security

问题 I searched a lot and found many answer on how to implement certificate based authenticate in wcf. But my questions are related to fundamental of it. While implementing Certificate based authentication on production, does client provides its certificate which server needs to add on its trusted people store? Or server provides a certificate (signed by server). I guess while configuring wcf server, we just configure certificate location and store. We never bind it with any domain. So any client

问题 Closed . This question is opinion-based. It is not currently accepting answers. Want to improve this question? Update the question so it can be answered with facts and citations by editing this post. Closed last year . I am building an Android app - a key part of which will include integration with a server API. The app is just a side-project and I am really just looking for validation of my planned API security and suggestions of best practice and how other apps do it. The application will

问题 Closed . This question is opinion-based. It is not currently accepting answers. Want to improve this question? Update the question so it can be answered with facts and citations by editing this post. Closed last year . I am building an Android app - a key part of which will include integration with a server API. The app is just a side-project and I am really just looking for validation of my planned API security and suggestions of best practice and how other apps do it. The application will

问题 I am trying to allow remote access to server throught winrs. Somewhere on the internets, I find out that this will need modification of RootSDDL for winrm service, and the value of it could be fetched like this: (Get-Item WSMAN:\localhost\Service\RootSDDL).Value O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-21-3231263931-1371906242-1889625497-1141)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD) Now, the question is the following: When I know SID of the user I want to allow remote access, how do I add to this

问题 I am trying to allow remote access to server throught winrs. Somewhere on the internets, I find out that this will need modification of RootSDDL for winrm service, and the value of it could be fetched like this: (Get-Item WSMAN:\localhost\Service\RootSDDL).Value O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-21-3231263931-1371906242-1889625497-1141)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD) Now, the question is the following: When I know SID of the user I want to allow remote access, how do I add to this

问题 I'm going to write a RESTful WCF service with webHttp or basicHTTP bindings-- nothing fancy. However, I would like to secure it so that unless someone has logged into / authenticated against my ASP.Net MVC website they can't use the service. I must be looking in the wrong places because every discussion or article I read about this deals with securing the service calls via certificates or SSL. That's good to know, but I'm more interested in how to prevent someone from using the service,

问题 I have a folder sitting within the public folder and I am trying to prevent users from accessing files directly from this folder using a .htaccess file. For example, let's say the folder I am trying to prevent is called apples, www.website.com/apples . So far, if someone goes to type in www.website.com/apples/secretfile.php it appears the file is accessible when it shouldn't be. The code I have placed within my .htaccess file itself is like this: RewriteEngine on # -FrontPage- IndexIgnore

问题 i'm working with spring security 3.1.3 in a spring 3.2.0 project. I've configured two entry points for my security using spring security. The idea is to have a url like /enterprise_login where enterprise users should log in and other url like /login where normal users do their log in action. In my security configuration i've the next code <security:global-method-security jsr250-annotations="enabled" pre-post-annotations="enabled" secured-annotations="enabled" /> <security:http pattern="

问题 Scenario: Installed MongoDB 2.2.3 on the machine (Windows 64-bit) Followed all the steps to enforce authentication on MongoDB server. Added User to admin database use admin db.addUser('me_admin', '12345'); db.auth('me_admin','12345'); Ran database server (mongod.exe process) with the --auth option to enable authentication Followed all answers for similar question: How to secure MongoDB with username and password Issue: With new version 2.2.3 I am not able set up authentication. After

问题 I'm developing a commercial project on an ARM based embedded board with a custom Linux kernel on it, using Ruby. Target workspace of the project and the device is a closed-environment, no ethernet, inernet, I/O devices etc... I want to protect my code/program so that; it'll only work on the specific machines I let (so; people cant just copy and paste my code/program on to their embedded boards and run it w/o permission). This can probably done with the machine's MAC address tho; I don't have