security

问题 I use CodeIgniter, and having trouble with hacking. Is it possible to make SQL Injection to the login code below: function process_login() { $username = mysql_real_escape_string($this->input->post('username')); $password = mysql_real_escape_string(MD5($this->input->post('password'))); //Check user table $query = $this->db->getwhere('users', array('username'=>$username, 'password'=>$password)); if ($query->num_rows() > 0) { // success login data Am I using the mysql_real_escape_string wrong,

问题 I have loaded my site in Microsoft Edge version 25.10586.0.0 and SmartScreen is telling me that the site might be fake. This warning is new on the site. The console log shows; HTML1300: Navigation occured. example.com example.com is my domain name. I am using JQuery on my site as well as JavaScript Promise functions but the problem appeared after I added file download with Ajax promise function . The warning shows right off the main page! What could be causing this? 回答1: From their website:

问题 We have one browser-based application where we want to make the user reauthenticate when they enter it. So when they access that URL we want them to be presented with the PIN prompt so they have to reauthenticate. Is there a reasonable way to do that? Added info: This is for a CAC card and the workstations have ActivIdentity and Tumbleweed on them. Also, I could add a service to the workstations if necessary. The browsers are all IE7. The web server is IIS 6 and the pages are written in ASP

问题 Is there any differences between the following two error messages from security point of view when users entered a wrong password? Wrong username or password. Wrong password. For example, when you enter a wrong password on the Gmail.com, it will tell you "The username or password you entered is incorrect". Is there any considerations for security reasons? I think the error message: "The password you entered is incorrect" is more clear to users, And, What's more, it's very easy to check

问题 I have Java-based based web application running on Tomcat 6. My application is running on localhost and port 9001. To make my application more secure and to reduce the risk of XSS attacks, I added the header Content-Security-Policy with value default-src * 'unsafe-inline' 'unsafe-eval';script-src 'self' . With this I want to allow the web application to load the JavaScript files from same domain. For other resources it continues to load in the same fashion as it was without this header. But I

问题 How do large companies implement their security requirements which are centralized and used to drive things people can do (allowed to call a certain web-service, submit an order, etc.) as well as to drive UI (disable buttons, menu options, individual form fields)? I am considering RBAC architecture: Users -> Roles, Roles -> Privileges. Complex applications with permissions based on many individual field-account-user-role-amountThreshhold would have many, many "Roles" and managing this gets

问题 I have one Authorization server and one resource server. I am creating access token at authorization server and try to use it at Resource server using RemoteTokenServices in oauth2 which hits '/oauth/check_token' internally to authorization server, where it only checks for token existence and its expiry. But it does not check for roles/scopes against endpoint given vs roles/scopes against access_token. @FrameworkEndpoint public class CheckTokenEndpoint { @RequestMapping(value = "/oauth/check

问题 This question already has answers here : How do I store and retrieve credentials from the Windows Vault credential manager? (3 answers) Closed 10 months ago . I would like to retrieve username and password programmatically stored in windows vault. Is there a Java API which can be used to retrieve the username and password securely from the Windows Vault? 回答1: Have you seen How do I store and retrieve credentials from the Windows Vault credential manager? I think you can refer this for an

问题 I am unable to integrate security to Kafka 1.0 with ssl enabled. Here are changes to my server.properties security.inter.broker.protocol=SSL listeners=PLAINTEXT://localhost:9092,SSL://localhost:9094 Here is my advertised listeners advertised.listeners=PLAINTEXT://EXTERNAL_IP:9092,SSL://EXTERNAL_IP:9094 ssl.keystore.location=/var/private/ssl/server.keystore.jks ssl.keystore.password=PASSWORD ssl.key.password=PASSWORD ssl.truststore.location=/var/private/ssl/server.truststore.jks ssl.truststore

问题 I am trying to make a web application that we can get an access token in 'password' grant type by just call some http basic request For example When I call http://localhost:8080/demo4ssh-security-oauth2/oauth/token?client_id=mobile_1&client_secret=secret_1&grant_type=password&username=zhangsan&password=123456 I can get the following token {"access_token":"4219a91f-45d5-4a07-9e8e-3acbadd0c23e","token_type":"bearer","refresh_token":"d41df9fd-3d36-4a20-b0b7-1a1883c7439d","expires_in":43199,