Practical Django Secuirty

0 0

thank you very much thanks for coming in did this for about three hours and I realize that approach to how we're going to go through security Genesis I used to be employed by a company called mass I know how many of you a favor man asano how many have done the crypto challenges okay good so at least some people application penetration testing for about two years moved over to Genesis to do it more - own security in-house and I like to stay employed so I'd like to mention that the contents of these slides are my own now when it comes to speaking about security it gets really tough yeah everyone you always talk about security they drag you into a big conference room and these large corporations if you worked in one of those or in a small place and you hear about it you read about it in hacker news and I've read it about different acts and it's really it's it's a hard problem it still exists and for that is that the ecosystem is only secure as its lowest common denominator take Google for example in one cross site scripting bug within one Google app affects every single Google app because they implicitly trust each other now that's really tough because this surfaces gets really really big also security is constantly changing what was good yesterday is not good today and as a caveat these slides work for today it'll probably work a little bit more but you should take these these points down research them further because they may change so let's look at what we can do to change that now if you want to break down security vulnerabilities into two categories that can be broken down rather simply there's either a rack designed and properly coded security controls and these will cause you to be vulnerable to attacks like denial of service and where you don't have great limiting authentication bypass because your authentication mechanism isn't secure or susceptible to bypass and then the worst and most common is improperly implemented cryptographic primitives which data looks encrypted but can easily be decrypted or can be modified and then there is mixing it up with code and these largely run around with the remote code execution vulnerabilities now while there are obviously their applications that have remote code execution interfaces built into them stuff makes sequel injection and cross-site scripting in there an attacker can make their data execute as code on your server within the context of cross-site scripting within the clients browser code being mixed up different way so as to prevent the attacks that's me let's look to build our software be more robust let's not look how we're being attacked to build better software now every language every program has side effects but there are side effects that we can prevent and I feel that one of the first things in making the more secure program is building software that is incredibly assertive you must to the to the best of your ability assert as much as possible what the user is giving you is what you intend it to be not what you think it's going to be what you intended and that's very and the Python Zen has has this where it says think explicit is better than implicit they are just taking input from the user assert it make sure it's exactly what you want now let's look at the easy one which is mixing code and data and when we talk about mitigating cross-site scripting and sequel injection we talked about statements like output encoding or prepared statements or parameterize queries and these these statements sound very nice and you know when you get hit by cross-site scripting mode they tell you oh you have to memorize queries prepared statements but these are stopgap measures what's the what these things actually are so for example it's a sequel injection now well let's say it's supposed to be a number let's see it supposed to be text right now it should only be text and it should only be considered text by our sequel server so if we explicitly put it into that category at that point we've mitigated it and that's what prepared statements are prepared statements privatized queries they're called both things that's why I kept on using both of them because everyone like different in each ecosystem they have another way of saying prepared statements or privatized queries that explicitly tell the sequel parser this is data do not execute this insert this when you need the data required in this location and explicitly mark that as data when it comes to output encoding when reflecting user data on the page at that point you have the ability to marking that user data you're looking at user text or C's or bytes as data no parts you're telling the JavaScript engine within your browser not to execute that now this should be general and this is one that I follow and find out where it's going to be used and whatever you do will not get hurt if you mark it as data like mapping it as code is a risky option try not to go in the risky side now let's look at the security controls so this is where it gets really tough because security controls you have to understand attack surfaces you have to understand threat modeling you have to be able to build your security controls in a robust way and that's tough because the current security controls that we only use everyday have been a creative set of knowledge or research around the security controls and we've only gotten to this point because of all the attacks that they've been hit by we only have security controls because we need them we don't have them because there was an initial thought security is always an afterthought it's only after an attacker comes and if a bank didn't need a vault they would not invest money ins in in a vault but they need one and then as people as banks have been broken into certain default technology has evolved so what's really important to note is if you're going to ever build security controls if you're going to ever implement them or Depot or use them use popular ones now what I mean by popular is use ones that industry leaders use you can find strength in numbers I do not use one that one or two people use there are many times I will go online on github and see a new model that's great that's awesome functionality and contains an authentication bypass or contains a security bug that you've now opened that a unsuspecting users actually going to just jump straight into and the way