security

问题 I created an API using flask_restjsonapi, I want to integrate the API where it can only work with my future reactjs frontend(the application is an E-commerce, the API is the backend which is representing the app datalayer). I expect that a user could access the products data without being authorized (as a guest), but it certainly needs to be logged to access to a pay view or for buying something. So how could I get this? Oauth (which flow type), basic authentication, cookies. Which steps do I

问题 Closed . This question needs to be more focused. It is not currently accepting answers. Want to improve this question? Update the question so it focuses on one problem only by editing this post. Closed 7 years ago . Improve this question Let's assume that after a few years of work I would have a 3D game ready, that can be downloaded by millions of people worldwide, it would be a game running on a client-server model. As far as I understand anyone can look at other people's source code if they

问题 I need connect to my server API with TLS_v1 , server certificate signed by CA that not include in older version of android so i use this Google's document to implement custom TrustManager . Everything work on API 18 and above, but throw SSLHandshakeException in JELLY_BEAN(API 17): java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. I have another server URL and certificate (in this case self-signed) that works even in JELLY_BEAN with same TrustManager

问题 I have a bunch of tcp dumps, which contain SSL traffic. I'm also provided with the RSA private key to decrypt it. There are a few reasons, why opening them in Wireshark is not really an option, so my goal is to do some statistics on them with Python. So far I've been using Scapy and dpkt for these type of statistics. How do I analyse a package capture containing SSL-traffic with Python? 回答1: I am working on SSL/TLS layers for scapy. Besides providing interfaces for TLSMessages (Records

问题 I have a bunch of tcp dumps, which contain SSL traffic. I'm also provided with the RSA private key to decrypt it. There are a few reasons, why opening them in Wireshark is not really an option, so my goal is to do some statistics on them with Python. So far I've been using Scapy and dpkt for these type of statistics. How do I analyse a package capture containing SSL-traffic with Python? 回答1: I am working on SSL/TLS layers for scapy. Besides providing interfaces for TLSMessages (Records

问题 I had to do a basic login system to protect a page, and I have no access to database so i store the username and password hard coded in php page. My question is, can this login system hold againts an attack? I need it to hold about 1 month. Any sugestions to improve will be helpefull. The code is not in laravel, even if it might look like. The username and password, will be changed to something stronger of course. Thank you in advance. <?php class UserController { private $username; private

问题 I am developing an Android App for internal use to send test requests to our server. The Authentification is via Basic + Client Certificate. What I am doing right now is storing cert and key file in assets/certs, getting the passphrase for the key and Basic Auth via input and then saved in SharedPreferences. This is probably not safe. I am mostly concerned about the two .pem-files. I read a lot about saving them in the Android Keystore, but not really sure about that. Is it possible to

问题 When I initialize a Cipher object with the default AES/GCM algorithm, it has a reandom 12 bytes IV but the first 4 byte does not get incremented ater doFinal is called and throws the java.lang.IllegalStateException: Cannot re-use same key and IV for multiple encryptions exception. SecretKey secretKey = ... final Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); cipher.init(Cipher.ENCRYPT_MODE, secretKey); byte[] iv1 = encCipher.getIV(); byte[] ctext = encCipher.doFinal("a".getBytes());

问题 Closed . This question needs to be more focused. It is not currently accepting answers. Want to improve this question? Update the question so it focuses on one problem only by editing this post. Closed 2 years ago . Improve this question I'm trying to make my REST API more secure. For the moment I'm hashing my password in my angular app with CryptoJs.SHA256 before sending it to my C# backend. But I realize it's better to hash password on server side. So how can I send a password only readable

问题 I have been helping out some people with their computers and repairing them. One of these people asked me about the safety of storing passwords in the auto form field. I showed them a quick trick on how you can retrieve the password from a simple jQuery call in the console. While working on some websites, I have been trying to figure out a way of preventing the use of this trick to find out what the saved password is. To understand what im talking about if you dont know, try the following.