security

问题 I am trying to use a custom OpenSSL engine for crypto operations required for client certificate authentication. Currently Net::HTTP lets us pass only the cert and key which will be used for the client authentication. We are moving all private keys to HSM ("Hardware Security Module") so instead of the default OpenSSL engine we want to plug-in a custom OpenSSL engine. The custom OpenSSL engine will perform private key signing operations using HSM. Current with the default engine we have code

问题 I am trying to create an application that requires user authentication over active directory to return a token, but I am not sure how to use it correctly. I've been looking at Authenticate user by ADFS (Active Directory Federation Service) but I am not sure how to create a Request Security Token or how to use it correctly. Are there any working examples for this available? Any help is appreciated. 回答1: It depends on whether you're using WIF or .NET 4.5 System.IdentityModel . Using WIF: string

问题 I have a MVC website, without authentication. In the website directory I have a folder \ProjectNotes which contains a file inside, Notes.txt. Neither this folder nor the text file are a part of the solution, but still get copied up on publish. My problem is that using a web browser anybody can access mysite.com/ProjectNotes/Notes.txt and I cannot prevent it. I have tried adding a specific route to take the user to the error page (no effect) and in the web config I've tried but that didn't

问题 This question already has answers here : How do you escape strings for SQLite table/column names in Python? (7 answers) Closed 3 years ago . I have a wide table in a sqlite3 database, and I wish to dynamically query certain columns in a Python script. I know that it's bad to inject parameters by string concatenation, so I tried to use parameter substitution instead. I find that, when I use parameter substitution to supply a column name, I get unexpected results. A minimal example: import

问题 I have created CertificateTestController and ValuesController from this example How to use a client certificate to authenticate and authorize in a Web API. If you scroll down to "Update" from user Ogglas. I have taken his example and gotten "CertificateTestController" to work where I can grab the Certificate from my store and add it to the "handler". When I call "ValuesController", there is no cert being initialized by X509Certificate2 cert = actionContext.Request.GetClientCertificate(); Here

问题 I have a need to write to a remote machine via a Socket from within an applet. The applet resides within an intranet within a closed hospital system so changing the java security file is not an issue. From the Oracle site, they recommend the following policy change: grant { permission java.net.SocketPermission "10.130.71.156:8000", "connect,accept"; }; I have done this but I am still getting the following error: java.security.AccessControlException: access denied (java.net.SocketPermission

问题 I've got a simple pojo named "Parent" which contains a collection of object "Child". In hibernate/jpa, it's simply a one-to-many association, children do not know their parent: these Child objects can have different type of Parent so it easier to not know the parent (think of Child which represents Tags and parents can be different object types which have tags). Now, I send my Parent object to the client view of my web site to allow user to modify it. For it, I use Hibernate/GWT/Gilead. My

问题 This question already has answers here : How to sanitze user input in PHP before mailing? (5 answers) Closed 6 years ago . Hello I have build a email form and I like to know if it is build in a secure way. I have read the article How to Prevent Email Injection in Your PHP Form to Mail Scripts and applied it to my script. Now I like to know if the variable $to and $bcc are save. function sendmail($to,$subject,$message,$bcc=NULL){ //Prevent Email Injection in Your PHP Form to Mail Scripts if (

问题 I know you ca specify a file that is going to override the java.security f java -Djava.security.properties=myProperties How can I set this parameter in a JNLP file? 回答1: Properties in JNLP file you can set using this tag: <property name="key" value="overwritten"/> But you can't set java.security.properties in JNLP. Not all properties are allowed to set in jnlp. For more info see here. Why do you need to change this property? 来源： https://stackoverflow.com/questions/34998336/java-security

问题 I'm working on user passwords security and one of the important things for me is to force the user to reenter a password when the password is found in most common passwords list. What would be the best way to do this? 回答1: It depends. You can create a text-file with common passwords and check if the password a user entert is in this list. One big drawback is that this file would be very large and it is nearly impossible to cover all common passwords this way. So I would recommend to write a