security

问题 It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center. Closed 8 years ago . I have intellectual-property coded into .net 2.0 fully-trusted assemblies (.exe + DLLs) on an end-user machine, which I would like to protect from being hacked / reverse-engineered (WebService / Cloud-Computing

问题 I created a form in which you have to insert an email address. I already have a validation method. But i need to make sure that the email actually exists. Is it possible? 回答1: In the general case it is not possible without user interaction. A few things you can do to validate an email address: Regular expression You can use a regex to validate the email address format . It does not guarantee that the address exists, but at least your user input will be well formed. Validating email addresses

问题 I read many articles about unsafe functions like strcpy, memcpy, etc. which may lead to security problems when processing external data, like the content of a file or data coming from sockets. This may sound stupid, but I wrote a vulnerable program but I did not manage to "hack" it. I understand the problem of buffer overflow. Take this example code: int main() { char buffer[1]; int var = 0; scan("%s", &buffer); printf("var = 0x%x\n", var); return 0; } When I execute the program and type

问题 I wrote SpringBoot application with authentication via web login form. Class WebSecurityController is responsible for authentication and authorization. Here is its code: @Controller @EnableWebSecurity public class WebSecurityController extends WebSecurityConfiguration { @Autowired DataSource dataSource; protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/users/getAll").access("hasRole('ROLE_ADMIN')") .anyRequest().permitAll() .and()

问题 Sorry for too long post, but I had no choise! So the question is “can we establish a blockchain (precisely DAG) as an infrastructure of a cryptocurrency, which uses only Proof Of Stack to securing transactions?”. What are the flaws of this approach? The scenario is like that: I develop and release the prototype software and run the first node. As a founder and the first member of the network, I made a to-do list of future develops of that software. The goal is improve software and strengthen

问题 I am confuse where add jar file (bcprov-jdk15-145.jar) for adding security file for BouncyCastleProvider. In application library or In JRE jre6\lib\ext\ folder. Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); 回答1: Unless you have a specific reason for adding a JAR file to the JRE's lib/ext directory don't put anything in there. This directory is for Installed Extensions, not just dependencies of your application. Just add the bcprov-jdk15-145.jar file to the

问题 Quick explanation: Home hobby server Some public services, some I'd like to restrict to internal only Since I discovered reverse proxies (😊) I've been migrating everything behind subdomains of my domain, via Apache I then discovered that I could no longer simply use Require local as before, since Apache always sees the public IP address of the client Require forward-dns appears to be the solution I want, however it's not giving the expected result I'm on a dynamic IP, but the results seem

问题 I am setting up a mysql app. This is my getUsername method connects using standard mysqldb formatting. Does this mean it is a prepared statement? Also, is this code safe, or am I vulnerable to SQL injection? def selectUser(userName): try: username = pickle.loads(base64.decode(userName)) except: username = "admin" query = "SELECT name FROM users WHERE name = '%s'" conn = MySQLdb.connect('localhost', 'dbAdmin', 'lja8j30lJJal##', 'blog'); with conn: c = conn.cursor() c.execute(query, (username,)

问题 I have a string that I want to decrypt at runtime in my C# WPF Application. I thought I could use the following code: using System.Text; using System.Web; using System.Web.Security; [Test] public void Encrypt() { var text = "This is my string"; var stream = Encoding.UTF8.GetBytes(text); var encodedValue = MachineKey.Protect(stream); var result = HttpServerUtility.UrlTokenEncode(encodedValue); } [Test] public void Decrypt() { var text = "ZG1CrjMgyq5O1krnBxoYM5rXH071xVxFnhC3xTTBiJ05Uy4msSe0jonP

问题 I create project for test authentication in ASP.Net Core Web API with using JWT tokens. I implemented the basic functionality for working with accounts, but I ran into some problems. UsersController: [Authorize] [ApiController] [Route("[controller]")] public class UsersController : ControllerBase { private readonly IUserService _userService; private readonly IAuthenticationService _authenticationService; public UsersController( IUserService userService, IAuthenticationService