security

问题 I was making a small app (.Net web api backend service and angularjs for frontend) just to learn these frameworks, started to like project itself and thought it would be nice to deploy it... However thing my .net rest service is as public as it gets, at the moment anyone can crud exposed through api objects and obviously I don't want somebody clearing my database once in a while. I don't really store any sensitive information, it's small web game, all I store in db are things like items,

问题 I was making a small app (.Net web api backend service and angularjs for frontend) just to learn these frameworks, started to like project itself and thought it would be nice to deploy it... However thing my .net rest service is as public as it gets, at the moment anyone can crud exposed through api objects and obviously I don't want somebody clearing my database once in a while. I don't really store any sensitive information, it's small web game, all I store in db are things like items,

问题 If a user has SELECT , INSERT privileges on the underlying table of a view, would he automatically have the same privileges on views (created on the table) as well or does he need to be granted those? For instance, suppose Bob has INSERT privileges on the table EMPLOYEES. Does he also have INSERT privileges on a view EMPLOYEENAMES which has only the names of the employees? PLEASE NOTE: I am working on oracle express 11g 回答1: No, the privileges are not inherited (which would be rather

问题 If a user has SELECT , INSERT privileges on the underlying table of a view, would he automatically have the same privileges on views (created on the table) as well or does he need to be granted those? For instance, suppose Bob has INSERT privileges on the table EMPLOYEES. Does he also have INSERT privileges on a view EMPLOYEENAMES which has only the names of the employees? PLEASE NOTE: I am working on oracle express 11g 回答1: No, the privileges are not inherited (which would be rather

问题 I have a web application that provides several rest services (Jersey). Most of the endpoints are secured by BASIC authentification. Further more I use SSL for transport and demand POSTs for every call. The clients/consumers are android apps. So far so good. The only service that seems to be vulnerable is the registration. It's the 'first' service to call and a user does not exist yet. So I cannot use OAuth, etc. I also have to keep the endpoint easy accessible to enable the user to regster.

问题 I want to create an application for the Android tablets and/or iPad that's going to hold a lot of sensitive data that needs to be encrypted. I'm thinking about two possible ways of dealing with that problem: Implement (or use an implementation) of some well known encryption algorithm, but that leaves a problem of passing private key as it probably be best if user has to enter 1024 bytes key from the on-screen keyboard on each start of the application Using a hardware encryption device (smart

问题 We're intergrating our site with an external site using form posts. The form on our page will submit to extenal site on a different domain. Is this even possible? I thought that would be an injection attack. 回答1: Yes it should be possible. Make sure you have enough validations in place so that you dont post harmfull data (and you are not held responsible) also I hope the other party has some server side validation as well. 回答2: You probably want to learn more about the same-origin policy,

问题 Currently I get usr's IP like this: if ( isset($_SERVER['HTTP_X_FORWARDED_FOR']) ){ $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } elseif ( isset($_SERVER['REMOTE_ADDR']) ) { $ip = $_SERVER['REMOTE_ADDR']; } // IPs +----+----------------+-------------+ | id | user_ip | date_time | +----+----------------+-------------+ | 1 | 43.12.9.9 | 1468070172 | | 2 | 173.3.0.1 | 1468070667 | +----+----------------+-------------+ But now, I read this in here: if you are going to save the $_SERVER['HTTP_X

问题 I don't want to show my images, zip files or any other files. Because all of these very important files. Suppose my image url like it http://www.example.com/users/upload/images/example.jpg And if anyone can take below url and go with browser url then they can see my all other images. http://www.example.com/users/upload/images/ I don't want to show my images files, Or i want to show some 404 page not found. Can anyone know the solution of above problem? 回答1: You can create a .htaccess file for

问题 I've been asked by a freelancer friend of mine to join him on a JSF 2.0 project, and I'm slowly picking up speed and putting the pieces together. Coming from a Windows Forms .NET world, I have a lot to learn to say the least. My major concern is with the lack of apparent consensus on how to protect a JSF application. Some methods have been proposed here on SO, including using Spring security, Seam security, custom phase listeners, or simply using the rendered="#{...}" attribute to show/hide