security

问题 I've noticed a few websites deny access from iFrames to their registration and login pages for security reasons. It's a good idea in my opinion. I'm wondering what settings they need in order to do this as I would like to do the same on my website. The website in question is built in Java and runs on Apache Tomcat. If anyone knows how this is done it would be great if you could share. 回答1: well, you should use the x-frame-options . read this article, hope it helps: http://blogs.msdn.com/b

问题 In my MVC application I have a page for a user editing their account details such as email address, password etc. In my database a User table holds this data and the primary key is UserId. On the ChangeAccountDetails view I have created I pass a ViewModel with the data the user should be able to modify on their account. I also store the UserId in the ViewModel which is rendered into a hidden field on my actual view. I have a concern that this is not safe for the reason that on POST action to

问题 What should I do if I want to release a .net assembly but wish to keep its internals detailed in the manifest private (from a utility such as ildasm.exe) ? 回答1: I think what you're talking about is "obfuscation". There are lots of articles about it on the net: http://en.wikipedia.org/wiki/Obfuscation The "standard" tool for obfuscation on .NET is by Preemptive Solutions: http://www.preemptive.com/obfuscator.html They have a community edition that ships with Visual Studio which you can use.

问题 I'm searching a way to restrict my iOS device to a particular app. I have found a good way to disable my iPad Home button functionality through Kiosk Mode for iOS So is it possible to restrict my iOS device to a particular app without jail-breaking? Will App-Store reject my application if I done this? 回答1: Phew... Finally I found.Guided Access is a new feature in iOS 6 that will do the functionality .It's a built-in feature. Guided Access is activated for a particular app, iOS device will

问题 I am developing a social network and I would like to know if in the profile page of a user I could put the user id stored in database as a parameter in the url or is it a bad idea in terms of security? I want the url to be bookmarkable. Should I put another thing instead of the user id? 回答1: In terms of security there's no problem in putting the user id in a url. For example StackOverflow does it already: https://stackoverflow.com/users/3477044/aliuk What's important is to verify that the

问题 We are facing below error after Microsoft's October patches applied on the server. We have set Run64BitRunTime to false and DelayValidation to True and changed path of the excel folder. Still facing below issue. Error: 0xC0202009 at SSIS_Document_Report, Connection manager "Excel Connection Manager": SSIS Error Code DTS_E_OLEDBERROR. An OLE DB error has occurred. Error code: 0x80004005. An OLE DB record is available. Source: "Microsoft JET Database Engine" Hresult: 0x80004005 Description:

问题 We're building an app with a Java Spring/Hibernate backend running in JBoss. The frontend is AngularJS. We haven't yet done anything to setup XSRF tokens on the server end. We also don't (not yet anyway) have a requirement to allow other domains access to our web resources. I figured I'd try to see if our site was vulnerable to an XSRF attack so I set up a malicious webapp to post to one of our real app's urls using Angular's $http.post(). I logged in to the real app, then I tried posting

问题 I am trying to edit the java.security file in windows. When I add an entry to it and try to save, it says 'Access Denied'. How do I change the permissions to this file. I have also tried by making notepad to Run as administrator but it didn't work. Please help. 回答1: Try this and say if it works. It worked for me while opening hosts file. http://www.labnol.org/software/edit-hosts-files-as-administrator/13673/ edit: The relevant information from the linked page: Step 1. Open your Windows start

问题 I've been messing with this for about a day and a half now sifting through .NET reflector and MSDN docs, and can't figure anything out... As it stands in the .NET framework, you can demand that the current Principal belong to a role to be able to execute a method by marking a method like this: [PrincipalPermission(SecurityAction.Demand, Role = "CanEdit")] public void Save() { ... } I am working with an existing security model that already has a "ReadOnly" role defined, so I need to do exactly

问题 I am trying to configure Jasypt with Spring Security. My configuration file looks like this: jdbc.driver=com.mysql.jdbc.Driver jdbc.url=jdbc:mysql://localhost:8090/sample jdbc.username=ENC(*****) where the *****=the salted username jdbc.password=ENC(*****) where the *****=the salted password My servlet xml contains the proper bean setup in this format: <bean id="propertyPlaceholderConfigurer" class="org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer"> <constructor-arg ref