security

问题 Is there a way to do that without using a POST request to "j_spring_security_check"? 回答1: I needed the same thing (in my case I wanted to log in a user after they created a new account), so I dug around in the generated RegistrationService and found this is how it is done: import org.springframework.security.providers.UsernamePasswordAuthenticationToken as AuthToken import org.springframework.security.context.SecurityContextHolder as SCH class UserService { /** The authentication provider. */

问题 Java supports OCSP out of the box. The way it is being done though, (I mean the revocation check) is transparent to the programmer. My question is, is there any api (part of java) that can create a valid OCSP request or response? So that it would be possible for a programmer to implement a custom OCSP checker? 回答1: The standard Java API does not provide publicly available classes to handle OCSP. In Sun/Oracle's JDK, the OCSP management classes are in the sun.security.provider.certpath package

问题 I am working on a Rails application where users can add posts without registration. I want to generate a random, unique key and provide a link to edit their post, for example: http://mygreatapp.com/post/edit/f7smSDf34Sad . Similar approach is used by Craigslist. My idea was to generate a random, unique string on post creation and save it in the database, together with other post data. Then check if the string in the databases matches the one in the request. Is the solution safe? How would you

问题 I have been reading a lot regarding iframes and clickjacking, and was not able to find the information I am looking for. Can you help me out with below questions? How does Iframe clickjacking spread? I have seen lot of articles which mentions editing of html code in the local machine and by the same they are able to hijack users click by adding an invisible button. But, this is a modified logic on a local machine of a user. I am interested in knowing is it possible to push this same code to

问题 Ok so I need 2 of the 3. Something the user knows. Something the user has. Something the user is. I have a system that is exposed to the internet and we need clients to connect in a secure manner to satisfy our security standards. I'm thinking when a user registers to use our system we send them an application that they install on their home system. The application generates a key based on a timed randomness algorithm. Our application server has the same algorithm so when the user submits

问题 I'm running Tomcat 6.0.29 and created a realm and loginmodule of my own. They are defined in server.xml like so: <Realm className="mycompany.tomcat.MyRepositoryRealm" appName="My_Realm" userClassNames="mycompany.tomcat.IdentityPrincipal" roleClassNames="mycompany.tomcat.RolePrincipal" useContextClassLoader="true"/> I have added the library containing these classes to my tomcat/lib folder. Other than that, I have not changed Tomcat from it's default configuration. When I go to fire up the

问题 Just to be on the safe side, what's the best practice to ensure that only my application has access to my webservice, which is hosted on a public server? Should I implement I shared key or something? My webservice is hosted on Googles App Engine and my Application runs on iPhones and iPads. If you need further information, just ask. Thanks, Henrik 回答1: some sort of challenge/response authentication would be your best bet, but you could use something as simple as a key that's sent with every

问题 Just to be on the safe side, what's the best practice to ensure that only my application has access to my webservice, which is hosted on a public server? Should I implement I shared key or something? My webservice is hosted on Googles App Engine and my Application runs on iPhones and iPads. If you need further information, just ask. Thanks, Henrik 回答1: some sort of challenge/response authentication would be your best bet, but you could use something as simple as a key that's sent with every

问题 I have been using this PowerShell script to send my an email to me when opened. $EmailFrom = "notifications@somedomain.com" $EmailTo = "anything@gmail.com" $Subject = "sample subject" $Body = "sample body" $SMTPServer = "smtp.gmail.com" $SMTPClient = New-Object Net.Mail.SmtpClient($SmtpServer, 587) $SMTPClient.EnableSsl = $true $SMTPClient.Credentials = New-Object System.Net.NetworkCredential("YOURUSERNAME", "YOURPASSWORD"); $SMTPClient.Send($EmailFrom, $EmailTo, $Subject, $Body) I changed

问题 If you clone a git repository, the hooks are not cloned for security reasons I suppose. But what if I get a repository by an other way like a ZIP file? How can I make sure there is no hook executed when I run GIT commands on a repository which I don't fully trust? What I can think of, is to remove the executable flag of all files in the .git/hook directory. But according to the documentation, the hooks are only normally stored in this directory so there might be other places to clean first.