}

    /**
     * Determines whether the user identification cookie should be marked as secure.
     * Checks the configured secure setting or examines request headers to detect HTTPS.
     *
     * @return true if the cookie should be secure, false otherwise
     */
    protected boolean isSecureCookie() {
        if (cookieSecure != null) {
            return cookieSecure;

    /**
     * Checks if a property value should be masked for security reasons.
     *
     * @param key the property key to check
     * @return true if the value should be masked, false otherwise
     */
    protected static boolean isMaskedValue(final String key) {
        return "http.proxy.password".equals(key) //
                || "ldap.admin.security.credentials".equals(key) //

 *
 * <p>This package contains interfaces and classes for the password encryption tool,
 * which helps secure sensitive information in Maven settings and configuration files.</p>
 *
 * <p>Key features include:</p>
 * <ul>
 *   <li>Password encryption and decryption</li>
 *   <li>Master password management</li>
 *   <li>Security settings configuration</li>
 * </ul>
 *
 * @see org.apache.maven.api.cli.Tools#MVNENC_CMD

 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
package jcifs.smb;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;

import org.slf4j.Logger;

        response.connection
          .socket()
          .javaClass.name,
      ).isEqualTo(
        "sun.security.ssl.SSLSocketImpl",
      )
    }
  }

  @Test
  fun testSupportedProtocols() {
    val factory = SSLSocketFactory.getDefault()
    assertThat(factory.javaClass.name).isEqualTo("sun.security.ssl.SSLSocketFactoryImpl")
    val s = factory.createSocket() as SSLSocket

    when {

## About security, APIs, and docs { #about-security-apis-and-docs }

Hiding your documentation user interfaces in production *shouldn't* be the way to protect your API.

That doesn't add any extra security to your API, the *path operations* will still be available where they are.

If there's a security flaw in your code, it will still exist.

You can use this template to get started, as it includes a lot of the initial set up, security, database and some API endpoints already done for you.

GitHub Repository: <a href="https://github.com/tiangolo/full-stack-fastapi-template" class="external-link" target="_blank">Full Stack FastAPI Template</a>

import java.math.BigInteger
import java.net.InetAddress
import java.security.GeneralSecurityException
import java.security.KeyFactory
import java.security.KeyPair
import java.security.KeyPairGenerator
import java.security.PrivateKey
import java.security.PublicKey
import java.security.SecureRandom
import java.security.Signature
import java.security.cert.X509Certificate
import java.security.interfaces.ECPublicKey

* The **database model** would probably need to have a hashed password.

/// danger

Never store user's plaintext passwords. Always store a "secure hash" that you can then verify.

If you don't know, you will learn what a "password hash" is in the [security chapters](security/simple-oauth2.md#password-hashing){.internal-link target=_blank}.

///

## Multiple models { #multiple-models }

* Import `HTTPBasic` and `HTTPBasicCredentials`.
* Create a "`security` scheme" using `HTTPBasic`.
* Use that `security` with a dependency in your *path operation*.
* It returns an object of type `HTTPBasicCredentials`:
    * It contains the `username` and `password` sent.

{* ../../docs_src/security/tutorial006_an_py39.py hl[4,8,12] *}