我为地雷的朋友们做了非常简单的网络。 他是唯一能够进入限制区的人,因此我的问题是:
是否建议使用在源代码上固定密码的标识,如:if(用户_pass=我方/secretpass )?
它是否安全? 如何打 that?
我认为没有必要储存数据库中的用户和密码,而有些则如此。
请表明您的想法。
如果他人无法查阅,则无需在来源档案中储存密码。 否则,你将最后储存 d言,这将带来同样数额的安全。 唯一没有其他使用服务器的 ha路是使用简便武力攻击。
然而,残酷的武力攻击是一个真正的世界问题。 为了保护他们,你需要防止一个单一的知识产权公司太快地提出太多的要求(例如,在排出时间之前限定在5分钟之内,使用户等待10分钟或几分钟)。 然后,袭击者将需要大量电脑,配备独特的IP地址,以进行袭击。
此外,不用说,密码必须足够复杂。
确保也有用户名,即使只有一个用户。 它大大增加了复杂性,使部队攻击的可能性大大降低。
请注意,假定数据库只允许当地连接。 如果你确实使用一个只允许当地连接的数据库,那么使用该数据库储存敏感信息就会更有保障。 在该案中,即使袭击者获得数据库密码,他们还是能够通过伐木检索信息。
除其他考虑外,由于你选择=......,你在此具体阐述的内容很容易被绕过。
也就是说,如果我设法将0值提高到用户_pass,则比较用户_pass和any string值将评价真实情况。
由于几个原因,这一点并不安全。
没有任何办法保护部队不受攻击。 (You aren tding Line of poorlogin efforts).
如果你的网络服务器为用户配置了PHP网页,而不是执行该网页,就会立即有密码。
I installed this instant messenger program called IM+ that keeps your accounts online even when you exit the application (you know... touch: only one app at a time) it accepts push deliveries to ...
I am trying to develop my login script to give feedback to the user if the login is valid or not. Basically if it isn t correct a div box will show saying its wrong, if its correct it will show its ...
Suppose I am writing a server for a particular network protocol. If I know that the client is running on a Windows machine, is it possible for my server to authenticate the Windows user that owns the ...
The infrastructure team wants to update the authentication protocol to NTLMv2 and Kerberos. Will this affect CRM 4.0 on-premise installation. What would need to be changed in order to use the ...
I m developing an ASP.NET MVC site that utilizes forms authentication for part of the application. During development, I need to be able to give external parties access to a development server hosting ...
If I have a type like: public class Context { public Context() { } public IQueryable<Record> Records { get { if (user == someone) //psuedocode ...
We recently attempted to add ip address validation to our website s login security. So in addition to having a cookie with valid credentials, we checked that your ip address on page request matched ...
While looking into forms authorizing/authentication, I found that it is possible to do role based authorizing by adding an array of roles to a FormsAuthenticationTicket. That way I can write User....
