* The **output model** should not have a password.
* The **database model** would probably need to have a hashed password.

/// danger

Never store user's plaintext passwords. Always store a "secure hash" that you can then verify.

If you don't know, you will learn what a "password hash" is in the [security chapters](security/simple-oauth2.md#password-hashing){.internal-link target=_blank}.

///

## Multiple models

package kms

import (
	"context"
	"crypto/aes"
	"crypto/cipher"
	"crypto/hmac"
	"encoding/base64"
	"encoding/json"
	"errors"
	"strconv"
	"strings"
	"sync/atomic"

	"github.com/secure-io/sio-go/sioutil"
	"golang.org/x/crypto/chacha20"
	"golang.org/x/crypto/chacha20poly1305"

	"github.com/minio/kms-go/kms"
	"github.com/minio/madmin-go/v3"
	"github.com/minio/minio/internal/hash/sha256"
)

    initialization order of companion objects.


## Version 4.7.1

_2020-05-18_

 *  Fix: Pass the right arguments in the trust manager created for `addInsecureHost()`. Without the
    fix insecure hosts crash with an `IllegalArgumentException` on Android.


## Version 4.7.0

_2020-05-17_

 *  New: `HandshakeCertificates.Builder.addInsecureHost()` makes it easy to turn off security in

var (
	ErrFormat       = errors.New("zip: not a valid zip file")
	ErrAlgorithm    = errors.New("zip: unsupported compression algorithm")
	ErrChecksum     = errors.New("zip: checksum error")
	ErrInsecurePath = errors.New("zip: insecure file path")
)

// A Reader serves content from a ZIP archive.
type Reader struct {
	r             io.ReaderAt
	File          []*File
	Comment       string
	decompressors map[uint16]Decompressor

 * host platform (like Android). In July 2018 Android had 134 trusted root certificates for its HTTP
 * clients to trust.
 *
 * For example, in order to establish a secure connection to `https://www.squareup.com/`,
 * these three certificates are used.
 *
 * ```
 * www.squareup.com certificate:
 *
 * Common Name: www.squareup.com

  brought by any other entity based on infringement of intellectual
  property rights or otherwise. As a condition to exercising the
  rights and licenses granted hereunder, each Recipient hereby
  assumes sole responsibility to secure any other intellectual
  property rights needed, if any. For example, if a third party
  patent license is required to allow Recipient to Distribute the
  Program, it is Recipient's responsibility to acquire that license

 * Peer certificate chain:
 *     sha256/afwiKY3RxoMmLkuRW1l7QsPZTJPwDS2pdDROQjXw8ig=: CN=publicobject.com, OU=PositiveSSL
 *     sha256/klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=: CN=COMODO RSA Secure Server CA
 *     sha256/grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=: CN=COMODO RSA Certification Authority
 *     sha256/lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU=: CN=AddTrust External CA Root

    val hostOnly: Boolean = cookie.hostOnly
    val domain: String = cookie.domain
    val path: String = cookie.path
    val httpOnly: Boolean = cookie.httpOnly
    val secure: Boolean = cookie.secure
    val matches: Boolean = cookie.matches("".toHttpUrl())
    val parsedCookie: Cookie? = Cookie.parse("".toHttpUrl(), "")
    val cookies: List<Cookie> = Cookie.parseAll("".toHttpUrl(), headersOf())
  }

func NewRemoteTargetHTTPTransport(insecure bool) func() *http.Transport {
	return xhttp.ConnSettings{
		LookupHost:       globalDNSCache.LookupHost,
		RootCAs:          globalRootCAs,
		CipherSuites:     fips.TLSCiphersBackwardCompatible(),
		CurvePreferences: fips.TLSCurveIDs(),
		TCPOptions:       globalTCPOptions,
		EnableHTTP2:      false,
	}.NewRemoteTargetHTTPTransport(insecure)
}

<a href="https://cryptapi.io/" target="_blank" title="CryptAPI: Your easy to use, secure and privacy oriented payment gateway."><img src="https://fastapi.tiangolo.com/img/sponsors/cryptapi.svg"></a>
<a href="https://platform.sh/try-it-now/?utm_source=fastapi-signup&utm_medium=banner&utm_campaign=FastAPI-signup-June-2023" target="_blank" title="Build, run and scale your apps on a modern, reliable, and secure PaaS."><img src="https://fastapi.tiangolo.com/img/sponsors/platform-sh.png"></a>