these these holes are mitigated the way that these holes are patched up people using them or people reviewing the code and security control now Jamiel helps us with authentication it doesn't help us very much with authorization so a lot of us find ourselves writing authorization code it's really important that when you build this this code these authorization views or offset authorization decorators that you build them you write them in one you put them in one place they should not be scattered amongst your application it's you can take the Pythons and read it ten times before writing any security control finally having them broken up into many different locations can lead to a vulnerability especially when you intend to update a specific attack and now you have to do it in every single location now again as mentioned previously with our data and code example it's really important to be explicit but conservative all explain why a little bit later now this you find yourself in the case where you have to actually build what's a login assistant at that point you need to literally go by the book you need to get a web application security book but good one and recommendations later on and you need to go down the list of all the attacks and find out how they're mitigated you need a look at current so it's current secure or at least secure as of today or now or at least we hope so logging systems and design years to be very similar if not the same you must understand the attacks and whatever you do not write your own crypto routines alright I I have so much pain on the internet when I see large people or large organizations in you get how blinking to very insecure crypto routines now it's also important to note that you have to understand what you're doing so you have to be very conservative in using cryptographic hash functions and we'll get to this a little bit later but what's the most most of all what's really important is gender provides very good and very powerful security routines it's important they can use them because this is what the strength of numbers jail is popular we're all here we all represent that community there are many of us many in that community that are not here today in this hotel so if Django implements it you should be implementing it now let's look at some security controls that jangle provides right if you need a cryptographically sign something use Django designer that Django comes with junior idol escapes most unless you market a safe jingle Auto escape user data it will explicitly mark it as safe after Auto escaping it but not escape only works for HTML markup if you find yourself needing to lead and to render javascript code use your JavaScript with JSON code now when it comes also to validating the URL structure the regular expressions provide a very very secure implementation of ensuring that the least you should be using it to provide it to provide a stopgap measure that people that shouldn't be hitting certain end points with certain data should shouldn't be there however it's not perfect now as an example default hashes pbkdf2 password-based key derivation function to makes it easier to remember the long list a set of characters when you know what it stands for but it's set at 10,000 if you should upgrade that to 100,000 and that's as of today warning to all future viewers watching the video or considering this you may need to increase that at a later point now if you want if it snows down your system right now 2.78 the latest latest version of Python 2.7 it has back ported for Python 3 the C the C hash function and you really don't have worry about it another issue that we have is that object permissions aren't present within the framework and therefore most developers don't think about them and it's really important to remember that you have to be assertive which user owns which object and on top of that the C surf implementation infringe angle implicitly trusts the framework I've got some work that I'm working on that all implicitly trust the cookie I'm sorry and it bases all the C surf mitigation on the cookie if you can if you have access to writing a cookie for that domain you have effectively broken C surf now that is hard but it's possible and I'm working on some some enhancements to the sea surface plantation to mitigate that issue but let's talk let's let's jump back a little bit to building our security controls mention that they should be in one location and we should not repeat ourselves and all the logic should be very straightforward this means that when you're using the login acquired decorator it does not belong in your have used up high it belongs in your URL stop by how many people have a fuse that Peyer that's bigger than a thousand lines there we go all right how hard is it to to realize that you missed one and works quite well now I'm not gonna get into the beta function function base to use versus class-based fuse personally I use class and you'll see why I like them more later on but whatever works for you you know it's a free framework now some classmates for use to actually get the ability to create mix sense by overriding the dispatch method and we have an example of that here took a screenshot for my computer and you have a base view mixin that is a logging acquired plus it's going to acquire that specific object is well of a is owned by that user and as you see in let's say line five for example we obtain the target user based on the object we check that in line 9 y 9 is going to make use of the request dot user interface now this is obviously assuming that within your application you request that you're not saving objects as anonymous users and therefore in line 9 you're checking if the user is authenticated but then you're also checking in line 9 if that user owns that object and this is one of the reasons I like class-based views it allows very easy mix-ins and then you can use these mix-ins to create views like authenticated tape template view which is just have this as a mixin on the leftmost side and then that django offers and it also allows you to put all your authentication and authorization code in one easy to find place now that's views let's talk about forms now just general forms are fairly secure they're both fairly well the thing that scares me the most is model forms now how many of you have wheels experience all right how many of you