security

问题 This question already has answers here : Injecting SecurityContext into a Listener prePersist or preUpdate in Symfony2 to get User in a createdBy or updatedBy Causes Circular Reference Error (4 answers) Closed 5 years ago . Coming from this post and after fix things I'm in another issue/security question/problem. As yours may see in the other post I'm trying to inject security context in the listener but if I leave the code intact without touch I got this error:

问题 I need to show form as top level system-wide, e.g. over /all/ other windows on screen. I do realize this is usually /bad UI practice/, but I have very specific scenario in mind. We intend to use normal Windows PCs for POS cash registrators. There is an option on the screen to open cash drawer. It would be rather bad for someone just to press something on a screen and get access to money when clerk isn't looking. So we equiped PCs with RFID readers and each clerk has his/her own RFID card

问题 In PHP 5.2 there was a nice security function added called "input_filter", so instead of saying: $name = $_GET['name']; you can now say: $name = filter_input (INPUT_GET, 'name', FILTER_SANITIZE_STRING); and it automatically sanitizes your string, there is also: FILTER_SANITIZE_ENCODED FILTER_SANITIZE_NUMBER_INT FILTER_SANITIZE_EMAIL FILTER_SANITIZE_URL etc. so this is a very convenient security feature to use and I want to switch over to it completely. The problem is... I often manipulate the

问题 I am a beginner in database field and this question might sound too stupid but I want to know why there is a login called sa and can I delete it? I want to delete it because it seems to have pretty serious privileges on database server! If it matters, I am using SQL Server Express 2008. 回答1: You can't remove the sa account but you can rename and/or disable it. Arguably this is good practice as otherwise you have a known username that an attacker could launch a brute force password attack

问题 How do I securely delete files in java? I tried the code at javafaq.nu, but the problem is you can't actually delete the file on windows once it has been mapped due to this bug. Then I tried just using sysinternals sdelete on windows, but you have to click a usage agreement the first time you use it which I want to avoid. 回答1: On a journaling filesystem like NTFS there is actually no way to securely erase a single file without wiping all the free space on the drive. The problem is that the

问题 I have two XML files, structured as follows: My Key <RSAKeyValue> <Modulus> ... </Modulus> <Exponent> ... </Exponent> <P> ... </P> <Q> ... </Q> <DP> ... </DP> <DQ> ... </DQ> <InverseQ> ... </InverseQ> <D> ... </D> </RSAKeyValue> A Public Key <RSAKeyValue> <Modulus> ... </Modulus> <Exponent> ... </Exponent> </RSAKeyValue> I am using the xmlseclibs library by Robert Richards which requires a .PEM representation of the key in order to encrypt and decrypt things. As an encryption novice, I'm not

问题 I already know how XSS works, but finding out all the many different ways to inject malicious input is not an option. I saw a couple libraries out there, but most of them are very incomplete, ineficient, or GPL licensed (when will you guys learn that GPL is not good to share little libraries! Use MIT) 回答1: OWASP offers an encoding library, on which time has been spent to handle the various cases. Obsolete: http://www.owasp.org/index.php/Category:OWASP_Encoding_Project Now at http://code

问题 My deployment script overwrites the media and source directories which means I have to move the uploads directory out of the media directory, and replace it after the upload has been extracted. How can I instruct django to upload to /uploads/ instead of /media/? So far I keep getting django Suspicious Operation errors! :( I suppose another solution might be a symlink? Many thanks, Toby. 回答1: I did the following: from django.core.files.storage import FileSystemStorage upload_storage =

问题 hi I'm trying to follow a simple example about doing a simple login form page that i found in this page http://docs.spring.io/autorepo/docs/spring-security/4.0.x/guides/form.html the problem is that i´m getting this error everytime that i try to login i get this error: Expected CSRF token not found. Has your session expired? When i get this error i press the back button in my explorer and try a second time to log in and when i do that i get this error: HTTP 403 - Invalid CSRF Token 'null' was

问题 Is there a way to use the DPAPI (Data Protection Application Programming Interface) on Windows XP with Python? I would prefer to use an existing module if there is one that can do it. Unfortunately I haven't been able to find a way with Google or Stack Overflow. EDIT: I've taken the example code pointed to by "dF" and tweaked it into a standalone library which can be simply used at a high level to crypt and decrypt using DPAPI in user mode. Simply call dpapi.cryptData(text_to_encrypt) which