11 GMT 2026
    - Last Modified: Thu Mar 19 18:15:55 GMT 2026
    - 5.3K bytes
    - Click Count (0)
  3. github.com/square/okhttp

    okhttp/src/commonJvmAndroid/kotlin/okhttp3/HttpUrl.kt 

     *
 * ```java
 * String attack = "http://example.com/static/images/../../../../../etc/passwd";
 * System.out.println(new URL(attack).getPath());
 * System.out.println(new URI(attack).getPath());
 * System.out.println(HttpUrl.parse(attack).encodedPath());
 * ```
 *
 * By canonicalizing the input paths, they are complicit in directory traversal attacks. Code that
 * checks only the path prefix may suffer!
 *
    Created: Fri Apr 03 11:42:14 GMT 2026
    - Last Modified: Tue Jan 27 09:00:39 GMT 2026
    - 63.5K bytes
    - Click Count (0)
  4. github.com/tiangolo/fastapi

    docs/uk/docs/advanced/security/http-basic-auth.md 

        # Поверніть якусь помилку
    ...
```

Але використовуючи `secrets.compare_digest()`, це буде захищено від типу атак, що називаються «атаки за часом» (timing attacks).

### Атаки за часом { #timing-attacks }

Що таке «атака за часом»?

Уявімо, що зловмисники намагаються вгадати ім'я користувача та пароль.

Вони надсилають запит з ім'ям користувача `johndoe` та паролем `love123`.
    Created: Sun Apr 05 07:19:11 GMT 2026
    - Last Modified: Thu Mar 19 18:27:41 GMT 2026
    - 7.6K bytes
    - Click Count (0)
  5. github.com/tiangolo/fastapi

    docs/pt/docs/advanced/security/http-basic-auth.md 

        # Return some error
    ...
```

Porém, ao utilizar o `secrets.compare_digest()`, isso estará seguro contra um tipo de ataque chamado "timing attacks".

### Ataques de Temporização { #timing-attacks }

Mas o que é um "timing attack"?

Vamos imaginar que alguns invasores estão tentando adivinhar o usuário e a senha.

E eles enviam uma requisição com um usuário `johndoe` e uma senha `love123`.
    Created: Sun Apr 05 07:19:11 GMT 2026
    - Last Modified: Thu Mar 19 18:20:43 GMT 2026
    - 5.2K bytes
    - Click Count (0)
  6. github.com/tiangolo/fastapi

    docs/ru/docs/advanced/security/http-basic-auth.md 

    Замечая, что сервер прислал «Неверное имя пользователя или пароль» на несколько микросекунд позже, злоумышленники поймут, что какая-то часть была угадана — начальные буквы верны.

Тогда они могут попробовать снова, зная, что правильнее что-то ближе к `stanleyjobsox`, чем к `johndoe`.

#### «Профессиональная» атака { #a-professional-attack }
    Created: Sun Apr 05 07:19:11 GMT 2026
    - Last Modified: Thu Mar 19 17:56:20 GMT 2026
    - 7.4K bytes
    - Click Count (0)
  7. github.com/tiangolo/fastapi

    docs/de/docs/advanced/security/http-basic-auth.md 

        # Einen Error zurückgeben
    ...
```

Aber durch die Verwendung von `secrets.compare_digest()` ist dieser Code sicher vor einer Art von Angriffen, die „Timing-Angriffe“ genannt werden.

### Timing-Angriffe { #timing-attacks }

Aber was ist ein „Timing-Angriff“?

Stellen wir uns vor, dass einige Angreifer versuchen, den Benutzernamen und das Passwort zu erraten.
    Created: Sun Apr 05 07:19:11 GMT 2026
    - Last Modified: Thu Mar 19 17:58:09 GMT 2026
    - 6.1K bytes
    - Click Count (0)
  8. github.com/tiangolo/fastapi

    docs/fr/docs/advanced/security/http-basic-auth.md 

        # Renvoyer une erreur
    ...
```

Mais en utilisant `secrets.compare_digest()`, cela sera sécurisé contre un type d'attaques appelé « attaques par chronométrage ».

### Attaques par chronométrage { #timing-attacks }

Mais qu'est-ce qu'une « attaque par chronométrage » ?

Imaginons que des attaquants essaient de deviner le nom d'utilisateur et le mot de passe.
    Created: Sun Apr 05 07:19:11 GMT 2026
    - Last Modified: Thu Mar 19 18:37:13 GMT 2026
    - 5.8K bytes
    - Click Count (0)
  9. github.com/square/okhttp

    CHANGELOG.md 

        ```

 *  New: `Cookie.sameSite` determines whether cookies should be sent on cross-site requests. This
    is used by servers to defend against Cross-Site Request Forgery (CSRF) attacks.

 *  New: Log the total time of the HTTP call in `HttpLoggingInterceptor`.

 *  New: `OkHttpClient.Builder` now has APIs that use `kotlin.time.Duration`.
    Created: Fri Apr 03 11:42:14 GMT 2026
    - Last Modified: Sun Feb 15 11:57:47 GMT 2026
    - 36.2K bytes
    - Click Count (2)
  10. github.com/minio/minio

    cmd/object-api-utils.go 

    		}
		return actualSize, nil
	}
	return o.Size, nil
}

// Disabling compression for encrypted enabled requests.
// Using compression and encryption together enables room for side channel attacks.
// Eliminate non-compressible objects by extensions/content-types.
func isCompressible(header http.Header, object string) bool {
	globalCompressConfigMu.Lock()
	cfg := globalCompressConfig
    Created: Sun Apr 05 19:28:12 GMT 2026
    - Last Modified: Wed Jun 25 15:08:54 GMT 2025
    - 37.3K bytes
    - Click Count (0)
  11. github.com/google/guava

    android/guava/src/com/google/common/collect/Synchronized.java 

                  return typePreservingCollection(entry.getValue(), mutex);
            }
          };
        }
      };
    }

    // See Collections.CheckedMap.CheckedEntrySet for details on attacks.

    @Override
    public @Nullable Object[] toArray() {
      synchronized (mutex) {
        /*
         * toArrayImpl returns `@Nullable Object[]` rather than `Object[]` but only because it can
    Created: Fri Apr 03 12:43:13 GMT 2026
    - Last Modified: Fri Aug 08 15:11:10 GMT 2025
    - 53K bytes
    - Click Count (0)
Back to Top