security

问题 FileHelpers.dll (2.0) are referenced within 2 class libraryies (Dto and Services) in my solution My webapp (asp.net mvc) is on IIS7 (Full Trust) Windows 7 PRO 64 and I sometimes get this exception when starting my app from VS2008: (to get rid of it I delete the FileHelpers.dll from bin, run, close browser, rebuild the solution and run again ) [PolicyException: Required permissions cannot be acquired.] System.Security.SecurityManager.ResolvePolicy(Evidence evidence, PermissionSet reqdPset,

问题 I am evaluating a requirement for a consumer blackberry application that places high premium on security of user's data. Seems like it is an insurance company. Here are my ideas on how I could go about it. I am sure this would be useful for others who are looking for similar stuff Force the user to use device password. (I am guessing that this would be possible - though not checked it yet). Application can request notifications when the device is about to be locked and just after it has been

问题 This is strictly for testing purposes. I am not building this into an application. I am trying to log all the user's saved accounts and passwords AccountManager accountManager = AccountManager.get(this); for(Account account : accountManager.getAccounts()) { System.out.println(account.name + " : " + accountManager.getPassword(account)); } But I am getting an error E/AndroidRuntime(11944): java.lang.SecurityException: caller uid XXXXX is different than the authenticator's uid I have read this

问题 I'm working on an app that connects two Android devices via Wifi so they can exchange files/data using TCP. Since Android Oreo (API level 26) there's finally an official API for this: WifiManager.startLocalOnlyHotspot(). This creates a Wifi hotspot/network without internet access. The documentation says: Applications should also be aware that this network will be shared with other applications. Applications are responsible for protecting their data on this network (e.g., TLS ). I have no

问题 I'm trying to use SecAsn1Decode in order to parse the following DER encoded data. However, I failed to define the template for this struct (represented by SecAsn1Template ). perhaps anybody can explain how to create a template for the following DER structure : here's the binary raw data (DER formatted) 30 81 8E 31 0B 30 09 06 03 55 04 06 13 02 49 4C 31 0F 30 0D 06 03 55 04 08 0C 06 69 73 72 61 65 6C 31 0C 30 0A 06 03 55 04 07 0C 03 54 4C 56 31 0B 30 09 06 03 55 04 0A 0C 02 54 53 31 1E 30 1C

问题 We are using a Sharepoint Implementation for a customer portal. We are giving each client a site where they will have access to reports. We are using the same library of reports, each report takes a parameter that is a unique identifier for the client. The issue we are running into is that as long as you can authenticate to the system you can view the source on the page that has the report and by doing some googling you can figure out how to put together a query string to pull a report. By

问题 This question maybe sounds some stupid, but i have the curiosity to know, if expose the fields of an object like publics, can create a security risk or a hole in my aplication that can be exploited by other persons? public class AClass { public int AProperty { get; set; } //Less Secure? public int APublicField; } Thanks 回答1: Access modifiers (public, private, protected) are simply a mechanism to allow different levels of encapsulation for those with source access. You should employ them with

问题 I'm writing a QML client for a service that needs authentication with a username and password. At the moment I am using a c++ plugin to encrypt and decrypt the password, but I'd like to replace that with plain QML to avoid the platform-specific binary. Not an option: hard-coding an encryption key (since that could be extracted from the package) hashing (since I need to be able to recover the password in plain-text) security by obscurity (obviously) 回答1: There is this type of question from

问题 A registration form asks for username and e-mail address . After the data passes validation it's added to the accounts table. It stores data such as username, password and e-mail address. If the username has already been taken the user will be notified and no data will be added to the table. It was seen as a security issue if the user was immediately notified that the e-mail address was already in the table. The suggested solution to this was to always send a verification e-mail and if the

问题 Whenever you authenticate, your application should change the session identifier it uses. This helps to prevent someone from setting up a session, copying the session identifier, and then tricking a user into using the session. Because the attacker already knows the session identifier, they can use it to access the session after the user logs in, giving them full access. This attack has been called "session fixation" among other things. How can i change the session id once the user login to