### Is concurrency better than parallelism? { #is-concurrency-better-than-parallelism }

Nope! That's not the moral of the story.

Concurrency is different than parallelism. And it is better on **specific** scenarios that involve a lot of waiting. Because of that, it generally is a lot better than parallelism for web application development. But not for everything.

Weitere Informationen hierzu finden Sie im [Handbuch für fortgeschrittene Benutzer](../advanced/index.md).

## Einzelheiten { #details }

	}

	token := jwt.NewWithClaims(jwt.SigningMethodHS512, claims)
	ss, err := token.SignedString([]byte(c.password))
	if err != nil {
		return err
	}

	r.Header.Set("Authorization", "Bearer "+ss)
	return nil
}

func (c *OperatorDNS) endpoint(bucket string, del bool) (string, error) {
	u, err := url.Parse(c.Endpoint)
	if err != nil {
		return "", err
	}
	q := u.Query()
	q.Add("bucket", bucket)

# OAuth2 з паролем (і хешуванням), Bearer з токенами JWT { #oauth2-with-password-and-hashing-bearer-with-jwt-tokens }

Тепер, коли ми маємо весь потік безпеки, зробімо застосунок справді захищеним, використовуючи токени <abbr title="JSON Web Tokens - Токени JSON Web">JWT</abbr> і безпечне хешування паролів.

Цей код ви можете реально використовувати у своєму застосунку, зберігати хеші паролів у своїй базі даних тощо.

    linkedHashMultiset = LinkedHashMultiset.create(size);
    treeMultiset = TreeMultiset.create();

    Random random = new Random();

    int sizeRemaining = size;

    // TODO(kevinb): generate better test contents for multisets
    while (sizeRemaining > 0) {
      // The JVM will return interned values for small ints.
      Integer value = random.nextInt(1000) + 128;

		dialer.WriteBufferSize = writeBufferSize
		dialer.Timeout = defaultDialTimeout
		if dial != nil {
			dialer.NetDial = dial
		}
		header := make(http.Header, 2)
		header.Set("Authorization", "Bearer "+auth())
		header.Set("X-Minio-Time", strconv.FormatInt(time.Now().UnixNano(), 10))

		if len(header) > 0 {
			dialer.Header = ws.HandshakeHeaderHTTP(header)
		}
		dialer.TLSConfig = tls

Pero eso solo permitirá ciertos tipos de comunicación, excluyendo todo lo que implique credenciales: Cookies, headers de autorización como los utilizados con Bearer Tokens, etc.

Así que, para que todo funcione correctamente, es mejor especificar explícitamente los orígenes permitidos.

## Usa `CORSMiddleware` { #use-corsmiddleware }

If you want to secure your API, there are several better things you can do, for example:

* Make sure you have well defined Pydantic models for your request bodies and responses.
* Configure any required permissions and roles using dependencies.

cd "$targ"
echo
echo "#### Cleaning $targ"
chmod -R +w .
rm -f .gitignore
if [ -e .git ]; then
	git clean -f -d
fi
echo
echo "#### Building $targ"
echo
cd src
./make.bash --no-banner $forceflag
gohostos="$(../bin/go env GOHOSTOS)"
gohostarch="$(../bin/go env GOHOSTARCH)"
goos="$(../bin/go env GOOS)"
goarch="$(../bin/go env GOARCH)"

# NOTE: Cannot invoke go command after this point.

        // Add multiple headers
        request.header("Accept", "application/json").header("Content-Type", "application/json").header("Authorization", "Bearer token123")
                .header("X-Custom-Header", "custom-value");

        assertNotNull(request);
    }

    @Test
    public void testGzipSetsCompressionToGzip() {