security

问题 Is there an open database of blacklisted IP for the Web? With a lot of public web proxy you know... such the blacklist used by the Global blocking of Wikipedia. 回答1: The Project Honeypot provides as service called Http:BL. As an active member of Project Honeypot you can query their database of IPs that are known as email address harvesters or comment spammers. 回答2: You can use Blacklist IP Addresses Live Database from myip.ms - http://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP

问题 Why do I need to use separate public key pairs for signing and encryption and not use the same key pair with RSA for example? Is there any security problem with using the same key? 回答1: The reason for using separate key pairs for signing and encryption is to spread the risk: If someone recovers the private encryption key, he/she can decrypt documents that were encrypted using the public encryption key but can’t use it to also sign documents and vice versa. Another reason could be a legal

问题 Why do I need to use separate public key pairs for signing and encryption and not use the same key pair with RSA for example? Is there any security problem with using the same key? 回答1: The reason for using separate key pairs for signing and encryption is to spread the risk: If someone recovers the private encryption key, he/she can decrypt documents that were encrypted using the public encryption key but can’t use it to also sign documents and vice versa. Another reason could be a legal

问题 I am trying to create a custom authentication scheme in ASP.NET MVC using form authentication. The idea that I might have different areas on the site that will be managed - approver are and general user area, and these will use different login pages, and so forth. So this is what I want to happen. User access restricted page (right now I have it protected with a customer AuthorizeAttribute) User is redirected to a specific login page (not the one from Web.config). User credentials are

问题 I am programming a system using C#. My program generates a small message (a hash digest for a file) that I want to store on the hard disk - but I don't want the user to be able to read it. I was going to encrypt this message, but someone has suggested this is A BAD IDEA. So I'm looking for alternatives - how do you protect a piece of secret information from a fully trusted user? 回答1: Take a step back; you've got a solution that fundamentally doesn't work for the problem you've got. Instead of

问题 If you were to hash a user's password prior to sending it across the line and leaving it in plain-text in memory, would this improve the security of the application? I would assume this mitigates a small fraction of vulnerabilities by protecting the data stored in the clients memory. But really if we're worried about someone reading the client's memory there are probably bigger problems that we can't address. There's something that doesn't feel right about hashing on the client's end. Is

问题 If you were to hash a user's password prior to sending it across the line and leaving it in plain-text in memory, would this improve the security of the application? I would assume this mitigates a small fraction of vulnerabilities by protecting the data stored in the clients memory. But really if we're worried about someone reading the client's memory there are probably bigger problems that we can't address. There's something that doesn't feel right about hashing on the client's end. Is

问题 After extensive research, I have not been able to find a clear answer to my question. Firstly, can anyone tell me the basic logic of handling "login functionality" for a native iphone app connecting to a web service? For instance, the facebook app ask for a username and password immediately after launch, and from there you have full access to your account in all successive views of the app. Each time you post something etc, you do not have to re-login... Can someone please explain this

问题 had a unusual situation during one of our app deployment. iOS version worked well but android version of app did not work. After some troubleshooting, we found that app makes call to api. Api web server was missing certificate chain. we tried api call on iOS8 iphone with safari and it works without any warning while on android, it gave certificate warning. I understand the problem but would like to know why it worked on iOS? Does iOS has any bug in SSL verification at OS level? 回答1: The

问题 had a unusual situation during one of our app deployment. iOS version worked well but android version of app did not work. After some troubleshooting, we found that app makes call to api. Api web server was missing certificate chain. we tried api call on iOS8 iphone with safari and it works without any warning while on android, it gave certificate warning. I understand the problem but would like to know why it worked on iOS? Does iOS has any bug in SSL verification at OS level? 回答1: The