lkTimer := time.NewTimer(lockMaintenanceInterval)
	// Stop the timer upon returning.
	defer lkTimer.Stop()

	for {
		// Verifies every minute for locks held more than 2 minutes.
		select {
		case <-ctx.Done():
			return
		case <-lkTimer.C:
			globalLockServer.expireOldLocks(lockValidityDuration)

			// Reset the timer for next cycle.
			lkTimer.Reset(lockMaintenanceInterval)

Of course, the attackers would not try all this by hand, they would write a program to do it, possibly with thousands or millions of tests per second. And they would get just one extra correct letter at a time.

But doing that, in some minutes or hours the attackers would have guessed the correct username and password, with the "help" of our application, just using the time taken to answer.

#### Fix it with `secrets.compare_digest()` { #fix-it-with-secrets-compare-digest }

                return System.currentTimeMillis();
            }
        };
        roleQueryHelper.maxAge = 60; // 1 minute

        Set<String> roleSet = new HashSet<>();
        // Create timestamp that's 2 minutes old
        long expiredTimestamp = System.currentTimeMillis() / 1000 - 120;
        String value = expiredTimestamp + "\nrole1,role2";

        roleQueryHelper.parseRoleSet(value, false, roleSet);

## Configuring OpenID Identity Provider on MinIO

The returned credentials expiry after a certain period of time that can be configured via `&DurationSeconds=3600`. By default, the STS credentials are valid for 1 hour. The minimum expiration allowed is 15 minutes.

    Cache<Integer, Integer> cache =
        CacheBuilder.newBuilder()
            .expireAfterAccess(1, MINUTES)
            .removalListener(listener)
            .ticker(ticker)
            .build();
    cache.put(1, 1);
    ticker.advance(10, MINUTES);
    cache.invalidateAll();

    assertThat(listener.poll().getCause()).isEqualTo(RemovalCause.EXPIRED);
  }

    private volatile boolean shutdownInProgress = false;

    // Configuration
    private long maxResourceAge = TimeUnit.HOURS.toMillis(1); // 1 hour default
    private long cleanupInterval = TimeUnit.MINUTES.toMillis(5); // 5 minutes default
    private boolean leakDetectionEnabled = true;
    private boolean autoCleanupEnabled = true;

    /**
     * Resource holder that tracks resource lifecycle
     */

	// 	if trhttp2 != nil {
	// 		// ReadIdleTimeout is the timeout after which a health check using ping
	// 		// frame will be carried out if no frame is received on the
	// 		// connection. 5 minutes is sufficient time for any idle connection.
	// 		trhttp2.ReadIdleTimeout = 5 * time.Minute
	// 		// PingTimeout is the timeout after which the connection will be closed
	// 		// if a response to Ping is not received.

    // Connection pool configuration
    private static final int DEFAULT_MAX_POOL_SIZE = 100;
    private static final int DEFAULT_MAX_IDLE_TIME = 300000; // 5 minutes in ms
    private static final int DEFAULT_HEALTH_CHECK_INTERVAL = 60000; // 1 minute in ms
    private static final int DEFAULT_PROACTIVE_CHECK_INTERVAL = 30000; // 30 seconds in ms

- Temporary credentials are short-term, as the name implies. They can be configured to last for anywhere from a few minutes to several hours. After the credentials expire, MinIO no longer recognizes them or allows any kind of access from API requests made with them.