Äú¿ÉÒÔ¾èÖú£¬Ö§³ÖÎÒÃǵĹ«ÒæÊÂÒµ¡£

1Ôª 10Ôª 50Ôª





ÈÏÖ¤Â룺  ÑéÖ¤Âë,¿´²»Çå³þ?Çëµã»÷Ë¢ÐÂÑéÖ¤Âë ±ØÌî



  ÇóÖª ÎÄÕ ÎÄ¿â Lib ÊÓÆµ iPerson ¿Î³Ì ÈÏÖ¤ ×Éѯ ¹¤¾ß ½²×ù Model Center   Code  
»áÔ±   
   
 
     
   
 ¶©ÔÄ
  ¾èÖú
»¥ÁªÍø°²È«Öª¶àÉÙ
 
  1579  次浏览      29
 2019-8-6 
 

 

±à¼­ÍƼö:
±¾ÎÄÀ´×ÔÓÚweixin£¬ÎÄÕ½éÉÜÁËCRLF×¢Èë,·Ö×é¼ÓÃÜËã·¨ÓëÁ÷ÃÜÂë¼ÓÃÜËã·¨Á½ÖֵȻ¥ÁªÍø°²È«µÄÏà¹ØÖªÊ¶£¬Ï£Íû¶ÔÄúÄÜÓÐËù°ïÖú¡£

µ±½ñ»¥ÁªÍøÐÐÒµ£¬ÌرðÊdzõ´´¹«Ë¾Óêºó´ºËñ°ã£¬´ó²¿·Ö¹«Ë¾¶Ô°²È«µÄÖØÊÓ¡¢Í¶Èë»òÕßÀí½â¶¼ÊDz»×ãµÄ¡£

Èç´Ëµ¼Ö£¬Ã»ÓÐÊÂ¹ÊÆäÀÖÈÚÈÚ£¬Ò»µ©³öÊ»ŻÅÕÅÕÅ¡£ÍöÑò²¹Àβ»ÊÇÎÒÃǵijö·£¬Î´Óê³ñçÑ£¬·À»¼Î´È»²ÅÊÇ¡£

×î½ü°ÑÊéÖØÐ·­ÁË·­£¬Ìô³öһЩ±È½ÏÈÝÒ×±»ºöÊÓµÄµã¸ø´ó¼ÒÒ²¸ø×Ô¼ºË¢ÐÂÒ»ÏÂ#°²È«#¹ÛÄî¡£

ºÚÃûµ¥ÊǷdz£²»ºÃµÄÉè¼ÆË¼Ïë

Éè¼Æ°²È«·½°¸-°×ñ×Ó±ø·¨

1 Secure By Default Ô­Ôò

Éè¼Æ°²È«·½°¸µÄ»ù±¾Ô­Ôò£¬ÖÐÎÄ·­Ò롰ĬÈϰ²È«¡±²»Ì«ºÃÀí½â£¬Æäʵ¾Í°üº¬Á½²ãº¬Ò壺°×Ãûµ¥/ºÚÃûµ¥Ë¼Ï룬ºÍ×îСȨÏÞÔ­Ôò¡£

Á½Õß´Ó×ÖÃæ¾Í±È½ÏºÃÀí½â£¬ÕâÀï±ØÐëÌØ±ðÇ¿µ÷һϡ°¾¡Á¿¸ü¶àµÄʹÓð×Ãûµ¥£¬ÉÙÓúÚÃûµ¥¡±£¬ÕâÑù¿ÉÒÔ±£Ö¤°²È«µÄ·¶Î§¿É¿Ø£¬È¨ÏÞ×îС¡£

±ÈÈçÖÆ¶¨Web·þÎñÆ÷µÄ·À»ðǽ²ßÂÔ£¬ÕýÈ·×ö·¨ÊÇÖ»¿ª·Å80ºÍ443¶Ë¿Ú£¬ÆÁ±Î³ý´ËÖ®ÍâµÄÆäËû¶Ë¿Ú£¬Õâ¾ÍÊÇ¡°°×Ãûµ¥¡±×ö·¨¡£¶øÈç¹ûʹÓá°ºÚÃûµ¥¡±£¬¼ÙÉè²»ÔÊÐíSSH¶Ë¿Ú¶Ô¹«Íø¿ª·Å£¬ÄDzßÂÔ¿ÉÄÜÖ»°ÑĬÈϵÄ22¶Ë¿Ú·ÅÈëÁ˺ÚÃûµ¥ÖУ¬ÍòÊ´ó¼ªÁËô£¿Êµ¼ÊÇé¿öÊÇ£¬¹¤³ÌʦΪÁË͵ÀÁ»òÕßͼ·½±ã£¬Ë½×Ô°ÑSSHµÄ¼àÌý¶Ë¿Ú¸Ä³ÉÁË2222£¬ÈƹýÁ˺ÚÃûµ¥²ßÂÔ¡£ã±ÆÁ˰ɣ¿

