security

问题 Specifically, I just want to generate a cryptographically secure random number between 0 and some number x . In OpenSSL this is done with the function bn_range . I can implement it myself using Java's BigInteger(int bits, Random r) constructor (which generates a number from 0 to 2 bits ). But I would like, if possible, to use a better tested algorithm for the sake of security. Is there a standard way to do this in Java? P.S. I am actually using Android, but I don't know how to do it in

问题 I recently had a bug where I didn't properly handle when the entropy on my linux server got too low and a read of /dev/urandom returned less than the number of bytes expected. How can I recreate this with a test? Is there a way to lower the entropy on a system or to reliably empty /dev/urandom? I'd like to be able to have a regression test that will verify my fix. I'm using Ubuntu 12.04. 回答1: According to random(4) man page, read from the /dev/urandom device will not block You should read a

问题 I was thinking about creating a service similar to posterous where users can post to a fixed address like post@domain.com and then authentication of the posts would be based on some combination of the from address and header signature. Posterous seems to be doing something clever so that they can detect if a message is being spoofed or sent from an unknown source. Anyone know what they might be doing? 回答1: There are some basic heuristics you could use, to try to detect it. The most basic

问题 This is not a simple question its just because i'm rethinking our architecture for securing our EJB 3.0 service by a login and security. We have a EJB3.0 application on JBoss 5.1 that offers various services to a SWT client to read and write data. To use a service, the client must login with a valid user and password which is looked up by SpringSecurity in a LDAP server. SpringSecurity generates a session id which is passed back to the client to be resused in any further service call. client

问题 Closed . This question needs to be more focused. It is not currently accepting answers. Want to improve this question? Update the question so it focuses on one problem only by editing this post. Closed 2 years ago . I'm using the standard php paypal form for payments on my e-commerce app. I noticed that people with just firebug can change the paypal form data before sending the request for paying by the "PAY NOW" button. So I'm wondering, is it a "standard" to have a payment's form that can

问题 There's an older question about this, but no answers: How to securely connect to Heroku Redis via the command line? How are people connecting to Redis remotely? Just ignoring the security warning when running heroku redis:cli ? WARNING: Insecure action. All data, including the Redis password, will not be encrypted. Or is it simply "Don't do that"? The article linked from the older post mentions that redis-cli connections are insecure, but only discusses how to subvert the warning. I was

问题 I plan to let website users upload their own SVG documents and render them with inkscape or svg2pdf . The users will either be unauthenticated or go through a trivial sign-up process, so I would expect some hack attempts. I should therefore appreciate any pointers on what filtering I can do to minimise security threats. Inkscape doesn't seem to be bothered by JavaScript onload tags and happily renders the content without anything untoward happening (that said, I can't get Firefox 10 to cough

问题 I spent a long time yesterday to configure for my CouchDB instance in order to create a little app and letting CouchDB manage authentication and authorizations for me. So I ended up with something like that : On top of everything I've got a server admin, who basically is god on my CouchBD instance. Then I created a database named "mydatabase" (for example) and added the role "mydatabase_dba" as admin and also the role "mydatabase_user" as reader. I also created a database named "_users" which

问题 I'm using final Intent notice = new Intent(); notice.setType("text/plain"); notice.putExtra(Intent.EXTRA_SUBJECT, "My Subject"); notice.putExtra(Intent.EXTRA_TEXT, "My Text"); try { getContext().startActivity(Intent.createChooser(notice, "Send...")); } catch(final android.content.ActivityNotFoundException ex) { Toast.makeText(getContext(), "There are no email clients installed.", Toast.LENGTH_SHORT).show(); } catch(final SecurityException ex) { Toast.makeText(getContext(), "Sorry, application

问题 I have to build an Android application which shows a list of pdf files. These pdf files should be secured, in other words - the user of the app should not be able to get a copy of the pdf content by any means (copy/cut/print...etc). My questions now are How should I ship the content of the pdf file along with .apk file. If we send the content of the file in a diff format (raw/byte code), how should I convert the file back to pdf and where should I place the file on the installed machine such