- **Pre-Authentication Integrity**: SMB 3.1.1 PAI for preventing downgrade attacks
- **Automatic Detection**: Encryption automatically enabled when servers require it
- **Secure Key Management**: Proper key derivation and nonce generation

### Core Features
- **Per-context configuration**: No global state, each context encapsulates configuration

```Python
if not (credentials.username == "stanleyjobson") or not (credentials.password == "swordfish"):
    # Return some error
    ...
```

But by using the `secrets.compare_digest()` it will be secure against a type of attacks called "timing attacks".

### Timing Attacks { #timing-attacks }

But what's a "timing attack"?

Let's imagine some attackers are trying to guess the username and password.

    protected void setUp() throws Exception {
        super.setUp();

        server = new TestApiExtractorServer(port);
        server.start();

        extractor = new ApiExtractor();
        extractor.setUrl("http://127.0.0.1:" + port + "/");
        extractor.init();
    }

    @Override
    protected void tearDown() throws Exception {
        server.stop();
        extractor.destroy();

        super.tearDown();

     * @return the URL
     */
    public String getUrl() {
        return url;
    }

    /**
     * Sets the URL for this request.
     * @param url the URL
     */
    public void setUrl(final String url) {
        this.url = url;
    }

    /**
     * Gets the weight/priority of this request.
     * @return the weight
     */
    public float getWeight() {
        return weight;

        this.requestedAt = value;
    }

    public String getUrl() {
        checkSpecifiedProperty("url");
        return convertEmptyToNull(url);
    }

    public void setUrl(String value) {
        registerModifiedProperty("url");
        this.url = value;
    }

    public String getUserSessionId() {
        checkSpecifiedProperty("userSessionId");

* **`300 - 399`** son para "Redirección". Los responses con estos códigos de estado pueden o no tener un body, excepto `304`, "Not Modified", que no debe tener uno.
* **`400 - 499`** son para responses de "Error del Cliente". Este es el segundo tipo que probablemente más usarías.
    * Un ejemplo es `404`, para un response "Not Found".
    * Para errores genéricos del cliente, puedes usar simplemente `400`.

 * [CWAC-NetSecurity](https://github.com/commonsguy/cwac-netsecurity): Simplifying Secure Internet Access.
 * [Failsafe](https://failsafe.dev/okhttp/): Fault tolerance and resilience patterns.
 * [Flipper](https://fbflipper.com/): A desktop debugging platform for mobile developers.

		// Init and run test on ErasureSD backend with signature v4.
		{serverType: "ErasureSD", signer: signerV4},
		// Init and run test on ErasureSD backend, with tls enabled.
		{serverType: "ErasureSD", signer: signerV4, secure: true},
		// Init and run test on Erasure backend.
		{serverType: "Erasure", signer: signerV4},
		// Init and run test on ErasureSet backend.
		{serverType: "ErasureSet", signer: signerV4},
	}

	}

	stsEndpointURL, err := url.Parse(stsEndpoint)
	if err != nil {
		log.Fatalf("Error parsing sts endpoint: %v", err)
	}

	opts := &minio.Options{
		Creds:  li,
		Secure: stsEndpointURL.Scheme == "https",
	}

	v, err := li.Get()
	if err != nil {
		log.Fatalf("Error retrieving STS credentials: %v", err)
	}

	if displayCreds {

	u, err := url.Parse(conf.Endpoint)
	if err != nil {
		return nil, err
	}

	creds := credentials.NewStaticV4(conf.AccessKey, conf.SecretKey, "")
	opts := &minio.Options{
		Creds:           creds,
		Secure:          u.Scheme == "https",
		Transport:       globalRemoteTargetTransport,
		TrailingHeaders: true,
	}
	client, err := minio.New(u.Host, opts)
	if err != nil {
		return nil, err
	}