security

问题 I am sending POST request to URL https://username:password@example.com in my script. I know that HTTPS encrypts credentials so they should not be visible on network. But what about server logs, will they be visible there? Are there any other disadvantages of using this approach? How can I make authentication more secure on client/server side? 回答1: You can find more information here: Are HTTPS URLs encrypted? (tl;dr: the way you are sending it is not encrypted most probably, but you can send

问题 Main Question I am working on an API in Java that needs to detect the use of brands (e.g. PayPal, Mastercard etc.) in phishing emails. Obviously there are different strategies that the attackers use to target these brands so that they are harder to detect. For instance " rnastercard " looks very similar to " mastercard " and can fool an unsuspecting user. At this time I can easily detect the misspellings of these brands using a form of fuzzy string search. However the problem I am facing is

问题 A sibling department has created an HTML file that is effectively a scaffold for a handful of iframes. The iframes each call a report, which is hosted on a web server, with slightly different parameters. The called report will show a sign-on form to unauthenticated users, or the report contents to already-authenticated users. scaffold.html: <html> <head> <title>I just show the output from a bunch of report calls</title> </head> <body> <iframe src="https://somesite.com/useful_report.html

问题 A sibling department has created an HTML file that is effectively a scaffold for a handful of iframes. The iframes each call a report, which is hosted on a web server, with slightly different parameters. The called report will show a sign-on form to unauthenticated users, or the report contents to already-authenticated users. scaffold.html: <html> <head> <title>I just show the output from a bunch of report calls</title> </head> <body> <iframe src="https://somesite.com/useful_report.html

问题 How can I securely pass the password to signtool.exe ? Here's the code: [Setup] SignTool=mysigntool signtool.exe" sign /f <path_to_pfx_certificate> /p <certificate's_password> $f I know there's a method like GetSHA1OfString , but here I need the opposite. 回答1: If you are asking how to encrypt the password, it does not make sense. An encryption needs a key (aka a password). So you end up with another password, which you again need to store somewhere in plain text. It's a kind of a chicken or

问题 Can I use OAuth 2.0 without a browser (or an embedded browser in my app) to perform nightly uploads? Setup I have a refresh token and access token from provider console-- Google Drive API I wish to use Java SDK to use/reuse these to upload data without the requirement for any browser authorization once i have initially received my refresh/access tokens. 回答1: Yes. That is precisely what unattended access with the refresh token is about. When the user granted permission to the app, he was

问题 Can I use OAuth 2.0 without a browser (or an embedded browser in my app) to perform nightly uploads? Setup I have a refresh token and access token from provider console-- Google Drive API I wish to use Java SDK to use/reuse these to upload data without the requirement for any browser authorization once i have initially received my refresh/access tokens. 回答1: Yes. That is precisely what unattended access with the refresh token is about. When the user granted permission to the app, he was

问题 Can I use OAuth 2.0 without a browser (or an embedded browser in my app) to perform nightly uploads? Setup I have a refresh token and access token from provider console-- Google Drive API I wish to use Java SDK to use/reuse these to upload data without the requirement for any browser authorization once i have initially received my refresh/access tokens. 回答1: Yes. That is precisely what unattended access with the refresh token is about. When the user granted permission to the app, he was

问题 Can I use OAuth 2.0 without a browser (or an embedded browser in my app) to perform nightly uploads? Setup I have a refresh token and access token from provider console-- Google Drive API I wish to use Java SDK to use/reuse these to upload data without the requirement for any browser authorization once i have initially received my refresh/access tokens. 回答1: Yes. That is precisely what unattended access with the refresh token is about. When the user granted permission to the app, he was

问题 Can I use OAuth 2.0 without a browser (or an embedded browser in my app) to perform nightly uploads? Setup I have a refresh token and access token from provider console-- Google Drive API I wish to use Java SDK to use/reuse these to upload data without the requirement for any browser authorization once i have initially received my refresh/access tokens. 回答1: Yes. That is precisely what unattended access with the refresh token is about. When the user granted permission to the app, he was