security

问题 I've got windows authentication enabled on an ASP page so that I can grab the current user's username. This forces the ASP page to run as that user. I want to lock some files down that are currently being accessed by that page. Is there a way to have Windows Authentication enabled and still run the page under the account that IIS is running as? 回答1: In the end, I'm just going to be migrating this to ASP.net. There is an article at Microsoft regarding impersonation at http://support.microsoft

问题 I am making a cgi program using C++ . It allows users to register their information on the website and also login. I am worried about security . Normally, MySQL is vulnerable to MySQL injection when using php to receive form. I am using the MySQL Connector/C++ API. When using C++ , does the method of MySQL injection work on cgi programs? Is the C++ cgi program still vulnerable to MySQL injection ? I know that cgi programs has their own security problems such as buffer overflow but I am asking

问题 I want a very simple login functionality integrated into a form on my server. It would be for use with only one page. You login in order to upload files to the server. I use a Linux at the moment. Does anyone have an idea of where I could get an idea where to get started. I have HTTPS/SSL Certificate on the server so it will help. But I don't really want to get complicated, only enough to stay secure. Ideas? Hope I'm in the right place. I'd like to use PHP to do this. The goal is to create a

问题 I am using play 2.1.0. I want to set a secure flag for request headers. I tried using application.session.cookie.secure=true in application.conf with https host. But still the security flag is not set in header. Did not find much on internet. 回答1: I don't have a link to accompanying Play documentation to hand, but the configuration property you're looking for is: session.secure=true You can take a look in the source on the 2.1.x branch to see how Play uses this property. 来源： https:/

问题 Considering that you can use a select expression in a query select table1.ID, (select table2.salary, table1.id from table2 inner join... from table1 and retrieve data that you don't have to reference in the from statement, how is this guarded against as far as security is concerned in enterprise DBMSs? do table permissions work so that you can not allow any references to them (since this case it isn't in your from statement) 回答1: You can enforce column-level permissions. So that it doesn't

问题 How I identify all files on my Unix (OS X) system matching a particular pattern that have their executable bit set, so that I can perform a command on them? For example, I'd like to locate all .doc files created before a given date that have any executable bit set, and chmod a-x them. 回答1: Something like find . -name '*.doc' -perm +0111 -exec chmod a-x ''{}'' ";" It will depend on exactly what you mean by "executable". 来源： https://stackoverflow.com/questions/29922883/how-do-i-locate-and

问题 I did not find a direct answer to this question, so, asking it in this forum. My question is this - I am using python 2.6.6 version, and using subprocess.popen command to call into a script with some arguments. Some of the arguments are passwords. When I directly use this: args = shlex.split(cmd) f = open("a.txt", "a+"); proc = subprocess.Popen(args, stderr=f, stdout=f) proc.communicate() retcode = proc.returncode The command gets executed fine, but I see that ps -ef shows the passwords in

问题 I want the index page for my project to be a login form with a link for registration below it and unlogged visitors should be able to see only the login form with route / and the register page with route /register . When the log I want they to be redirected to the home page with route /home . I tried some things and it's working in the dev environment (although having some troubles with the toolbar - Symfony2 - dev environment) but when I switch to prod env, the browser says: "The page isn't

问题 Is this a safe way to include pages from a $_GET parameter: $pg = basename($_GET['pg']); if (is_file('views/' . $pg . '.php')) { require 'views/' . $pg . '.php'; } I sanitize the parameter using basename() and all the possible files for including are in a "views/" subdirectory. It seems safe, but I want to be sure. The reason I want to do this, is because I currently use mod_rewrite to define all my URLs, but I want a single point of entry and I'd rather keep defining them that way than use a

问题 Is this a safe way to include pages from a $_GET parameter: $pg = basename($_GET['pg']); if (is_file('views/' . $pg . '.php')) { require 'views/' . $pg . '.php'; } I sanitize the parameter using basename() and all the possible files for including are in a "views/" subdirectory. It seems safe, but I want to be sure. The reason I want to do this, is because I currently use mod_rewrite to define all my URLs, but I want a single point of entry and I'd rather keep defining them that way than use a