security

问题 I can make a request through a corporate proxy with authentication using c# and httpWebrequest. I could then get the proxy and port used. Then I tried to use it with curl, wget and rebol and all failed. For example after creating environment variable http-proxy containing proxy ip and port, I type this command in cmd prompt: curl --proxy-user login:password google.com it answers (6) could not resolve host:google.com For what reason does http request works for c# and not for others ? 回答1: Have

问题 I'm working on a simple utility to encrypt files as a learning experience. Everything seems to be working fine, but I'm wondering if I have setup the Key/IV/Salt data securely. I have noticed that when it comes to cryptography most people seem to envision a working environment that is loaded with malware manned by a wizard remotely ready to dive through the memory of a running application/page file to get at these secure files. Let's pretend that you're on a clean machine and you encrypt some

问题 There is a function that returns an array from a table: GetFilteredData: function() /*==================================================== - returns an array containing filtered data: [rowindex,[value1,value2,value3...]] =====================================================*/ { var row = this.tbl.rows; var filteredData = []; for(var i=0; i<this.validRowsIndex.length; i++) { var rowData, cellData; rowData = [this.validRowsIndex[i],[]]; var cells = tf_Tag(row[this.validRowsIndex[i]],'td'); for

问题 I want to create a C++ program with limited privileges. I made some research on the internet and found out that I have to create a token and then use the AdjustTokenPrivileges() method to alter its privileges. However, I didn't quite understand how this is to be done. Can someone please provide me with an example of how to create a token and disable its privileges? Thanks :) 回答1: Did you check out the example at Executing Privileged Operations Using C++ ? Seems like you just need to figure

问题 I am having a thin gateway/portal application based on Node.js and express . It is managing sessions, user authentication and routing (to the actual application). According to https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Session_ID_Guessing_and_Brute_Force_Detection it is recommended to block IP-adresses once the application detects multiple failed login attempts in a given period. Now I am having 2 questions: 1) In what part of the infrastructure should those IP-Adresses be

问题 I have created an app that can lock the phone with a pin code using DevicePolicyManager, resetPassword and lockNow(). It works perfectly on my Galaxy S and on all other phones but not on HTC Desire. On a Desire the pin code screen appears but you can simply press the ok button without entering the pin code and the phone will still unlock. A user says that the lock works if he does not use the phone for about 5 minutes. Does anyone have a hint of what could be wrong, or any suggestion of what

问题 I want to write these values in the security event log: Console.WriteLine("Level: {0}", eventInstance.LevelDisplayName); Console.WriteLine("Date: {0}", eventInstance.TimeCreated); Console.WriteLine("Forrás: {0}", eventInstance.ProviderName); Console.WriteLine("Event id: {0}", eventInstance.Id); Console.WriteLine("Task: {0}", eventInstance.TaskDisplayName); string sSource; string sLog; string sEvent; sSource = eventInstance.ProviderName; sLog = "Security"; sEvent = eventInstance

问题 I facing a problem with standard java http client. By some reason that I don't know yet it go into infinite loop and utilize all cpus I have. Below is an example stack trace and a method where the infinity loop is running. "HttpClient-1-Worker-34" #232 daemon prio=5 os_prio=0 cpu=37704.71ms elapsed=231.22s tid=0x00007f1580279000 nid=0x31fc runnable [0x00007f1575059000] java.lang.Thread.State: RUNNABLE at jdk.internal.net.http.common.SSLFlowDelegate$Writer.processData(java.net.http@11.0.1

问题 We need to make some instances of our SQL Server invisible, so you can't view it from SQL Server Management Studio "Browse for servers" screen but you can connect to it if you know its instance name... Also prevent any possibility of getting the list of the other instances from inside an instance that you are connected Any ideas? 回答1: Perhaps this is what you are looking for. How to: Hide an Instance of SQL Server Database Engine 回答2: As I mentioned, I'd suggest you use a non-standard TCP

问题 Basicaly, I've been working on a website for months now, and i'm about to open it. Before the opening I'm going over potential security issues, and i've made some research over the web to find what are the cummon security issues in php, I knew already how to fix most of them, although I really have an issue with one of them : I want to avoit using include($_GET['page']) , I've made some research but haven't found anything really handy to use, although is there any way I can just "secure" my