security

问题 I wrote a Web Application and I would like to allow other developers to get the information from it. The server Im working on is not that awsome and cant handle that many request, so the idea is to generate and assign api keys to everyone that wants to query our information. With Api keys I can limit the daily requests and perhaps collect some statistics to see what information is really useful for the other developers. The thing is, Im concerned about the security aspect of it. Since the Api

问题 I deployed my ASP.NET project on host but take this fail. I am trying to solve this issue for hours but could not. On my first page users enter email and password after click login button they navigate menu. All datas store in mysql db. After publish i could not see mysqldata.dll in bin folder so i have added manually. Please help me to solve this issue. I should deploy in 2 days. This issue is displaying after while i am trying to login. Server Error in '/' Application. Security Exception

问题 We have a WCF service that connects to an oracle database. The connection to the database must be done using the credentials of the user that is calling the service. How can I set it up so that I can get access to the username and password set in the client credentials at the client so that I can add these to the connections string created when I want to connect to the database to get the data for the service call? Or is there some other way that this should be handled? If it makes a

问题 I'm trying to learn WCF, but I don't really understand what I have to do. I have a database with usernames and passwords and the user should authenticate before he may use the service. For now, the username and password is hardcoded: class UsernameAuthentication : UserNamePasswordValidator { /// <summary> /// When overridden in a derived class, validates the specified username and password. /// </summary> /// <param name="userName">The username to validate.</param><param name="password">The

问题 Let me rephrase my last question, what PHP library or framework can I use for professional and secure authentication? Extra points if your idea helps implement account Control Panel features (change password, edit profile). How do you pros do it? Have you ever done trustworthy authentication using PHP? 回答1: I personally really like the symfony framework and its sfGuard plugin. It provides very easy to configure authentication. It hashes and salts all the passwords and provides a backend

问题 I'm trying to secure the Node Redis IPC server to use a private/public key. I've followed this tutorial which uses stunnel which wraps the tunnel used by Redis under a SSL layer. The example is not for Node, but it does secure the connection, and I only can connect to the server if I include the certification in my config file, otherwise the connection is reseted. However, I cannot replicate this with NodeJS. On my server computer, I have: var redis = require('redis'); var client = redis

问题 I have a Java Web App running on Tomcat on which I'm supposed to exploit Path traversal vulnerability. There is a section (in the App) at which I can upload a .zip file, which gets extracted in the server's /tmp directory. The content of the .zip file is not being checked, so basically I could put anything in it. I tried putting a .jsp file in it and it extracts perfectly. My problem is that I don't know how to reach this file as a "normal" user from browser. I tried entering ../../../tmp

问题 I am using this JQuery Ajax Voting system guide as a rough reference but I am a little troubled at the security of this. Right now this guide basically stores the ID of something and the vote statistics for it. I'd like to go off a similar idea but I need to include the userID as well so a user can only vote once. This is stored in a PHP session variable and I was wondering if the ajax page that gets called will have access to that session or not. If not, what is a safe way of passing in the

问题 I am developing a Web application which uses JBoss RESTEasy (resteasy-jaxrs-3.0.8) but I want to disable the RoleBasedSecurityFilter.java and only use my own custom SecurityInterceptor class (which also implements javax.ws.rs.container.ContainerRequestFilter just as the RoleBasedSecurityFilter class does, so they are both security filters). The reason for this is that line 43 in RoleBasedSecurityFilter.java calls a isUserInRole() method, which always returns false in my application. And as

问题 Can someone tell me how I can go about forcing webview in android to use TLS or simply block SSLv3 in android ? 11-07 11:40:16.711 D/WebActivity( 6474): onPageStarted-url : example.com 11-07 11:40:16.946 W/chromium( 6474): external/chromium/net/http/http_stream_factory_impl_job.cc:865: [1107/114016:WARNING:http_stream_factory_impl_job.cc(865)] Falling back to SSLv3 because host is TLS intolerant: 11-07 11:40:16.951 E/WebActivity( 6474): Origin: example.com Quota: 9223372036854775807 Usage: