Bu, username geçerli olsun ya da olmasın endpoint'in yaklaşık aynı sürede yanıt vermesini sağlar; böylece mevcut username'leri saymaya yarayabilecek zamanlama saldırılarını (timing attacks) engeller.

/// note | Not

   * were obtained by calling {@code snapshot()} on the same {@link PairedStatsAccumulator} without
   * adding any values in between the two calls, or if one is obtained from the other after
   * round-tripping through java serialization. However, floating point rounding errors mean that it
   * may be false for some instances where the statistics are mathematically equal, including

	})
}

func (f *sftpDriver) AccessKey() string {
	return f.permissions.CriticalOptions["AccessKey"]
}

func (f *sftpDriver) Fileread(r *sftp.Request) (ra io.ReaderAt, err error) {
	// This is not timing the actual read operation, but the time it takes to prepare the reader.
	stopFn := globalSftpMetrics.log(r, f.AccessKey())
	defer stopFn(0, err)

	flags := r.Pflags()
	if !flags.Read {
		// sanity check

        // Mock address for testing
        Address mockAddress = Mockito.mock(Address.class);
        Mockito.when(mockAddress.getHostAddress()).thenReturn("127.0.0.1");

        // Start timing
        long overallStart = System.nanoTime();

        for (int t = 0; t < threadCount; t++) {
            executor.submit(() -> {
                try {
                    startLatch.await();

```Python
if not (credentials.username == "stanleyjobson") or not (credentials.password == "swordfish"):
    # 何らかのエラーを返す
    ...
```

しかし `secrets.compare_digest()` を使うことで、「タイミング攻撃」と呼ばれる種類の攻撃に対して安全になります。

### タイミング攻撃 { #timing-attacks }

「タイミング攻撃」とは何でしょうか？

攻撃者がユーザー名とパスワードを推測しようとしていると想像してください。

そして、ユーザー名 `johndoe`、パスワード `love123` を使ってリクエストを送ります。

その場合、アプリケーション内の Python コードは次のようなものと等価になります:

```Python

Isso garante que o endpoint leve aproximadamente o mesmo tempo para responder, seja o nome de usuário válido ou não, prevenindo **timing attacks** que poderiam ser usados para enumerar nomes de usuário existentes.

/// note | Nota

            thread.join();
        }

        // Due to synchronized method, only one thread should reload
        // The count might be 2 (one initial + one reload) or slightly higher due to timing
        assertTrue(loadCount[0] <= 3, "Load count should be small due to synchronization");
    }

- Async handling of lease breaks

### 9.3 Network Efficiency
- Batch lease requests when possible
- Implement lease key reuse for related files
- Optimize lease break acknowledgment timing

## 10. Error Handling

### 10.1 Lease Break Timeout
```java
public void handleLeaseBreakWithTimeout(Smb2LeaseKey key, int newState) {
    CompletableFuture<Void> future = CompletableFuture.runAsync(() -> {

        transitionTo(State.CLOSED);
    }

    /**
     * Manually trip the circuit breaker to open state
     */
    public void trip() {
        log.info("[{}] Manually tripping circuit breaker to OPEN", name);
        transitionTo(State.OPEN);
    }

    /**
     * Get current failure threshold (may be dynamically adjusted)
     *
     * @return current failure threshold
     */

    assertThat(startupTimes.get(a)).isAtLeast(150);
    // Service b startup takes at least 353 millis, but starting the timer is delayed by at least
    // 150 milliseconds. so in a perfect world the timing would be 353-150=203ms, but since either
    // of our sleep calls can be arbitrarily delayed we should just assert that there is a time
    // recorded.
    assertThat(startupTimes.get(b)).isNotNull();
  }