security

问题 I am using a SQLite database to build an iOS app. Which is the best way to store username and password: in the database or the Keychain? Also, if I store any data in database how can I make it secure like the keychain? 回答1: Keychain is better. However, we recommend that you don't save the password. You should always save the hash value and compare the hashes to see if the login is correct! 回答2: Keychain is the best option to save any kind of passwords. Use library SSKeychain which is a light

问题 i have a login form what i want to do that if a user have role user tries to login he's redirected to page voiture_new and if an admin eventually has a role admin he's redirected to the admin page PS : i'm using easyadminbundle here's what i've added to the loginaction of my controller $authChecker = $this->container- >get('security.authorization_checker'); $router = $this->container->get('router'); if ($authChecker->isGranted('ROLE_ADMIN')) { return new RedirectResponse($router->generate(

问题 I want to check if a file path is in current directory tree. Suppose the parameter is given as js/script.js . My working directory (WD) is /home/user1/public_html/site Now for current WD if someone supplies js/script.js I can simply check it by appending to the WD. It works for such normal path. But if anyone (may be an attacker) wants to pass ../../../../etc/password it'd be a problem. I know it can be suppressed by removing the .. characters using some RegEx. And that will solve it for sure

问题 I have a PayPal "buy now" button that has a return URL which redirects to a download page after payment. Only thing is that the user can copy and paste the URL of the download page and share it -which is a disaster- And they can come back to the download page, which I do not want unless they paid; so each time they are redirected to the download page, the must have first paid. How to secure the URL and check if user paid or not and if they paid they can be redirected to the download page

问题 I'm guiding myself with this answer over here, which explains how to use both AES and RSA. I managed to successfully implement the AES part with an util class in which I use a passphrase to generate keys. This passphrase will not change, the purpose of this is to encrypt a password before encoding it and saving it to a database. Then whenever I need to decrypt this password I can do it with the same passphrase, which should generate the same key. I've got this working. Now my question begins

问题 I have a problem. I have defined some global variables and namespaced it into an object called "app". Example: window.app : { foo : null, bar : null, } Well, the idea is that I want to be able to modify those variables from any module by calling app.foo = "baz" or app.bar = "baz", but I don't want the user to be able to modify those variables from the browser console (element inspector). Is it possible? PD: Well, I have a Backbone.js collection which is sinchronized with the server. I don't

问题 I receive the following request error from my WCF Rest web service when using forms Authentication and Authorization. It works fine without the Authentication and Authorization:- "The server encountered an error processing the request. Please see the service help page for constructing valid requests to the service." Its built in .net 4 so no .svc file, here is the service code:-- namespace WcfRestService1 { [ServiceContract] [AspNetCompatibilityRequirements(RequirementsMode =

问题 I have written simple java code to access url www.nseindia.com In my local and on Google appengine ,it throws exception With below message Access Denied You don't have permission to access "http://www.nseindia.com/" on this server. Reference #18.9420b07b.1335496818.23b178f Access Denied You don't have permission to access "http://www.nseindia.com/" on this server. Reference #18.9420b07b.1335496818.23b178f I am using App Engine SDK 1.5,JRE 1.6 Please advise 回答1: this is because GAE doesnt

问题 I have a login module which calls a remote EJB (JBOSS 5.1) to get a javax.security.auth.Subject: public Subject getSubject (String a, String b) throws FailedLoginException On the remote side the subject is filled as follows: MyOwnPrincipalInterface principal = (MyOwnPrincipalInterface)new MyOwnPrincipalImpl("name"); subject.getPrincipals().add(principal); The client always throws a Exception: ... Caused by: java.lang.ClassNotFoundException: my.packages.MyOwnPrincipalImpl org.jboss.remoting

问题 I'm testing my Java applet but with java 1.8 we can't lower the security setting below High which stops me from testing my applet. I'm mainly looking for a way to lower this but I'm also accepting a way to make it acceptable by Java 8 standards. 回答1: You will need to add your link in the exceptions list. Medium security setting that allowed content without certificate was removed after java 8 update 20 来源： https://stackoverflow.com/questions/29336132/how-to-lower-the-java-security-setting-for