security

问题 I'm having trouble configuring SSL on a Debian 6.0 32bit server. I'm relatively new with SSL so please bear with me. I'm including as much information as I can. Note: The true domain name has been changed to protect the identity and integrity of the server. Configuration The server is running using nginx. It is configured as follows: ssl_certificate /usr/local/nginx/priv/mysite.ca.chained.crt; ssl_certificate_key /usr/local/nginx/priv/mysite.ca.key; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;

问题 I'm writing a shell script that should be somewhat secure i.e. does not pass secure data through parameters of commands and preferably does not use temporary files. How can I pass a variable to the stdin of a command? Or, if it's not possible, how to correctly use temporary files for such task? 回答1: Something as simple as: echo "$blah" | my_cmd 回答2: Passing a value to stdin in bash is as simple as: your-command <<< "$your_variable" Always make sure you put quotes around variable expressions!

问题 Bob uses a web application in order to achieve something. And: His browser is on diet, therefore it does not support cookies . The web application is a popular one, it deals with a lot of users at a given moment - it has to scale well. As long as keeping session would impose a limit to the number of simultaneous connections , and, of course, will bring a non-negligible performance penalty , we might like to have a session-less system :) Some important notes: we do have transport security (

问题 Bob uses a web application in order to achieve something. And: His browser is on diet, therefore it does not support cookies . The web application is a popular one, it deals with a lot of users at a given moment - it has to scale well. As long as keeping session would impose a limit to the number of simultaneous connections , and, of course, will bring a non-negligible performance penalty , we might like to have a session-less system :) Some important notes: we do have transport security (

问题 As a response to the recent Twitter hijackings and Jeff's post on Dictionary Attacks, what is the best way to secure your website against brute force login attacks? Jeff's post suggests putting in an increasing delay for each attempted login, and a suggestion in the comments is to add a captcha after the 2nd failed attempt. Both these seem like good ideas, but how do you know what "attempt number" it is? You can't rely on a session ID (because an attacker could change it each time) or an IP

问题 Closed . This question is opinion-based. It is not currently accepting answers. Want to improve this question? Update the question so it can be answered with facts and citations by editing this post. Closed 2 years ago . I am an IT student and I am now in the 3rd year in university. Until now we've been studing a lot of subjects related to computers in general (programming, algorithms, computer architecture, maths, etc). I am very sure that nobody can learn every thing about security but sure

问题 I'm making a Windows application, which you need to log into first. The account details consist of username and password, and they need to be saved locally. It's just a matter of security, so other people using the same computer can't see everyone's personal data. What is the best/most secure way to save this data? I don't want to use a database, so I tried some things with Resource files. But since I'm kind of new with this, I'm not entirely sure of what I'm doing and where I should be

问题 I'm making a Windows application, which you need to log into first. The account details consist of username and password, and they need to be saved locally. It's just a matter of security, so other people using the same computer can't see everyone's personal data. What is the best/most secure way to save this data? I don't want to use a database, so I tried some things with Resource files. But since I'm kind of new with this, I'm not entirely sure of what I'm doing and where I should be

问题 I am new to spring security. While analyzing the below code change, I could not comprehend why "#post" is used instead of "post" ? Why is the word "post" prefixed with a "#"? post is an object. @PreAuthorize("hasPermission(#post, 'MANAGER') or hasRole('ROLE_MODERATOR')") + @PreAuthorize("hasPermission(#post, 'write') or hasRole('ROLE_MODERATOR')") public void updateFullyPost(Post post) throws AppException; I referred to spring security documentation and found the below. hasPermission(Object

问题 I want to know what is the best way to secure a remote api for use by tyk. Let me explain : When a call this done by the proxy tyk it is secure because it takes a token or other. Now if I want to make calls directly to the remote API without going through the tyk proxy there is a problem because there is no need for token or other. How to secure remote api for calls not coming from tyk ? 回答1: Probably the simplest way to do this would be at the network level, essentially by whitelisting your