know what mass assignment is ok that's good just about the same amount of people that have rails experience that's really good so this is something we don't have in Django or at least we shouldn't but mass assignment is a bug where fields within your model are accidentally exposed to the internet allowing anyone to put any information they want in those fields now I've I've written the the Django documentation taught me to always make use of fields and I very much trust it I don't use exclude when you use fields your white listing you're saying the only want these fields we only want to deal with these with the only one to populate these fields in our model and I think this isn't a very good example of a properly implemented control it makes it hard for the or to shoot themselves in the foot and at the same time it's also very powerful now we've knocked off quite a few things in our list let's look about being let's talk about being conservative so Caesar is one of the things that or is it is a popular hole that's been exploited and it's pretty scary and one of the problems that that I feel that Django has especially with function based views is their lack of explicit HTTP verb handling now I have the ability to respond to Botha get in a post but if I don't I don't have any of those methods it'll get a method not a return method not allowed well as a function based view we'll all use return based on that method there are see search holes that I've found that exists because functions were expecting a post but when you gave them the get they pulled the each the variables out of request on data and you see sir middleware in Django saw get you said we don't have to check for C surf here and within the function Basin is to use a decorator called allowed methods but I'm not that much I'm not such a fan of decorators I find sometimes they're left out and when it comes to writing your own it can get a little bit hairy but that's just my own personal feeling and you know don't take it judge it on a case-by-case basis but I like to be very conservative at least when when it comes to my own personal development so I shy away from writing decorators I'm using classes and I'm being conservative and explicit about what my view is supposed to handle okay now that we know what being explicit is about let's talk about crypto now I was the original section the original slides here were examples of how to do crypto properly and I wrote an example of the cryptographic implementation on my blog in nodejs and then someone asked a bunch of questions about it and started moving things around and then I pulled my slides out of this talk and I want to and I want to shut down that page or at least remove it cripple is really hard right even cryptographers have problems with it within simple humans like us it is really important to note that if you don't implement crypto properly your users can be negatively affected and therefore you have to be very conservative with what you do using these are and I'm only giving cues are as a recommendation use keys are when it comes to crypto you use keys are don't implement it yourself please and please don't play with keys are you modifying keys are modifying the behavior keys are vulnerabilities now I have a friend named Yan Yan and I used to work together at Madison Oh an application in Django and I proposed an idea to use a cryptographic hash to identify a user and y'all let me know about Yuans rule the rule is simple only use a cryptographic hash when you need to now can anyone give me examples of what a a use case for a cryptographic hash that you absolutely storing passwords incorrect because these days cryptographic hashes well they used to be good for restoring hash for storing passwords because they're supposedly one-way functions or they're great compression mechanisms cryptographic hashes can be calculated very fast passwords you don't want to be able to brute force so these days we use algorithms that are tunable that someone mentioned Bitcoin or cryptographic currency again the amount of processing power that the Bitcoin network has practically invalidates anyone that uses any of the shocked family or even I'm not even talk about md5 but the the SHA family of hashes to hash use their passwords the amount of hashes they are able to generate a second is mind boggling so they're two examples of Young's hash rule in there you don't use a hash unless you absolutely need to for one use case I know is if you want to ensure the consistency of a of a specific file and for example git uses hashes to track files many open source programs use hashes so people should know if they're if the file has been modified or not but then again we need hashes we need at least unique identifiers that we need to tie back to users so for that we have Hugh I do for you I before needs 16 bytes out of the cryptographic random source of the operating system what Lisa is supposed to if you don't have access to it it will just these pythons random so you have to ensure that you actually have access to it but that's when you need a new ID when you need a regular just set of bytes that are completely random just read out of you random the example of code right there that number is completely unique at least I hope it is now you need something that you leave is something to be signed use Django signer if you're stuck you're gonna have to use the pythons H Mac implementation but then again once you get to the H Mac implementation which by the way needs a hash that's another example of a of a primitive that needs a cryptographic hash algorithm nailed with a timing attack a side-channel timing attack so really just stay on the safe side use the Django primitives now I deliberately shortened this talk a little bit that we got almost what 15 minutes so there can be a lot of questions but let's I learned off of a little bit of an appeal all right security is a great industry it's really good it's made me a better engineer and I hope as if you guys do research can do research into security then you will become better engineers it's important to note the limitations the lowest common denominator will never disappear from security just like the chain is only secures its weakest link but it's really important to do research look things up and when building new parts of your application try to understand the attack surface what should