security

问题 When I try to login, the request gets blackholed by teh Security component. How can I make it work right? I have a simple login form <div class="container container-login"> <h2><?php echo __('Login'); ?></h2> <div class="wrap-form-signin"> <?php echo $this->Form->create('User', array('action' => 'login', 'class' => 'form-signin')); echo $this->Form->input('username', array('label' => '', 'placeholder' => __('Email'))); echo $this->Form->input('password', array('label' => '', 'placeholder' =>

问题 I've been considering using Google App Engine for a few hobby projects. While they won't be handling any sensitive data, I'd still like to make them relatively secure for a number of reasons, like learning about security, legal, etc. What security issues need to be addressed when working with Google App Engine? Are they the same issues that other applications - like applications written in other languages or hosted in other ways - are faced with? Edit: I did some searching it looks like I

问题 I am developing an Android application that places a high priority on protecting the user's data, to the point of storing nothing in persistent memory on the local device. To further protect user data, we want to make a web-service call to our server whenever someone attempts to take a screenshot of the active application. Solutions that I have seen so far include this snippet intended to prevent the screenshot from being taken and throwing a screenshot failure message in a Toast at the user.

问题 To get the name of the current user in a Java program, you can simply fetch the value of the user.name system property: System.getProperty("user.name"); But how secure is that? Can a user executing the program easily set this property to an arbitrary value (using a command-line argument of the JVM, for example) for common runtime environments? Can a user easily spoof this user name? I ask because I am writing a command-line program that can be run by anyone, but allows some privileged

问题 I need to migrate a huge application to Windows Azure. The application depends on a third-party library that requires an activation key stored in a special binary file on the role instance filesystem. Obviously that key has to be either included into the role package or stored somewhere where role can fetch it. The activation key will not be bound to the machine (since I have no idea where exactly a role will be run in the cloud) so anyone can use it to make a copy of that library work. Since

问题 Short version: Can I grant access to external databases to a role? Long version: I am working on reports using Crystal which is retrieving data from an applications SQL Server Instance ( database1 ). The application is running the reports and overwriting the connection in the report, I have no access to the applications code. I have added a new DB to the server ( database2 ) which is collecting information from a telephone exchange and I want to join some of this information to the

问题 I know very little about security (I need to find a basic explanation of the basics) and am trying to come up with a reasonable way to store user passwords in a database using .Net. Here's my current solution: private static byte[] HashPassword(string password) { using (var deriveBytes = new Rfc2898DeriveBytes(password, 10)) { byte[] salt = deriveBytes.Salt; byte[] key = deriveBytes.GetBytes(20); return salt.Concat(key).ToArray(); //Return Salt+Key } } I store the results of HashPassword() in

问题 I am getting Soap Response from this code SOAPConnectionFactory sfc = SOAPConnectionFactory.newInstance(); SOAPConnection connection = sfc.createConnection(); SOAPMessage soapMessageResponse = connection.call(soapRequest, new URL(serviceLocation)); How can I make it SSL based? I know how to create SSLSocketFactory from SSLContext giving my specified keystore . How can I tell SOAPConnection class about SSLSocketFactory or SSLContext ? So that my communication can be secured. I do not want to

问题 How should I reference my css file (which is in the non-secure area) from a webpage in the secure area. I've considered duplicating it (moving one in to the secure area) but this seems very inefficient. Any advice much appreciated. (p.s. there will most likely be a few follow up questions ha ha) 回答1: You can always avoid the issue by using a relative/rooted path: <link rel="stylesheet" href="/css/screen.css"> If you must use a full URL, I'm not sure why you can't use the https protocol (which

问题 Since this article http://symfony.com/doc/2.0/cookbook/security/custom_provider.html has not been written yet, has anyone an idea of how to do that ? (In my case it would be using LDAP authentication). Thanks for your answers 回答1: To help you get started you can check out my blog post which outlines how to create a very basic user provider system: http://clintberry.com/2011/custom-user-providers-symfony2/ EDIT: This post only covers the custom User Provider. To use LDAP authentication you