security

问题 I have built a fairly simple WCF service, which I host on an IIS 7.5 instance. I have gone about the necessary steps to secure an ssl certificate to enable https. I have resolved all the various DNS settings so I can now hit my WCF at the given Https:// URL from the world at large. The goal is this: Some sort of client/server authentication for the approximately 5 clients that will be sending data to the service. What is the best approach to securing this service? It is very simple at this

问题 I'm writing an intranet page for my company that requires the use of an embedded dll (COM). The dll is registered on all clients computers so it doesn't need to be downloaded from the page, it just needs to run. I've tried using the following code to embed the control: var newObj = new ActiveXObject("servername.classname"); And this works when testing locally, but from the intranet the object fails to instantiate with the js error "automation server can't create object". I suspect this is

问题 I am getting a Stackoverflow error on Java Console while opening the Applets over network on Java Version 8 build 1.8.0_45-b15 . The applet gets loaded but takes around 8 minutes and the same works fine in any of the Java 7 versions over the network . Can anyone please help .. The stacktrace is as follows . java.lang.StackOverflowError at java.security.AccessController.doPrivileged(Native Method) at sun.security.provider.PolicyFile.getPermissions(Unknown Source) at sun.security.provider

问题 I am getting a Stackoverflow error on Java Console while opening the Applets over network on Java Version 8 build 1.8.0_45-b15 . The applet gets loaded but takes around 8 minutes and the same works fine in any of the Java 7 versions over the network . Can anyone please help .. The stacktrace is as follows . java.lang.StackOverflowError at java.security.AccessController.doPrivileged(Native Method) at sun.security.provider.PolicyFile.getPermissions(Unknown Source) at sun.security.provider

问题 People can register for a newsletter on my website. Their email address and other personal information will be encrypted in the database. Now for that registration form I'd like to check if the newly inputted email address is already in my database, but as all emails are encrypted, I can't really check unless I loop through every possible email address, decrypt it and see if it matches the newly inputted email? Is that correct? Or is there a more efficient way to do this? 回答1: If you use the

问题 I have the following log in script that is run when a user hits the submit button on the login form on www.msheeksproductions.com. I have removed the DB login info for security reasons. <?php error_reporting(E_ALL); $user = '***************'; $pass = '***************'; $host = '***************'; $data = '***************'; $userN=$_POST['userN']; $passW=$_POST['passW']; mysql_connect($host, $user, $pass)or die("Could not connect"); mysql_select_db($data)or die("Database Not Found"); $query=

问题 Scenario : I am working on Javascript code that allows running arbitrary user-supplied code in a web worker environment, similar to this approach. Let's call the two parties host (launches the worker) and guest (inside the worker). Now, I want to be able to run multiple scripts on the worker at the same time, or at least have them sent to the worker right away, without having to wait for the previous script to finish. It is crucial to reduce delay and overhead because a single "session" could

问题 Context Umbraco CMS website runs on Azure as App Service Scheduled Publishing One of the Umbraco functionalities is to allow to publish content on a given time. The publish functionality makes a HTTP call to same web site (or a different server but same website in load balanced environment). API call url: http://sample-site-umbraco.azurewebsites.net/umbraco/RestServices/ScheduledPublish/Index IP Security Due to client requirements, access to the site is restricted to a given list of IP

问题 the following small line throws a System.Security.SecurityException: Requested registry access is not allowed: RegistryKey _key = HKLM.OpenSubKey("path\\to\\my settings", false); Now.. what's the point some would ask? The point is that this runs ONLY when I am logged on . The exception is thrown if the program runs as scheduled task and nobody is logged on. the user who runs that task is local administrator the program does not run from a network share, it is located on the local disk I even

问题 I'm writing a web application in which i use several thirdy party commands calling them with the exec function in PHP (for example, I render Latex formulas through a command-line program). My question is: what are the security issues of executing external command-line programs in php? What I have to be aware of? Can you give me a list of points to check? EDIT: I'm aware that I have to clean the user input to prevent executing arbitrary commands... Are there any other things to check? Thanks