happen look at what may happen and then once you start with me don't you look at what may happen you realize it's a little bit tedious because so many things may happen so let's just be assertive and ensure as much as we can what should happen now I'd like to make an appeal to your community there is a lot of knowledge that we have with in Genoa about security there's a checklist that we should be building to help our fellow developers build and write more secure code I know as a developer and as a security person one of the biggest fears we all have is that innocent people people in general will get hurt because of our code we don't intend that to happen and unfortunately there are parasites in the world and unfortunately sometimes they're able to take advantage of our code so we should create a very basic checklist of every part of the framework of when you're writing when you're using this part of the framework what do you have to be worried about and it should be really easy to use and just appeal to the community to help and if you'd like some reading material at - Anna we always recommend the why we call it is a web application hacker's handbook - the second edition the first one is good but the second ditions better the tangled web the art of a software security assessment and Microsoft also has a great book called writing secure code and Microsoft's got some good books out there and all these books will give you the mindset the proper mindset to building a more secure code now that's good oh nice got time for questions sure I'm gonna put these slides on my website so but yes the question part thank you so much lady I think it looks like you've left a hole 19 minutes for questions if my arithmetic serves so please obviously an exciting opportunity to engage security matters looks like we already have our first question ready let's have a question about salmon you mentioned taking advantage of safety in numbers do you believe there's any sort of diminishing returns there in as much as while you may get the benefit as a developer of the collective knowledge of of the community so that they can secure help you secure against attacks does that not also though open up doors for when there is a security exploit that the payload is larger right if every Django project is using the same code to secure themselves once an exploits discovered you have a huge swath of projects that you can exploit so it does think about it no simple forms heartbleed affected billions that's exactly right and open SSL is a very popular library but at the same time it's better than the alternative this is partly secured you got to kind of pick your battles it is better than the alternative writing your own is not gonna get it will not be more secure there are very few people in the world are able to put out solid cryptographic libraries and for them to be initially secure by default and I don't know them there are people that do but no one trusts them and things that are built by the community got a large set of eyes on them yes while you if there is an exploit many people will be affected but at the same time every time that there is a hole in them you know that there's so much security review that has been done that they found a slight chink in the armor and everyone knows about it so everyone it's about patching it right away it's not that everyone ignores it or it's known only to a few people and then you don't know the Patchett and then you get hit by it six months later thanks no dupe should I repeat the questions or they got they have them good on the video okay I have a more specific question I'm sure other people have run into this too so what's the best way to encrypt a field in a django model so so say I want to I have a you know user and I want to encrypt their first and last name it doesn't there doesn't seem to be a very clear way to do this is there anything you would recommend besides the instinct of just hashing that value well actually it won't help you because the hash is supposed to be a one-way function you're not supposed to be able to pull data out of it using keys are to encrypt it is really helpful you can encrypt it and then pull it back and every time you pull it out I believe jingo encrypted fields that don't hold me to it you have to check them out but genu encrypted fields uses keys are and Django encrypted fields has an example as as a text a text-based encrypted field oh great thank you it's not an endorsement of Django crypto fields it's looked at them once they may have changed but check it out like a yeah it's a it's a thanks I also have a jingo specific question when you comment on development versus production settings example that comes to mind is allowed hosts sure so most important debug mode must be turned off and I did when I was a Django developer and then I joined the security world and I was like okay now I'm going to count the amount of sites I've seen debug mode turned off right almost every application that I've tested had debug mode enabled in some way and it's really really important for that now also in production you're dealing with things like rate limiting and abuse that you're not you - and it's really important to look at your every use case is different and I just set some really basic rules and guidelines to how much of your service your user should be using I have a quick question um there might be a little too specific but you do you have time to elaborate a little bit on the sort of spoofing the posed by using again and bypassing the sea surf and house a visit to trust in if you're using a function based view whether the request is a post or not sure sure so I'm gonna talk in the abstract Minh I don't have any code to show but I'll try to be as specific as possible so every function based view takes a request right it'll take any type of HTTP request it doesn't matter now within the code of that function or specific directives to process based on that request if requests don't post so if this is a post request process the form if requests not get do the opposite etc now the the issue I was describing was an issue that has been found where a view existed and this view image requests that meta so it wasn't just looking for a guest to get or a post with but the developer assumed the fact that it was in a form that it would be posted to but it can easily have been requested by a