security

问题 Both CRC and hash methods can be used to verify the integrity of the original data. Why do most systems uses hash method nowadays? 回答1: CRC was designed to prevent transmission errors, not malicious action. Therefore, it isn't collision resistant. In particular, the linear properties of CRC codes even allow an attacker to modify a message in such a way as to leave the check value unchanged 回答2: HASH methods (ONE WAY ENCRYPTION) are more complex (and powerful) than simple check codes (CRC).

问题 Does holding a user's password in a javascript variable in the browser expose any specific security vulnerabilities, over and above the usual security vulnerabilities of a browser-based client? Consider this snippet as a simple example - jsfiddle here <label for="password">Password</label> <input type="password" id="password"/><br/><br/> <button type="button" id="pwdButton">Store password in window.password</button> <script> function getContentsOfPasswordField() { return jQuery("input

问题 Thanks to Gaurav Mantri for answering my earlier question Azure ACS Set Up in C#. However can someone explains to me, how the following line is secured ? if (!ClaimsPrincipal.Current.Identity.IsAuthenticated) The client in the ACS schema is conveniently a man in the middle , he might fail loging into Facebook, for example and this gets relayed to ACS (I'm assuming this portion is secured), but now ACS is telling the client to go back to the relying party about the failure. How is that last

问题 The bounty expires in 5 days . Answers to this question are eligible for a +50 reputation bounty. Hemant Metalia wants to draw more attention to this question: “Expecting some sort of solution which can be implemented to prevent such hacks.” As we know Rest services are stateless, General strategies to authenticate is using a token based authentication. In login service it takes credentials which returns a token. This token might be set in client cookies, and all subsequent requests uses this

问题 my application play videos files after that user they are registered .(files are larger than 100 MB ) . Is it better to do I store them on the hard drive and Keep file path in database ? Or do I store in database as File Stream Type ? When data is stored in the database, are more secure against manipulation vs with stored in hard ? How to provide data security against manipulation ? Thanks . 回答1: There's a really good paper by Microsoft Research called To Blob or Not To Blob. Their conclusion

问题 my application play videos files after that user they are registered .(files are larger than 100 MB ) . Is it better to do I store them on the hard drive and Keep file path in database ? Or do I store in database as File Stream Type ? When data is stored in the database, are more secure against manipulation vs with stored in hard ? How to provide data security against manipulation ? Thanks . 回答1: There's a really good paper by Microsoft Research called To Blob or Not To Blob. Their conclusion

问题 my application play videos files after that user they are registered .(files are larger than 100 MB ) . Is it better to do I store them on the hard drive and Keep file path in database ? Or do I store in database as File Stream Type ? When data is stored in the database, are more secure against manipulation vs with stored in hard ? How to provide data security against manipulation ? Thanks . 回答1: There's a really good paper by Microsoft Research called To Blob or Not To Blob. Their conclusion

问题 How is proper way to store an array in a cookie? in PHP Code example: $number_ticket=2; $info[7][5]=1; $info[8][5]=1; 回答1: Serialize data: setcookie('cookie', serialize($info), time()+3600); Then unserialize data: $data = unserialize($_COOKIE['cookie'], ["allowed_classes" => false]); After data, $info and $data will have the same content. 回答2: To store the array values in cookie, first you need to convert them to string, so here is some options. Storing cookies as JSON Storing code setcookie(

问题 i'm testing several combinations of sha1 and md5: <?php $test = 'fail test'; echo nl2br ("Text: $test\n"); echo nl2br ("md5: ".md5($test)."\nsha1: ".sha1($test)."\nsha1(md5): ".sha1(md5($test))."\nmd5(sha1): ".md5(sha1($test))); ?> Output: Text: fail test md5: 748410d0085967c496d54dd8fcbecc96 sha1: d730125e8cb8576459173655148fb6896ef44c09 sha1(md5): faa3ebeecfec45e509e93e6b245a69e2a78785ea md5(sha1): b48e89b85c350c91eb302c1de96d4249 Which one better, or maybe user something else ? If yes,

问题 i'm testing several combinations of sha1 and md5: <?php $test = 'fail test'; echo nl2br ("Text: $test\n"); echo nl2br ("md5: ".md5($test)."\nsha1: ".sha1($test)."\nsha1(md5): ".sha1(md5($test))."\nmd5(sha1): ".md5(sha1($test))); ?> Output: Text: fail test md5: 748410d0085967c496d54dd8fcbecc96 sha1: d730125e8cb8576459173655148fb6896ef44c09 sha1(md5): faa3ebeecfec45e509e93e6b245a69e2a78785ea md5(sha1): b48e89b85c350c91eb302c1de96d4249 Which one better, or maybe user something else ? If yes,