security | 易学教程

Creating a private image folder?

阅读更多关于 Creating a private image folder?

问题 I have a growing website with around 30k images in 4 sizes for a total of 120k. My current solution is storing them in a DB and from what I've read on stack oveflow this seems to be a very bad idea. I'm starting to see why. I've noticed a drastic decrease in performance. think the obvious solution is to move these images to a folder setup and I'd like to use the users ID as a dir name and then have a public and private sub dir. The structure would look like this: /54869 /public /size_1/img1

Beanstalkd / Pheanstalk security issue

阅读更多关于 Beanstalkd / Pheanstalk security issue

问题 I have just started using beanstalkd and pheanstalk and I am curious whether the following situation is a security issue (and if not, why not?): When designing a queue that will contain jobs for an eventual worker script to pick up and preform SQL database queries, I asked a friend what I could do to prevent an online user from going into port 11300 of my server, and inserting a job into the queue himself and hence causing the job to be executed with malicious code. I was told that I could

Protecting code in android asset files

阅读更多关于 Protecting code in android asset files

问题 I have an android application which takes place mostly in webview, I have my html files in my assets folder, but files in the assets folder are very fragile and anyone can have access to codes in assets files. I wanted to ask if you have any tips to protect html and js files in android assets folder. Thanks very much 回答1: Here are my personal suggestion for the security about asset folder. You can load your html or js files from server to webview in runtime. Encrypt your html or js files, the

PrincipalPermission on methods is being ignored when there is PrincipalPermission on class

阅读更多关于 PrincipalPermission on methods is being ignored when there is PrincipalPermission on class

问题 My understanding has always been that security attributes on methods will override security attributes on class, but that doesn't seem to be the case any more as the simple code below demonstrates: class Program { [PrincipalPermission(SecurityAction.Demand, Authenticated = true)] //<-- this passes class DumbClass { [PrincipalPermission(SecurityAction.Demand, Role = "ffff")] //<-- this passes (but shouldn't) public string EchoMethod(string input) { return input; } } static void Main(string[]

数据库数据安全的九个最佳实践

阅读更多关于数据库数据安全的九个最佳实践

【推荐】2019 Java 开发者跳槽指南.pdf(吐血整理) >>> 第 5 章数据库安全目录 5.1. 保护表 5.2. 保护表字段 5.3. 时间一致性 5.4. 为数据安全而分库 5.5. 内容版本控制,撰改留痕 5.6. 用户/角色认证 5.7. Token 认证 5.8. 数据加密 5.8.1. AES_ENCRYPT / AES_DECRYPT 5.8.2. 加密字段 5.9. 开发加密插件开发 5.1. 保护表保护表中的数据不被删除，当记录被用户删除时会提示"Permission denied" 权限拒绝 CREATE DEFINER=`root`@`192.168.%` TRIGGER `member_before_delete` BEFORE DELETE ON `member` FOR EACH ROW BEGIN SIGNAL SQLSTATE '45000' SET MESSAGE_TEXT = 'Permission denied', MYSQL_ERRNO = 1001; END 5.2. 保护表字段通过触发器，使之无法修改某些字段的数据，同时不影响修改其他字段。 DROP TRIGGER IF EXISTS `members`; SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE=''; DELIMITER //

Access control for adb connection of phone

阅读更多关于 Access control for adb connection of phone

问题 I need to prevent others from accessing my phone via adb. Any way we can have password protection for adb connection? 回答1: Since Android 4.2.2, connections to ADB are authenticated with an RSA keypair. This prevents unauthorized use of ADB where the attacker has physical access to a device. Security Enhancements in Android 4.3 回答2: As far as I know, there's no way to set an extra password specific to adb access. If you have USB debugging (adb) enabled, on Android 4.3 or later you need to

“zero knowledge” encryption for mysql database

阅读更多关于 “zero knowledge” encryption for mysql database

问题 I have been looking at encryption for the database layer of my web application. It is using MySQL 5.1 (or higher, I can't remember offhand). The application, managed by my organisation, stores data for public clients. The easiest choice is AES_ENCRYPT/AES_DECRYPT which would help if a baddie somehow gained accessed to my database (assuming they didn't know the key). However I want to take this a step further and prevent anyone in my organisation from being able to view any data stored for

SQL Injection - is this query secure?

阅读更多关于 SQL Injection - is this query secure?

问题 I have a a page that appends different parameters to the URL that are used for the query. For example http://www.example.com/search.php?category=Schools&country[]=Belgium&country[]=Czech+Republic My code is like this if(isset($_GET['country'])){ $cties = "'" . implode("','", $_GET['country']) . "'"; } else { $cties = "'Albania','Andorra','Austria','Belarus','Belgium','Bosnia & Herzegovina','Bulgaria','Croatia','Czech Republic','Denmark','Estonia','Faroe Islands','Finland','France','Germany',

.NET ContentInfo taking too long to process

阅读更多关于 .NET ContentInfo taking too long to process

问题 The following code using ContentInfo(System.Security.Cryptography.Pkcs.ContentInfo) is really taking a long time to execute. Is there anything I can do to speed it up? byte[] fileContents = File.ReadAllBytes(fileName ); var contentInfo = new ContentInfo(fileContents); var signedCms = new SignedCms(contentInfo); signedCms.Decode(fileContents); signedCms.RemoveSignature(0); 回答1: In my situation - I figured out the problem, it was only taking too long during a debug session, outside of the VS

best WSO2-ESB solution for banking application

阅读更多关于 best WSO2-ESB solution for banking application

问题 we are a co-banking solutions company. currently we are developing a solution and we hope to use WSO2-ESB in our solution to manage our services this is the brief scenario of our project,.... we have a oracle application server that generate various services.there are two kind of services 1.services that can be access from outside users 2.services that can be access by inhouse users. ****also security is more concerned my questions are, 1.how to use WSO2-ESB in this scenario..?? 2.is it one