security

问题 Im writing my bachelors in which i need to figure out which authentication/authorization method fits best with the company i'm collaborating with. So i've been comparing the session and token based auth methods but there are a few points that are unclear to me about how tokens work and how they are better than session authentication: The only benefits that are 100% clear to me are that tokens can be used from clients that doesn't have a cookie store and that they can be used with different

问题 Let's say I have a function like this (completely random, I just wrote it up in like 30 seconds for an example) bool exampleAuthetnication(char *a, char *b) { bool didAuthenticate = false; if(strcmp(a, b) == 0) { didAuthenticate = true; } if(didAuthenticate) { return true; } else { stopExecutable(); return false; } } How would I go about reading the first few bytes of this function? I've come up with this int functionByteArray[10]; for (int i = 0; i < 10; i++) { functionByteArray[i] = *(int*)

问题 When trying to implement a sandbox in a plugin-like environment, I came accross https://stackoverflow.com/a/5580239/2057294 which seems to be exactly what I want, however I am unable to get it working, what am I doing wrong? I have the following setup: final class ModURLClassLoader extends URLClassLoader { ModURLClassLoader(final URL[] urls) { super(urls); } ModURLClassLoader(final URL[] urls, final ClassLoader parent) { super(urls, parent); } ModURLClassLoader(final URL[] urls, final

问题 i was searching for a while, but couldn't find a fitting solution: My Case: I have a server on which i have a git repository. The connection to the server is only possible with fitting ssh key. Is there a possibility to give a user, who hasn't access to the server, permissions to write and read from this specific repository? Is there only the possibility by creating a user account for the user on the server or can i do it different? OF course i only want him to read/write to the repo, but i

问题 I've recently starting exploring firebase as a authentication solution for my angular JS single-page website, and it seems perfect. However from a security perspective I'm not very sure about keeping the logic on client-side in my application. Suppose I have a check 'isProfileCompleted' for a customer who signs-up on my website, and is supposed to complete his profile. I'm keeping the data in a JSON keyed by the UID with exclusive write access to the customer only. The problem is, now that

问题 This question already has answers here : Prevent Direct Access To File Called By ajax Function [duplicate] (12 answers) Closed 6 years ago . Context I have a web game in JavaScript. I send scores and achievements with AJAX during the game. So anyone can view the source code, copy this request and cheat on my game. Questions Any idea of how prevent this? With a token from server (I never used this system)? Code jquery: $.post('ajax/score.php', {pseudo: $pseudo, score: $score, achiev: $achiev},

问题 what is the recommendations should i do to prevent anyone from hacking or getting the sql server data base file (MDF File) ? Note : i use sql server 2005 回答1: Some simple recommendations: Do not expose access to your database server to the internet. It should be behind a firewall that only allows the web server to access it over a particular port (not the default). Do not allow remote desktop or any other type of similar access from external connections. For internal connections, ensure that

问题 I have seen many different implementations of the same basic CRC-32 algorithm shown below: int remain; int sbox[SIZESBOX]; int dividend; int bit; for(dividend = 0; dividend < SIZESBOX; dividend++) { remain = dividend << 24; for(bit = 0; bit < 8; bit++) { if(remain & TOPBIT) { remain = (remain << 1) ^ POLYNOMIAL; } else { remain = (remain << 1); } } sbox[dividend] = remain; } Some of them XOR the dividend before going into the sbox. Others XOR before going into the bit loop, and others use

问题 If I have a user that only has limited permissions - just db_datareader and db_datawriter, which should only permit the user to query data and insert/edit/delete data, without allowing the user to add/modify/delete tables in the database. There may be a need for the user to be able to execute stored procedures. If the user is given execute permissions (via the following sql: "GRANT EXECUTE TO UserName"), will the previous limitations (datareader and datawriter) still be enforced on what the

问题 Our SSO login process uses Forms Authentication against a custom user store in SQL Server. One of our new security requirements is to only allow an account to have one active session at a time. So any time a user logs in, we will check to see if the login credentials are already active, and preferably prevent the new user from logging in again until the other session ends. Alternatively we could force the other session to end, if that would be easier to implement. Is there a simple way to do