get and that was the issue you mentioned your talk that it's important if you do venture down the security road and writing your own software for that your own controls it's important to understand all the attacks that you know you're going to have to you're you may encounter and anticipate that by handle my question more pertains to do you think it's valuable to be able to understand and execute some of these exploits yourself in that process that depends largely on the way a person work looks and learns but from my perspective I learned software security by looking at the framework by looking at the Django framework and just seeing what does it do how does it work and then looking at other implementations and saying why are they different and then the comparing the differences and understanding how it can be attacked some people find it really helpful to actually attack and for that there's a wasp as a a a program called webgoat that allows you to really vulnerable web application allows you to really test out the application to test the application of security the web application hacker's handbook will give you a lot of those attacks practically they make use of a proxy tool what application proxy called the burp burp suite and it for me that's my Swiss Army knife when it comes to pen testing and I really rely on it happily for everything that I do and I think that going through specific components understand and and just leaving about the attack surfaces on those components it will be really helpful but whatever works if it's easier for you to to break into the Theatro application there you have it and if it's you know it's easier for you to just look at secure implementations then it's easier for me to do both and you both thank you hello my question is about do you have a guideline to know when it's appropriate to step back and ask well not asked but when when during security it's holistic so how can you know whether the Jango layer is the appropriate layer to address a certain security concern with you know a stack with other layers so just to expand a little bit on what you just said why should so look for example in building a rate limiting control you can build it what's they use nginx you can put that directive and nginx you can put that directive and Django why should you do one over the other now I really depends what you're looking for nginx knows how to proxy and surf files very well right so when you want to limit the amount of IPs that hit your site you can do that in nginx when you want to limit the amount of IPS that hate yours that hit a specific endpoint you could do that with an engine X however it doesn't know anything about your application it's in Django you can build rate limiters that can rate limit specific actions so that shouldn't attacker decide to abuse that specific action you can swirl that entire action across your application it's not bound to URL as nginx is going to expect it's not to a set of behaviors so it's largely dependent on what you what you want to let the type of control you want to build also really important in fact I'll say everything that you can get out of Django as input into nginx rate-limiting should be done before that because why start to get into the request response cycle when you you can just stop the attack from ever happening yeah jiggle has a lot of settings around cookies like it should be only insecure time cookies do you have a recommendation of how you set up your settings or do you just use the defaults so it really depends on the site the aplanet hosting for example if your site is not posted under SSL then sending the secure flag in your cookies just kind of gonna break the whole HTTP sessions so generally when I set my LAN leak we're talking about cookie settings I make sure that HTTP only is set on both the session cookie as well as the CCO of cookie and then secure I like to host a fully over SSL so secure on both of those as well now what's important that most people don't know is that the cease or failure view exists by default and it's one of the easiest ways to profile if the site isn't is actually a Django site send a post with it either a missing sous-chef token or an invalid one and you'll get back to the Caesar forever field and it also tell you whether the sites in debug mode or not now that's I can't be problematic most people don't change it it's really simple to so my questions more about Python 3 and tools like keys are and encrypted fields is there anybody working on that or any Kickstarter's are you seeing any new tools coming out the support Python 3 versus what you're talking about earlier yeah so I'm gonna expand your questions also pi PI all right keys are makes you serve I think it's a Python pi crypto and pipe grip there's a C extension to Python pipe iodide doesn't work on pi PI doesn't work on on Python 3 and the reason I chose keys are isn't because Pisa is a set of executables it's also it's written engine download the executable is written in Java and run them now you know what is important is that you don't run these executables and open yourself up to command injection but largely you can make use of those executables use a tool don't use it like we don't use it so much as a library and that way your your abstracted away from the internals of it and you're just simply using like as if you would use Cal say in shell you're using just a shell command you can you put in data you get up you get back data it's that simple anymore please I respect that you're sort of instead of talking about attacks you're talking about best practices against services generally then it seems like the surface you're talking about by and large is the request response cycle for example you say let's put all authorized ation in one place but what about for acing what about if you're dispatching broadcast and you're not exactly you know you need to understand who's on the other end I find that that logic sometimes is wanting for a home and it seems like probably it's not URLs too high so what do you do with that stuff so this is why I chose through a quest response cycle because I don't think 45 minutes or two hours wouldn't help with async security when it comes to security it's when it comes to protecting yourself from vulnerabilities as I mentioned previously you largely have to assert what is going to happen you have to be very specific