security

Prevent URL obtained from NFC from being shared or accessed remotely

笑着哭i 提交于 2020-03-05 00:38:30
问题 one advantage of NFC vs QR code is that unlike QR code which can be photographed and accessed from anywhere later, an NFC binds you to scan the NFC chip from close distance in order to access the info. But, once scanned and your browser is ready to open the URL, what prevents the user from sharing the URL so that others can use it and access it remotely (or to use it twice, when already away from the NFC tag)? My use case is to let a person who is physically near the NFC device, to submit

Prevent URL obtained from NFC from being shared or accessed remotely

给你一囗甜甜゛ 提交于 2020-03-05 00:33:09
问题 one advantage of NFC vs QR code is that unlike QR code which can be photographed and accessed from anywhere later, an NFC binds you to scan the NFC chip from close distance in order to access the info. But, once scanned and your browser is ready to open the URL, what prevents the user from sharing the URL so that others can use it and access it remotely (or to use it twice, when already away from the NFC tag)? My use case is to let a person who is physically near the NFC device, to submit

Java Exception during signature verification (error decoding signature bytes)

好久不见. 提交于 2020-03-04 07:11:48
问题 I have to verify a certificate. I'm not an expert of cryptography, so probably I did something (or everything :) ) wrong. When the code reach the last step ( boolean b = sig.verify(CertSign); ), it fires an exception: java.security.SignatureException: error decoding signature bytes . Could someone help me to figure out what I'm doing wrong? The following is a test code that shows the problem: private void test() { byte [] CertBody = new byte[]{(byte)0x7F,(byte)0x4E,(byte)0x81,(byte)0x82,

Java Exception during signature verification (error decoding signature bytes)

瘦欲@ 提交于 2020-03-04 07:11:12
问题 I have to verify a certificate. I'm not an expert of cryptography, so probably I did something (or everything :) ) wrong. When the code reach the last step ( boolean b = sig.verify(CertSign); ), it fires an exception: java.security.SignatureException: error decoding signature bytes . Could someone help me to figure out what I'm doing wrong? The following is a test code that shows the problem: private void test() { byte [] CertBody = new byte[]{(byte)0x7F,(byte)0x4E,(byte)0x81,(byte)0x82,

[Unity3d]socket通信 切换到web版本时报错SecurityException解决办法

寵の児 提交于 2020-03-02 08:27:41
今天苦战了一天,就跟一个Unity切换到web平台的socket通信出错苦苦纠缠了一天,问了好多大牛,但他们的回复都是我没搞过web平台下的通信或者我只专研于pc或者移动平台。看来没办法了,只能自己硬着头皮往下探究了,貌似之前flash开发就是这样,凡事碰到要跟服务器通信的都会出现老大难的权限不足的错误。 具体错误如下: SecurityException: Unable to connect, as no valid crossdomain policy was found System.Net.Sockets.Socket.Connect_internal (IntPtr sock, System.Net.SocketAddress sa, System.Int32& error, Boolean requireSocketPolicyFile) System.Net.Sockets.Socket.Connect (System.Net.EndPoint remoteEP, Boolean requireSocketPolicy) System.Net.Sockets.Socket.Connect (System.Net.EndPoint remoteEP) System.Net.Sockets.UdpClient.DoConnect (System.Net

Spring Boot Security JWT 权限实现

孤者浪人 提交于 2020-02-29 11:13:16
是什么?解决了哪些问题 JSON Web Token,看名字就知道是什么了。 和session相比不用在server端保存一个连接客户端的会话 没有将生成的token保存到server端,所以即使每次请求是不同的服务端,也可以运行,实现了分布式。 原理 JSON Web Token结构 结构: xxxx.yyyy.zzzzz Header Header包含两部分:1、token的类型,这里是JWT,2、所使用的hash算法(HMAC SHA256 或者 RSA) { "alg": "HS256", "typ": "JWT" } 然后Base64加密 Payload 主要包含三类声明: 预保留的声明(Reserved claims),这类推荐但是不强制使用,包括: iss (issuer), exp (expiration time), sub (subject), aud (audience), and others 公共声明(Public claims),这类可以添加任何信息但不建议添加敏感信息。 私有声明(Private claims),消费者和提供者之间共享的信息表明双方可以使用它们。 例如 { "sub": "1234567890", "name": "John Doe", "admin": true } 然后Base64加密 Signature

Controlling access to a website with IIS/Active Directory

≯℡__Kan透↙ 提交于 2020-02-29 06:54:47
问题 I need to secure a legacy help site on our network that points out to the world. Ideally, I want to have people authenticate with their active directory logins, because everybody in the company is already there, and they already know that stuff. Ideally, I'd need to set the default domain so people don't have to type that. I have an example to model my solution after, but to call it weird is a bit of an understatement. Anonymous access is enabled, with authenticated access restricted to

Controlling access to a website with IIS/Active Directory

荒凉一梦 提交于 2020-02-29 06:54:14
问题 I need to secure a legacy help site on our network that points out to the world. Ideally, I want to have people authenticate with their active directory logins, because everybody in the company is already there, and they already know that stuff. Ideally, I'd need to set the default domain so people don't have to type that. I have an example to model my solution after, but to call it weird is a bit of an understatement. Anonymous access is enabled, with authenticated access restricted to

Preventing processes to execute certain system calls

蹲街弑〆低调 提交于 2020-02-26 07:31:54
问题 I'm writing a program that spawns child processes. For security reasons, I want to limit what these processes can do. I know of security measures from outside the program such as chroot or ulimit , but I want to do something more than that. I want to limit the system calls done by the child process (for example preventing calls to open() , fork() and such things). Is there any way to do that? Optimally, the blocked system calls should return with an error but if that's not possible, then

Preventing processes to execute certain system calls

给你一囗甜甜゛ 提交于 2020-02-26 07:31:22
问题 I'm writing a program that spawns child processes. For security reasons, I want to limit what these processes can do. I know of security measures from outside the program such as chroot or ulimit , but I want to do something more than that. I want to limit the system calls done by the child process (for example preventing calls to open() , fork() and such things). Is there any way to do that? Optimally, the blocked system calls should return with an error but if that's not possible, then
订阅 security