# 更多模型

书接上文，多个关联模型这种情况很常见。

特别是用户模型，因为：

* **输入模型**应该含密码
* **输出模型**不应含密码
* **数据库模型**需要加密的密码

/// danger | "危险"

千万不要存储用户的明文密码。始终存储可以进行验证的**安全哈希值**。

如果不了解这方面的知识，请参阅[安全性中的章节](security/simple-oauth2.md#password-hashing){.internal-link target=_blank}，了解什么是**密码哈希**。

///

## 多个模型

下面的代码展示了不同模型处理密码字段的方式，及使用位置的大致思路：

//// tab | Python 3.10+

```Python hl_lines="7  9  14  20  22  27-28  31-33  38-39"

			xhttp.AmzServerSideEncryptionCustomerKeyMD5:    []string{"7PpPLAK26ONlVUGOWlusfg=="},
			"X-Amz-Meta-Test-1":                            []string{"Test-1"},
		},
	},
	{ // https://github.com/google/security-research/security/advisories/GHSA-76wf-9vgp-pj7w
		Header: http.Header{
			"X-Amz-Meta-X-Amz-Unencrypted-Content-Md5":    []string{"value"},
			"X-Amz-Meta-X-Amz-Unencrypted-Content-Length": []string{"value"},

import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLClassLoader;
import java.security.Permission;
import java.security.PermissionCollection;
import java.util.jar.Attributes;
import java.util.jar.JarOutputStream;
import java.util.jar.Manifest;
import java.util.logging.Logger;
import java.util.zip.ZipEntry;

b64enc | quote }}{{ else }}{{ randAlphaNum 40 | b64enc | quote }}{{ end }} {{- end }} minio/templates/securitycontextconst.yaml {{- if and .Values.securityContext.enabled .Values.persistence.enabled (.Capabilities.APIVersions.Has "security.openshift.io/v1") }} apiVersion: security.openshift.io/v1 kind: SecurityContextConst metadata: name: {{ template "minio.fullname" . }} labels: app: {{ template "minio.name" . }} chart: {{ template "minio.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service...

This is the basic idea. But you will probably want to take care of some additional things, like:

* Security - HTTPS
* Running on startup
* Restarts
* Replication (the number of processes running)
* Memory
* Previous steps before starting

import java.net.Authenticator;
import java.net.HttpURLConnection;
import java.net.PasswordAuthentication;
import java.net.ProtocolException;
import java.net.URL;
import java.net.URLDecoder;

import java.security.Permission;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

import jcifs.smb1.Config;

import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLClassLoader;
import java.nio.file.Path;
import java.security.Permission;
import java.security.PermissionCollection;
import java.util.jar.Attributes;
import java.util.jar.JarOutputStream;
import java.util.jar.Manifest;
import java.util.logging.Logger;
import java.util.zip.ZipEntry;

Никогда не храните пароли пользователей в чистом виде. Всегда храните "безопасный хэш", который вы затем сможете проверить.

Если вам это не знакомо, вы можете узнать про "хэш пароля" в [главах о безопасности](security/simple-oauth2.md#password-hashing){.internal-link target=_blank}.

///

## Множественные модели

/// danger

Nunca armazene senhas em texto simples dos usuários. Sempre armazene uma "hash segura" que você pode verificar depois.

Se não souber, você aprenderá o que é uma "senha hash" nos [capítulos de segurança](security/simple-oauth2.md#password-hashing){.internal-link target=_blank}.

///

## Múltiplos modelos

Aqui está uma ideia geral de como os modelos poderiam parecer com seus campos de senha e os lugares onde são usados:

#       by Bash, Ksh, etc; in particular arrays are avoided.
#
#       The "traditional" practice of packing multiple parameters into a
#       space-separated string is a well documented source of bugs and security
#       problems, so this is (mostly) avoided, by progressively accumulating
#       options in "$@", and eventually passing that to Java.
#
#       Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,