and you have to really push yourself to understand what's gonna happen when it comes to asynchronous programming things are largely being handed off to different what's you're using Co routines or or now event-driven asynchronous programming you can throw yourself down a rabbit hole really fast how many people want to think about race conditions in asynchronous programming Oh every bank that exists today does not make use of asynchronous programming when it comes to transferring money for the the fear of race conditions there's anything within a race conditions they make sure that everything is is within a transaction when when you mention asynchronous programming from my perspective I look at it from the Python way of not not just API calls that are being sent out to the to the server because these are also handled by change those request response cycle whereas with general itself a synchronously processing for certain things one important thing to note when dealing with it there's just and I'm not going to dive really deep into it it's just because it's async doesn't mean it's lightweight and just because it's lightweight in one place doesn't mean it's lightweight in the other for example if you manage to find a few that you could really increase the amount of processing power that is required by that he was saying they're they're based on let's say when what the most recent one of the most recent holes within Django is submitting s within a multi-part multi-part request a set of files that will cause Django to do perform an O n operation if you can find that with an an async piece of code and they're using G event then that person's got real problems because qi event is great when it comes to i/o and it actually isn't when it comes to serious CPU handling and it's gonna stop responding to everything else so what's really important is that you rate limit as much as possible don't so don't think that you can upload 300 megabyte file and it will be really easy on your system the second thing is to remove the asynchronous parts of your code from where it can get a little bit hairy and what I mean by that is when you have code that is gonna run same payment system you want to make sure that that payment system and that payment happens once and only in one location and it can't be triggered multiple times within a specific set of set of time so in the regular world you'd use locks right you'd lock the start of that payment you'd move through the code you'd and the walk however pythons cooperative scheduler may get especially asynchronous programming may break those locks or may get you to the point where you may be within multiple locks at the same time do do certain things so it's important to know when to be synchronous that said it does mitigate a decent amount of in our service vulnerabilities so your mileage may vary I'm an I'm an educator and teach people Python program Python web programming and so on and so forth and one of the most difficult areas for me as an educator is that I tend to be a fairly trusting programmer which makes me very bad at this kind of work do you have any advice for educators or for students who are learning this kind of thing about ways to make themselves constructively paranoid well first of all being a trusting person is it's great it's you know unfortunately we're not even not as trusting as we could be but let's say let's just do a show of hands how many people have invited people over to their homes okay the people that didn't answer are definitely that person before you invited them over to your house okay most how many of you have not known that person excluding Airbnb one person okay good right so you invite someone over to your house you know you see someone walking over the street and say hey you look hungry come in for a meal right now you don't expect that individual to be courteous and to know their boundaries right you know not to put the silverware in their pocket not to you know the other members at the table etc and largely date you know very nice individuals they may be like that but when that person over steps their boundaries at that point you show you kindly show them the door right now when it comes to building software we don't always have that luxury of being able to handle just one request and ensure that everything is working nicely around it so we try to assert as much as possible place all the rules around that one request that guests in our house and say these are the roped-off areas you can only go into the bedroom if you're a member of the family you know okay everyone can wash dishes do certain things you only turn on the TV if your trusted setting you know your your remember you're a member of the family you can only change the channel if you're old enough then let's say 18 right or 16 now that is is kind of how you have to look at your users within your application you're going to have the majority of users are going to be good hard-working people hard-working sorry about that individuals that's going to literally just probe you to find your weaknesses and being assertive from the onset is really important now the assertive security actually comes to me from a different part of my life as you may have realized I'm a religious Jew and Judaism as a set of laws those are largely you know in many places but are collected in a book called the Talmud now I don't think many of you have learned at omlette here but the way every law in the Talmud works is that you take we they discussed the wall they say this is supposed to have no we know this is the law now let's look at the limitations of it and these hypothesize everything and they from a very rough piece of stone which will be the original law the sculpt a masterpiece of every single facet when it should be done and why it should be this way and this is I've taken that part of my life and if it into writing software writing secure software in where the clue that I put out I'm very explicit what should happen and why should it happen and I don't look at kind of okay I hope it's all gonna work I kind of I I'm not it's not that I'm not trusting of my users but I'm just assertive and I say you know only a user if you meet these requirements the same way if someone walks into your house they are only an invited guest if they can accept common courtesy no more questions this alright lady gross thank you so much