security

问题 I'm trying to get my login form to with a MySQL Database and keep on getting the following error: [update] --> I made some modification today this is what I'm getting right now: SEVERE: jdbcrealm.invaliduserreason WARNING: WEB9102: Web Login Failed: com.sun.enterprise.security.auth.login.common.LoginException: Login failed: Security Exception WARNING: WEB9102: Web Login Failed: com.sun.enterprise.security.auth.login.common.LoginException: Login failed: Security Exception WARNING: WEB9102: Web

问题 I'm looking for a way to encrypt data on its way into a MySQL database, and decrypt it on the way out. Additionally, I would like to be able to perform normal SQL queries on those fields, such as searching and comparison, which prevents me from using a pure PHP solution. This leads me to AES_ENCRYPT() and AES_DECRYPT(), which can be duplicated in PHP using MCRYPT. I'm having a hard time with AES_DECRYPT and have tried all suggestions I can find through searches online. Here's my table: CREATE

问题 I saved this code in index.php and after filling i clicked Submit button, and then a verification page was shown to me ! My question is how did it detected that it was not from the original server ? [i hope they do not use the referrer as it can be disabled easily] My Fake Code <html> <form id="post-form" action="http://stackoverflow.com/questions/ask/submit" method="post"> <input id="title" name="title" type="text" maxlength="300" tabindex="100" class="ask-title-field" value=""> <textarea id

问题 I saved this code in index.php and after filling i clicked Submit button, and then a verification page was shown to me ! My question is how did it detected that it was not from the original server ? [i hope they do not use the referrer as it can be disabled easily] My Fake Code <html> <form id="post-form" action="http://stackoverflow.com/questions/ask/submit" method="post"> <input id="title" name="title" type="text" maxlength="300" tabindex="100" class="ask-title-field" value=""> <textarea id

问题 Bear with me, I have been only learning PHP for only a few weeks, so example code may confuse me. I think I finally understand salting! It's to protect passwords inside database, if breached. What I don't understand is, why would a hacker have to crack hashes if they are trying to figure out a user's password (assuming that's their goal)? Wouldn't this be easier? Is the only defense from password guessing is to implement a limit of password entry X amount of times a day or CAPTCHA? How would

问题 I've created a small application which attempts to authenticate a user based on their username and password. This application works correctly when run on the same domain which Active Directory resides on. I must now extend the application to also work on domains which are "closed" in terms of security and permissions. In other words, is there a way to run the application based on an administrator account, or an account which has the necessary permissions to access the Active Directory? This

问题 I'm new to azure cloud services platform. Today i came across the Key-Vault storage service provided by azure. It has the ability to store application level keys and settings. It is safe and secure with enhanced data protection. But what i'm not clearly getting is to connect to Key-Vault i need the artifacts of my Key-Vault stored in my application config. If that is the case when someone eves-drop on the key values will he not connect to my Key-Vault and read all my keys. If I should encrypt

问题 I use Ajax (jQuery) and the POST method to update data in the database. I do the following: Get data from the form: user_id, entry_id, content,... Send them to a URL which will process the data. If the data is valid, we will record them in our database. I do not know how to verify that the user sends data from my website and not from other places. Please help me solve this problem. Thanks ! 回答1: You're trying to defend against CSRF attacks. The standard defense is to have a require a token in

问题 I'm using an HttpWebRequest object to access a web service via an HTTP POST. Part of the requirement is that I: Verify that the URL in the certificate matches the URL I'm posting to Verify that the certificate is valid and trusted Verify that the certificate has not expired Does HttpWebRequest automatically handle that for me? I'd assume that if any of these conditions came up, I'd get the standard "could not establish trust relationship for the SSL/TLS secure channel" exception. 回答1: Yes,

问题 I am using Apple's Security Framework. I am able to sign and then successfully verify all on OS X, but when I try to use SecKeyRawVerify on iOS it fails with -9809 error. I've played with various PKCS padding options and many other attributes but I'm just not able to get this to verify correctly. Note that the code below probably has leaks all over the place, just trying to get this to function properly first. OS X Signing code: NSData* signData(NSData* plainData, SecKeyRef privateKey) {