security

问题 I'm doing some Android malware research for MMS based attacks. And I'm looking for a manual way to retrieve or download a received MMS message. I was hoping to find some curl or wget lines to be able to do so, but have not found anything useful. So far I have got some MMS info from the internal databases, found by: # find / -iname "*.db" |grep -iE "mms|sms" ... /data/data/com.android.providers.telephony/databases/mmssms.db /data/data/com.google.android.gms/databases/icing_mmssms.db /data/data

问题 I am using trying to use scifihifi-iphone (from Github) to store and retrieve usernames and passwords. However, when I add the class SFHFKeychainUtils I get the following errors: "_kSecAttrAccount", referenced from: _kSecAttrAccount$non_lazy_ptr in SFHFKeychainUtils.o "_SecItemDelete", referenced from: +[SFHFKeychainUtils deleteItemForUsername:andServiceName:error:] in SFHFKeychainUtils.o "_kSecReturnAttributes", referenced from: _kSecReturnAttributes$non_lazy_ptr in SFHFKeychainUtils.o "

问题 The term REALM has an overloaded & confusing using in security, what is the exact uses of this term in security? 回答1: Take a look at this in-depth explanation: Security Realm A security realm is a mechanism used for protecting Web application resources. It gives you the ability to protect a resource with a defined security constraint and then define the user roles that can access the protected resource. I hope this helped! 回答2: In simple terms when you want to access a protected resource you

问题 I've been using the free Firefox extension XSS Me from Security Compass to test for XSS problems. However, using what I understand to be safe filtering, XSS me still reports warnings. Are these accurate warnings or spurious? Using the code below as a testcase: <form method="post" action=""> <input type="text" name="param" value="<?php echo htmlentities($_POST['param'])?>"> <input type="submit"> </form> <?php echo htmlentities($_POST['param'])?> I run some nasties by hand but none of them are

问题 I have two sites on separate domains. I'm implementing SSO using the Thinktecture IdentityModel. A user logs into Site A. At some point they click a link to take them to site B. Site A redirects the user to site B/Login.aspx?token=< token > with a JWT token. Site B then validates the token by calling an API on Site A to authenticate the user. If authenticated, the user is automatically logged into site B. By default Thinktecture tokens last for 10 hours, with no way to kill a token(as far as

问题 I am using UIKit Framework to generate pdf in iOS device. I am wondering if we can lock (provide security) to the generated pdf so that after emailing or downloading it , one can not edit/modify using any pdf editable tool. 回答1: Yes - this is possible. If you start the creation of a PDF with UIGraphicsBeginPDFContextToFile you can then send a dictionary to it with options to specify what kind of encryption/locking you want. Here is the documentation for it: http://developer.apple.com/library

问题 I want to secure events stored in one table, which has relations to others. Events are inserted through windows service, that is connecting to hardware and reading from the hardware. In events table is PK, date and time, and 3 different values. The problem is that every admin can log in and insert/update/delete data in this table e.g. using sql management studio. I create triggers to prevent update and delete, so if admin doesn't know triggers, he fail to change data, but if he knows trigger,

问题 i have big trouble with my application that web-application(jsp,java,servlet) landed between two server cause there is load-sharing between server but unfortunately session not maintaining between server now i am checking checking after login if session is there than ok otherwise i am taking all credential from url (visible encoded url with same key if somebody remember url then big mess ) obviously its not secure at all ,SO how we can resolve this problame at application level please guide

问题 i have big trouble with my application that web-application(jsp,java,servlet) landed between two server cause there is load-sharing between server but unfortunately session not maintaining between server now i am checking checking after login if session is there than ok otherwise i am taking all credential from url (visible encoded url with same key if somebody remember url then big mess ) obviously its not secure at all ,SO how we can resolve this problame at application level please guide

问题 My web application uses UserId almost throughout the entire application.. what is the most efficient way to secure a session variable in php? Is session vulnerable to attacks? Should i keep my encrypted value of UserId in session? Any suggestion... 回答1: Note: Taken from my previous answer. Terminology User: A visitor. Client: A particular web-capable software installed on a particular machine. Understanding Sessions In order to understand how to make your session secure, you must first