Pero haciendo eso, en algunos minutos u horas, los atacantes habrían adivinado el nombre de usuario y la contraseña correctos, con la "ayuda" de nuestra aplicación, solo usando el tiempo tomado para responder.

#### Arréglalo con `secrets.compare_digest()`

        helper.init();

        assertNotNull(helper.userInfoCache);
        assertNotNull(helper.searchLogLogger);
    }

    public void test_setUserCheckInterval() {
        long interval = 5 * 60 * 1000L; // 5 minutes
        searchLogHelper.setUserCheckInterval(interval);
        assertEquals(interval, searchLogHelper.userCheckInterval);
    }

    public void test_setUserInfoCacheSize() {
        int cacheSize = 5000;

     * The cache is configured with a maximum size of 100 entries and expires after 10 minutes.
     */
    @PostConstruct
    public void init() {
        if (logger.isDebugEnabled()) {
            logger.debug("Initialize {}", this.getClass().getSimpleName());
        }
        crawlingConfigCache = CacheBuilder.newBuilder().maximumSize(100).expireAfterWrite(10, TimeUnit.MINUTES).build();
    }

    /**

                .maximumSize(fessConfig.getSuggestPopularWordCacheSizeAsInteger().longValue())
                .expireAfterWrite(fessConfig.getSuggestPopularWordCacheExpireAsInteger().longValue(), TimeUnit.MINUTES)
                .build();
    }

    /**
     * Retrieves a list of popular words based on the specified search parameters.
     * Uses caching to improve performance for repeated requests.
     *

    // Connection pool configuration
    private static final int DEFAULT_MAX_POOL_SIZE = 100;
    private static final int DEFAULT_MAX_IDLE_TIME = 300000; // 5 minutes in ms
    private static final int DEFAULT_HEALTH_CHECK_INTERVAL = 60000; // 1 minute in ms
    private static final int DEFAULT_PROACTIVE_CHECK_INTERVAL = 30000; // 30 seconds in ms
    private int maxPoolSize = DEFAULT_MAX_POOL_SIZE;

### Just Modern Python { #just-modern-python }

It's all based on standard **Python type** declarations (thanks to Pydantic). No new syntax to learn. Just standard modern Python.

If you need a 2 minute refresher of how to use Python types (even if you don't use FastAPI), check the short tutorial: [Python Types](python-types.md){.internal-link target=_blank}.

You write standard Python with types:

```Python

Claro, os invasores não tentariam tudo isso de forma manual, eles escreveriam um programa para fazer isso, possivelmente com milhares ou milhões de testes por segundo. E obteriam apenas uma letra a mais por vez.

Mas fazendo isso, em alguns minutos ou horas os invasores teriam adivinhado o usuário e senha corretos, com a "ajuda" da nossa aplicação, apenas usando o tempo levado para responder.

#### Corrija com o `secrets.compare_digest()`

        if (configMockedStatic != null)
            configMockedStatic.close();
    }

    @Test
    void testCacheEntry() {
        // Test with a specific TTL
        long ttl = 600; // 10 minutes
        Dfs.CacheEntry cacheEntry = new Dfs.CacheEntry(ttl);
        long expectedExpiration = System.currentTimeMillis() + ttl * 1000L;

Of course, the attackers would not try all this by hand, they would write a program to do it, possibly with thousands or millions of tests per second. And they would get just one extra correct letter at a time.

But doing that, in some minutes or hours the attackers would have guessed the correct username and password, with the "help" of our application, just using the time taken to answer.

#### Fix it with `secrets.compare_digest()` { #fix-it-with-secrets-compare-digest }

        testBoundaryValue(1L);
        testBoundaryValue(-1L);

        // Test one second boundaries
        testBoundaryValue(1000L);
        testBoundaryValue(-1000L);

        // Test one minute boundaries
        testBoundaryValue(60000L);
        testBoundaryValue(-60000L);

        // Test one hour boundaries
        testBoundaryValue(3600000L);
        testBoundaryValue(-3600000L);