security

问题 My goal is to find out how to programmatically adjust permissions on files & directories in Windows using .NET. I have identified the following options: Windows API (yuck!) Active Directory Service Interfaces (COM... ugh...) Windows PowerShell (?) Google for an easy-to-use facade. None of these seem very palatable to me. Which route would you guys take? Perhaps there's another way? 回答1: You can do this type of thing using the FileSecurity class 来源： https://stackoverflow.com/questions/1278099

问题 Which pages need to use a SSL Certificate for a online shop? This site is available just for registered users and the Payment is made using a third party provider. I suppose: login, signup, change password. Any other recommendation? 回答1: Use SSL based on which pages send or receive confidential information. Your "About Us" or "Products and Services" pages do not need to use SSL. The pages you mentioned (login, signup, change password) do. 回答2: Simply make all pages SSL encrypted. You probably

问题 I'm working on a web app that can allow the user to input some code, and it will be compiled and executed, and they can see the result. I'm coding the app in PHP and I need a way to ensure that if the user inputs some harmful code (this example is PHP), it can't execute and destroy my server. Example: <?php shell_exec('rm -rf /'); ?> I'm thinking that permissions on the uploaded code's file might do it just fine, but I wanted some secondary input. Thanks! 回答1: Do not do this unless you are a

问题 Pardon the length here...hopefully I didn't go overboard... I'm in the process of working on my first production MVC application and I'm trying to stick to DDD principles in the process. I've run into some questions related to how to deal with the security requirements of the application and thought I'd see if the SO community could offer some best-practice suggestions. Domain Information To use a simplified explanation, this application will have AffiliateCompanies , Users , and Customers .

问题 I'm trying to run a simple cmd utility on a remote Windows server from within a vbscript by invoking the Win32_Process class, like so: serverIP = "10.0.0.3" Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & serverIP & "\root\cimv2:Win32_Process") RunCommand = "cmd.exe /c echo hello >c:\hello.txt" wscript.echo RunCommand intReturn = oWMI.Create(RunCommand, Null, Null, intProcessID) wscript.echo intReturn Select Case intReturn Case 0 Wscript.Echo "Successful" Case 2 Wscript

问题 I'm Doing a web app testing and found some vulnerability on having the Multiple x-frame-options header entries. What browsers are vulnerable for multiple x-frame-options? What are the attacks possible for the Multiple x-frame-options header entries? ClickJacking seems to be a hard approach since this is not possible with the newer browsers. 回答1: According to RFC7034 [1], it is allowed to set multiple message-headers with the same name. When such message-headers are present, they are usually

问题 I am trying to download this website csv file, the file small only take like 2 seconds to download with any browsers. http://www.nasdaq.com/screening/companies-by-name.aspx?letter=0&exchange=AMEX&render=download using HttpWebRequest and also WebClient but looks like nasdaq.com is not letting the data to flow through with these two methods, I also tried with Fiddler and nothing coming back. I only can download this data using any browsers. I tried to change the header, the agent, security

问题 I worked long time back on a website and it has been working fine, recently a problem has been reported, which I need to go through. In my site there is a folder named repository, which contains files like word and PDF documents and ideally only logged in users are allowed to download them but now it has been observed that anyone who is not logged into the website, can even also download them :( Is there any wayout to handle it without moving the folder out of the web directory? Like making

问题 I am having a problem with code that worked fine in .NET 2.0 but is giving this error under .Net 4. Build (web): Inheritance security rules violated while overriding member: 'Controls.RelatedPosts.RenderControl(System.Web.UI.HtmlTextWriter)'. Security accessibility of the overriding method must match the security accessibility of the method being overriden. This is in DotNetBlogEngine. There were several other security demands in the code that .NET 4.0 doesn't seem to like. I followed some of

问题 One of the security requirements for my web based system is to prevent people logging in as the same user on different machines at the same time. E.g. to ensure that people cant all log in using the same password/share passwords. Is there a way to achieve this using the ASP.NET membership provider. Will I need to manually store info on each session and if so is this reliable? 回答1: Check System.Web.Security.MembershipUser.IsOnline when the users is logging in. 回答2: There are no good standard