- **Crypto & Security** (`org.codelibs.core.crypto`, `org.codelibs.core.security`) - Basic cryptographic utilities, message digest operations, and secure random generation
- **XML Processing** (`org.codelibs.core.xml`) - XML DOM utilities, SAX parser helpers, and schema validation support

 * Peer certificate chain:
 *     sha256/afwiKY3RxoMmLkuRW1l7QsPZTJPwDS2pdDROQjXw8ig=: CN=publicobject.com, OU=PositiveSSL
 *     sha256/klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=: CN=COMODO RSA Secure Server CA
 *     sha256/grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=: CN=COMODO RSA Certification Authority
 *     sha256/lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU=: CN=AddTrust External CA Root

                    this.auth.getUsername(), this.workstation, this.ntlmsspFlags);
        }

        // Use secure password handling
        String passwordString = null;
        if (this.auth.isGuest()) {
            passwordString = this.transportContext.getConfig().getGuestPassword();
        } else {

            boolean result = response.verifySignature(buffer, 0, 100);

            assertTrue(result);
        }

        @Test
        @DisplayName("Should verify signature on error when secure negotiate required")
        void testVerifySignatureErrorWithSecureNegotiate() {
            byte[] buffer = new byte[100];
            response.setDigest(mockDigest);

	if f.remoteIP != "" {
		tr = forwardForTransport{tr: tr, fwd: f.remoteIP}
	}
	return minio.New(f.endpoint, &minio.Options{
		TrailingHeaders: true,
		Creds:           mcreds,
		Secure:          globalIsTLS,
		Transport:       tr,
	})
}

func (f *sftpDriver) AccessKey() string {
	return f.permissions.CriticalOptions["AccessKey"]
}

* The ability to use the insecure HTTP port of kube-controller-manager and cloud-controller-manager has been deprecated, and will be removed in a future release. Use `--secure-port` and `--bind-address` instead. ([#59582](https://github.com/kubernetes/kubernetes/pull/59582), [@sttts](https://github.com/sttts))

func NewRemoteTargetHTTPTransport(insecure bool) func() *http.Transport {
	return xhttp.ConnSettings{
		LookupHost:       globalDNSCache.LookupHost,
		RootCAs:          globalRootCAs,
		CipherSuites:     crypto.TLSCiphersBackwardCompatible(),
		CurvePreferences: crypto.TLSCurveIDs(),
		TCPOptions:       globalTCPOptions,
		EnableHTTP2:      false,
	}.NewRemoteTargetHTTPTransport(insecure)
}

-->

## Introduction {#intro}

Go's emphasis on backwards compatibility is one of its key strengths.
There are, however, times when we cannot maintain complete compatibility.
If code depends on buggy (including insecure) behavior,
then fixing the bug will break that code.
New features can also have similar impacts:
enabling the HTTP/2 use by the HTTP client broke programs
connecting to servers with buggy HTTP/2 implementations.

var (
	ErrFormat       = errors.New("zip: not a valid zip file")
	ErrAlgorithm    = errors.New("zip: unsupported compression algorithm")
	ErrChecksum     = errors.New("zip: checksum error")
	ErrInsecurePath = errors.New("zip: insecure file path")
)

// A Reader serves content from a ZIP archive.
type Reader struct {
	r             io.ReaderAt
	File          []*File
	Comment       string
	decompressors map[uint16]Decompressor

특히 사용자 모델의 경우에 그러한데, 왜냐하면:

* **입력 모델** 은 비밀번호를 가져야 합니다.
* **출력 모델** 은 비밀번호를 가지면 안됩니다.
* **데이터베이스 모델** 은 해시처리된 비밀번호를 가질 것입니다.

/// danger | 위험

절대 사용자의 비밀번호를 평문으로 저장하지 마세요. 항상 이후에 검증 가능한 "안전한 해시(secure hash)"로 저장하세요.

만약 이게 무엇인지 모르겠다면, [security chapters](security/simple-oauth2.md#password-hashing){.internal-link target=_blank}.에서 비밀번호 해시에 대해 배울 수 있습니다.

///

## 다중 모델