# Using TensorFlow Securely

This document discusses the TensorFlow security model. It describes the security
risks to consider when using models, checkpoints or input data for training or
serving. We also provide guidelines on what constitutes a vulnerability in
TensorFlow and how to report them.

This document applies to other repositories in the TensorFlow organization,
covering security practices for the entirety of the TensorFlow ecosystem.

# Security Policy

Security is very important for FastAPI and its community. 🔒

Learn more about it below. 👇

## Versions

The latest version of FastAPI is supported.

You are encouraged to [write tests](https://fastapi.tiangolo.com/tutorial/testing/) for your application and update your FastAPI version frequently after ensuring that your tests are passing. This way you will benefit from the latest features, bug fixes, and **security fixes**.

            // When
            ACE[] security1 = mockResource.getSecurity();
            ACE[] security2 = mockResource.getSecurity(true);
            ACE[] shareSecurity = mockResource.getShareSecurity(false);

            // Then
            assertNotNull(security1, "Security ACEs should not be null");
            assertNotNull(security2, "Security ACEs with resolve should not be null");

///

{* ../../docs_src/security/tutorial005_an_py310.py hl[155] *}

## Scopes in *Pfadoperationen* und Abhängigkeiten deklarieren

Jetzt deklarieren wir, dass die *Pfadoperation* für `/users/me/items/` den Scope `items` erfordert.

Dazu importieren und verwenden wir `Security` von `fastapi`.

        'interceptors.md': 'features/interceptors.md'
        'r8_proguard.md': 'features/r8_proguard.md'
        # Redirect all Security pages to security/*
        'security.md': 'security/security.md'
        'security_providers.md': 'security/security_providers.md'
        'tls_configuration_history.md': 'security/tls_configuration_history.md'
        # Redirect all changelog pages to changelog/*
        'changelog.md': 'changelogs/changelog.md'

All the security utilities that integrate with OpenAPI (and the automatic API docs) inherit from `SecurityBase`, that's how **FastAPI** can know how to integrate them in OpenAPI.

///

# Security { #security }

There are many ways to handle security, authentication and authorization.

And it normally is a complex and "difficult" topic.

In many frameworks and systems just handling security and authentication takes a big amount of effort and code (in many cases it can be 50% or more of all the code written).

import jcifs.Decodable;

/**
 * Interface for Windows Data Type (DTYP) security information structures.
 * Defines constants and functionality for security information types used in
 * SMB security descriptor operations and access control management.
 *
 * @author mbechler
 */
public interface SecurityInfo extends Decodable {

    /**
     * Flag indicating that owner security information is requested or being set.
     */

///

{* ../../docs_src/security/tutorial005.py hl[156] *}

## 📣 ↔ *➡ 🛠️* & 🔗

🔜 👥 📣 👈 *➡ 🛠️* `/users/me/items/` 🚚 ↔ `items`.

👉, 👥 🗄 & ⚙️ `Security` ⚪️➡️ `fastapi`.

👆 💪 ⚙️ `Security` 📣 🔗 (💖 `Depends`), ✋️ `Security` 📨 🔢 `scopes` ⏮️ 📇 ↔ (🎻).

👉 💼, 👥 🚶‍♀️ 🔗 🔢 `get_current_active_user` `Security` (🎏 🌌 👥 🔜 ⏮️ `Depends`).

import java.io.IOException
import java.security.KeyStore
import java.security.SecureRandom
import java.security.Security
import javax.net.ssl.KeyManagerFactory
import javax.net.ssl.KeyStoreBuilderParameters
import javax.net.ssl.SSLContext
import javax.net.ssl.X509ExtendedKeyManager
import javax.security.auth.callback.Callback
import javax.security.auth.callback.CallbackHandler
import javax.security.auth.callback.PasswordCallback