data-security

How to store critically sensitive information such as secret, key, token, encryptionKey in iOS application

社会主义新天地 提交于 2020-05-22 10:30:49
问题 When we talk about securing iOS application we often forget to secure most critically sensitive information such as secret, key, token, encryptionKey. This information is stored in iOS binary. So none of your server side security protocol will help you. There are lots of suggestion that we should not store such information in the app but store in the server and get it via SSL secured web service call. But this is not possible for all application. E.g. if my application does not need web

Contextual serialization from WebApi endpoint based on permissions

吃可爱长大的小学妹 提交于 2019-12-18 13:18:12
问题 I am using the Asp.Net Web Api. I would like to be able to filter out certain fields on the response objects based on the connected clients access rights. Example: class Foo { [AccessFilter("Uberlord")] string Wibble { get; set; } string Wobble { get; set; } } When returning data the filed Wibble should only be returned if the current users context can satisfy the value of "Uberlord". There are three avenues that I am exploring but I have not got a working solution: A custom WebApi

how to avoid sql injection in codeigniter

99封情书 提交于 2019-12-17 08:17:07
问题 In CodeIgniter, how can I avoid sql injection? Is there any method to set in config file to avoid sql injection? I am using this code for selecting values: $this->db->query("SELECT * FROM tablename WHERE var='$val1'"); and this for inserting values: $this->db->query("INSERT INTO tablename (`var1`,`var2`) VALUES ('$val1','$val2')"); Another method used to insert and select values from the database is CodeIgniter's insert() and get() methods. Is any chance to sql injection while using

MDM Wiping Data when device lost scenario

生来就可爱ヽ(ⅴ<●) 提交于 2019-12-13 02:17:47
问题 How does the 'wipeout data' command/payload executes on a lost device and powered off. I know the 'Security Info' command when fired on a powered off or locked device, the status comes as 'Notnow' and the command is queued up. The queued command is executed immediately after the device is powered on and/or unlocked. Does the 'wipe data' command executes the same way as 'Security Info'? Also I think 'wipe data' must also execute even if the device is locked.. Right? Thanks! 回答1: According to

Safest way to pass data between forms in c# winforms

风格不统一 提交于 2019-12-04 05:21:38
问题 I'm trying to remember a lesson I was taught briefly in school about safely passing data between winforms. My instructor called it pipelining , though I'm not sure if this is the correct term or merely his own name for it. He stated that his method was safer than the easiest way of publicizing the data so that everything can access it. He said it was safer because his method prevented access of the data from external programs or unrelated forms and processes, and he hailed it as good

Firebase rules: allow push but not allow update

為{幸葍}努か 提交于 2019-12-03 21:18:52
I'm struggling with understanding how I can allow users to create new records in the list, but only allow creators to update their own posts. E.g. the following structure: post { post1: { author: "user1" text: "Some text" } post2: { author: "user2" text: "Some text 2" } } Here, I want both users to be able to create new posts. But also protect, say, post2 from being edited by user1. Thus, only user1 can edit post1 and only user2 can edit post2. You'd want to do something like this: {"rules": { "post": { "$id": { ".write": "auth !== null && (!data.exists() || data.child('author').val() === auth

Safest way to pass data between forms in c# winforms

烂漫一生 提交于 2019-12-02 03:48:18
I'm trying to remember a lesson I was taught briefly in school about safely passing data between winforms. My instructor called it pipelining , though I'm not sure if this is the correct term or merely his own name for it. He stated that his method was safer than the easiest way of publicizing the data so that everything can access it. He said it was safer because his method prevented access of the data from external programs or unrelated forms and processes, and he hailed it as good programming practice. My foundation in programming was very weak at the time. I lacked a deeper understanding

Contextual serialization from WebApi endpoint based on permissions

痴心易碎 提交于 2019-11-30 09:17:26
I am using the Asp.Net Web Api. I would like to be able to filter out certain fields on the response objects based on the connected clients access rights. Example: class Foo { [AccessFilter("Uberlord")] string Wibble { get; set; } string Wobble { get; set; } } When returning data the filed Wibble should only be returned if the current users context can satisfy the value of "Uberlord". There are three avenues that I am exploring but I have not got a working solution: A custom WebApi MediaTypeFormatter. A custom json.net IContractResolver. Some sort of AOP wrapper for controllers that

how to avoid sql injection in codeigniter

只谈情不闲聊 提交于 2019-11-27 06:27:48
In CodeIgniter, how can I avoid sql injection? Is there any method to set in config file to avoid sql injection? I am using this code for selecting values: $this->db->query("SELECT * FROM tablename WHERE var='$val1'"); and this for inserting values: $this->db->query("INSERT INTO tablename (`var1`,`var2`) VALUES ('$val1','$val2')"); Another method used to insert and select values from the database is CodeIgniter's insert() and get() methods. Is any chance to sql injection while using CodeIgniter's bulit-in functions Rocket Hazmat CodeIgniter's Active Record methods automatically escape queries