Native JS achieves carousel effects + pre-school experience (to prevent flooding attacks), and js gets mad
Plug-in! Plug-in! I heard someone ask for this plug-in every day. Of course, using a third-party plug-in can greatly improve development efficiency. But as a newbie, I still like to implement it myself, mainly because I have time!
Today, I will share with you how to use native JS to implement image car
'] = $ ll_times;
$ _ SESSION ['ll _ lasttime '] = $ ll_lasttime;
}
If ($ ll_nowtime-$ ll_lasttime) = 5 ){
Header (sprintf ("Location: % s", 'HTTP: // www.bkjia.com '));
Exit;
}
} Else {
$ Ll_times = 0;
$ _ SESSION ['ll _ lasttime'] = $ ll_nowtime;
$ _ SESSION ['ll _ times '] = $ ll_times;
}
Main function: in 5 seconds continuously refresh the page more than 10 times will point to the local http://www.bkjia.com, note, here 5 and 10 there is the local address, you can modify the settings accordi
the session. This is the legendary CSRF attack.Don't underestimate CSRF. Remember that L-Blog had a CSRF Vulnerability (I didn't know this concept yet.Read: p), it adds the Administrator is such a link: http: // localhost/L-Blog/admincp. asp?Action = member type = editmem memID = 2 memType = SupAdmin.The administrator can access this URL. The Google CSRF vulnerability [1] will cause email leakage.In addition, do not think that only XSS can generate worms. as long as the conditions are approp
dictionary database is large enough and is consistent with people's setting habits, the power is amazing. So now there is an MD5 hash string query website on the Internet, claiming to use a 4 TB hard disk to store 457.4 billion MD5 records, can crack the 83% password of the online forum.
So how can we prevent this dictionary attack and the MD5 hash string query attack on the Internet. I found the answer in the book "application Cryptography. Salt is
The netsh command under win7 can effectively prevent ARP attacks in the LAN.The following is how to use it:1. Right-click the cmd. EXE command in windows \ system32 on Windows 7 7 and run it as an administrator;Let's take a look at the ARP table status.ARP-Interface: 192.168.1.1 00-19-e0-e0-76-ca dynamic192.168.1.100 00-1f-c6-31-8a-4b dynamic192.168.1.255 FF-FF static224.0.0.22 01-00-5e-00-00-16 static224.0
First, on the server-side configuration
Security, PHP code writing is on the one hand, PHP configuration is very critical.
Our PHP hand-installed, PHP default profile in/usr/local/apache2/conf/php.ini, our main is to configure the content of PHP.ini, let us execute PHP can be more secure. Security settings throughout PHP are primarily designed to prevent Phpshell and SQL injection attacks, and we'll explo
About the use of Html.antiforgerytoken () in fact, many of the online explanation, such as http://blog.csdn.net/cpytiger/article/details/8781457So what do we do with Ajax calls, and do we need to modify all of the AJAX request data? I prefer to write a generic code. The principle is simply to intercept AJAX requests and append your own data. Note that when Ajax transmits data, it can be string/. Object, so here's what you need to deal with:if (typeof data!== "string") {data = $.param (data);}In
There are two ways to prevent SQL injection attacks:
1) The first is that all SQL statements are stored in the stored procedure, which not only avoids SQL injection, but also improves performance. In addition, the stored procedure can have a dedicated database administrator (DBA) writing and centralized management; however, this method sometimes has different query conditions for the same tables, and SQL s
, and if so, the request is legitimate.Third, for Ajax complex objects, such as [{"id": "001", "Name": "Xiao Ming"},{"id": "002", "name": "Small Army"}]., Background post processingThis object must be converted to JSON format to the background, and the background is deserialized. (Do not use the other serialization format of Ajax, after the depth of serialization, Django background parsing is more difficult)ContentType no need to specify Utf-8, otherwise post parsing errorIv. CSRF Attack and pre
How does Weibo open many API interfaces to the outside to ensure their security and prevent attacks? do you know the principle?
Reply to discussion (solution)
Generally, the/weibo common interface requires the token/openid. This means that most of the mixed water has been stuck, and the advanced interface also needs to be authenticated or applied, and other interfaces are listened, exceptions will be
One of the major puzzles is how to effectively prevent CSRF attacks.
$ _ SERVER ['http _ referer']
However, some articles have pointed out that
Referer can forge
For example
Header ("referer: www.aaa.com ")
......
?>
I tried it. it seems that the referer changed when I sent it using the header on the console.
However, $ _ SERVER ['http _ referer'] is empty, indicating that it seems no problem.
So what if
When creating a login form, if you do not pay attention to it, it is very likely that there is a problem in writing code. When designing a login form, beginners prefer to use this method for login design.
String sqlcon = "data source =. \ sqlexpress; database = MyCy; uid = sa; pwd = 123456 ;"
String SQL = "select * from tb_user where username = '" + txtuser. text + "' and userpwd = '" + txtpwd. text + "'";
SqlCommand cmd = new SqlCommand (SQL, sqlcon );
In this way, when you enter single quotes
PHPMYSQL injection attacks need to prevent 7 points bitsCN.com
1: numeric parameters are forcibly filtered using methods like intval and floatval.
2: string parameters are forcibly filtered using methods like mysql_real_escape_string, rather than simple addslashes.
3: it is best to discard the splicing SQL query method like mysql_query and try to use the PDO prepare binding method.
4: Use rewrite techno
Have you been worried about how to prevent XSS attacks? Try nhtmlfilter. I think it is what you want ..
Recently, a new small company is very weak in. NET web development. The underlying framework and basic library are not perfect. It is also an Internet application, so security always needs to be considered. One small problem I want to solve today is to filter out the scripts in the HTML text uploaded by
= Antiforgerycookie! =NULL?Antiforgerycookie.value:NULL; //verification of anti-counterfeiting marks from cookies and Headers//You can add try-catch here .Antiforgery.validate (Cookievalue, request.) headers["__requestverificationtoken"]); } Else { NewValidateantiforgerytokenattribute (). Onauthorization (Filtercontext); } } } } }Here comment out the Ajax in the security tag in the reques
An example of iptables anti-DDoS method
Mitigating DDoS attacks#防止SYN攻击, lightweight prevention
Iptables-n Syn-floodIptables-a input-p tcp–syn-j Syn-floodIptables-i syn-flood-p tcp-m limit–limit 3/s–limit-burst 6-j returnIptables-a syn-flood-j REJECT
#防止DOS太多连接进来, you can allow the external network card to each IP up to 15 initial connections, over the discarded
Iptables-a input-i eth0-p tcp–syn-m connlimit–connlimit-above 15-j DROPIptables-a inpu
Often see in the project Ajax post data to the server without security tags, resulting in csrf attacks
Adding a security tag to asp.net mvc is simply adding Html.antiforgerytoken () to the form.
Html.antiforgerytoken () generates a pair of encrypted strings, stored in cookies and input respectively.
We also brought AntiForgeryToken in the Ajax post.
@model WebApplication1.Controllers.Person @{viewbag.title = "Index";}
An encrypted string p
The function used to prevent SQL injection attacks can be used directly, but we will not use it, but we need to enhance our safety awareness.
Copy Code code as follows:
'==========================
' Filter the SQL in the submission form
'==========================
function Forsqlform ()
Dim fqys,errc,i,items
Dim Nothis (18)
Nothis (0) = "NET user"
Nothis (1) = "xp_cmdshell"
Nothis (2) =
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.