security

问题 This script works in IE 6 but not in IE 8.0 My users now get an "Access Denied error". What settings do I refer my users to do enable local file access so that this script will work? <script language="JavaScript"> function viewFile(selectedItem) { for (i=0; i<selectedItem.options.length; i++) { if ((selectedItem.options[i] != null) && (selectedItem.options[i].selected == true)) { window.open("file://"+selectedItem.options[i].text); } } } </script> Users can select multiple files from local

问题 I use Silex and the SecurityProvider, my firewall : $app->register(new Silex\Provider\SecurityServiceProvider(), array( 'security.firewalls' => array( 'user' => array( 'pattern' => '^/user/', 'form' => array( 'login_path' => '/connexion', 'check_path' => '/user/login_check', 'default_target_path' => 'homepage_user' ), 'logout' => array('logout_path' => '/user/deconnexion') ... ) ) )); It works ! But I didn't find any way to access to the user object in the template, the symfony synthax doesn

问题 In my login page I log in through username and password (that I get from a jsp page), then I check LDAP and if the credentials are correct, then I continue the browsing to other pages. I would like to store somewhere username and password, because in some next pages, I may need them to make other stuff. I was thinking to store them in the session, but I'm scared that this can bring to security issue. Am I wrong? Maybe is it better to store them in the DB and query the DB the every times that

问题 I have heard many stories from people who had their sites integrated elsewhere so that the visitors to those other sites would see the original one not even knowing that the site has no own content but just serves some other resource? I understand people are doing that to promote their resources by (ab)using the others' work. Is there any other reason behind this tactic? Most especially, how to prevent it? 回答1: In short, you can't. But fortunately, they can only copy your front-end data. Your

问题 I am new to ASP.NET and wanted to capture details about people on my site. So I capture the Request.UserAgent attributes to file. Can anyone explain how to deconstruct these so I know what they mean? I am actually stumped by some of the user agents I see. Examples: IE2.0d; WinNT: Mozilla/1.22 (compatible; MSIE 2.0d; Windows NT) : Never heard of IE2.0, so is this spoofed for scanning my site, and why? Also, how is IE related to Mozilla in this case? IE6.0; WinXP: Mozilla/4.0 (compatible; MSIE

问题 I have read one article about difference between the methods update() and dofinal() in cipher. It was about what will happend if we want to encrypt 4 Bytes Array, when the block size of the cipher is for example 8 Bytes. If we call update here it will return null. My question is: what will happen if we call doFinal() with a 4 byte array to encrypt, and the buffer size is 8 bytes, how many bytes encoded data will we receive on the return? 回答1: update() : feed the data, again and again, enables

问题 I have read one article about difference between the methods update() and dofinal() in cipher. It was about what will happend if we want to encrypt 4 Bytes Array, when the block size of the cipher is for example 8 Bytes. If we call update here it will return null. My question is: what will happen if we call doFinal() with a 4 byte array to encrypt, and the buffer size is 8 bytes, how many bytes encoded data will we receive on the return? 回答1: update() : feed the data, again and again, enables

问题 There is new section in Bluemix Doc for the Secure Gateway Service: Creating IP table rules for a Bluemix app Unfortunately I don't understand what I should do. E. g. the text says to make an API call in this form: PUT /v1/sgconfig/:<gateway_id>/destinations/:<endpoint_id>/ipTableRule That will never work, it should say something like curl -k --request PUT https://sgmanager.ng.bluemix.net/v1/sgconfig/... Also, in the Secure Gateway Definition, under Advanced / Network Options , do I need to

问题 As part of a password management tool, I am attempting to enumerate IE 10 web site usernames (i.e., auto-complete usernames) by using CredEnumerate . When I call CredEnumerate , it yields several usernames (generic usernames and domain usernames) from within the "Windows Credentials" section of the "Credential Manager", but does not include anything from the "Web Credentials" section of the Credential Manager (Control Panel\User Accounts and Family Safety\Credential Manager). private static

问题 I am implementing an XSS filter for my web application and also using the ESAPI encoder to sanitise the input. The patterns I am using are as given below, // Script fragments Pattern.compile("<script>(.*?)</script>", Pattern.CASE_INSENSITIVE), // src='...' Pattern.compile("src[\r\n]*=[\r\n]*\\\'(.*?)\\\'", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL), Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL), // lonely