2 ×ÝÉî·ÀÓùÔ­Ôò

Defense in Depth Ò²ÊÇÉè¼Æ°²È«·½°¸µÄÖØÒªÖ¸µ¼Ë¼Ïë¡£¾ÍÏñÄã²»¹âÔÚHMTL±íµ¥ÉÏÓÐJSµÄ×Ö¶ÎУÑ飬·þÎñ¶ËÒ²ÓÐУÑ飬´ïµ½²ã²ã¹ýÂ˵ÄЧ¹û¡£ÒòΪÔÚÒ»¸ö»·½ÚÉèÖÃËùÓеķÀÓù´ëÊ©ÊDz»¿ÉÄܵģ¬°Ñ·çÏÕ·ÖÉ¢µ½¸÷¸ö²ãÃæ½øÐÐÀ¹½ØÒ²²»Ê§ÎªÒ»ÖÖÎÈÍ׵İ취¡£

3 Êý¾ÝÓë´úÂë·ÖÀëÔ­Ôò

´ó¶àÊý¡°×¢È롱Òý·¢µÄ°²È«ÎÊÌâ¶¼ÊÇÎ¥±³ÁËÕâ¸öÔ­Ôò£¬±ÈÈç¡°SQL×¢È롱¾ÍÊǰѲ»ºÏ·¨µÄÓû§ÊäÈëÆ´½ÓÆðÀ´½øÐÐÁË·Ç·¨µÄÊý¾Ý¿â²Ù×÷¡£ÆäËûÀàËÆXSS, CRLF×¢ÈëÒàͬ¡£

4 ²»¿ÉÔ¤²âÔ­Ôò

¸ÃÔ­ÔòÓëÇ°ÃæÈýÖÖ²»Í¬£¬¸ü¶àµÄÊÇ´Ó¿Ë·þ¹¥»÷·½·¨µÄ½Ç¶È¿´ÎÊÌâ¡£Ëü¾ÍÃîÔÚ¼´Ê¹ÎÞ·¨ÐÞ¸´codeÀ´±£Ö¤°²È«£¬ÎÒÒ²Äܹ»Ê¹¹¥»÷µÄ·½·¨ÎÞЧ£¬»òÕßÖ»ÊÇÌá¸ß¹¥»÷µÄÃż÷£¬¶¼¿ÉÒÔËã×ö³É¹¦µÄ·ÀÓù¡£

±ÈÈçÂÛ̳µÄÌû×ÓÐòºÅ¼ÙÉèÊÇÉýÐò×ÔÔö³¤µÄ£¬ÄÇô¹¥»÷ÕßÏëÒªÅúÁ¿É¾³ýÎÄÕ£¬½Å±¾Ö»Òª¼òµ¥µÄµÝÔöÑ­»·¾Í¸ã¶¨ÁË¡£µ«Èç¹û°´ÕÕ¡°²»¿ÉÔ¤²â¡±Ô­Ôò£¬Ìû×ÓµÄÐòºÅÊÇËæ»úµÄÀàËÆuuidµÄ²»¿ÉÔ¤²âÖµ£¬ÄDZØÈ»Ìá¸ßÁ˹¥»÷Õß±éÀúËùÓÐÌû×ÓÐòºÅµÄÃż÷¡£

Ç¿µ÷×Ö·û±àÂëµÄÒ»ÖÂÐÔÕæµÄ²»½ö½öÊÇΪÁË

¿´ÆðÀ´/ÔËÐÐÆðÀ´²»ÂÒÂë¶øÒÑ

Character Encoding Consistency

±àÂëÎÊÌâ

ÏÖ¶ø½ñ»¥ÁªÍøÓ¦ÓÃÆÕ±é»áÒªÇóÑз¢»·¾³ËùÓÐ×Ö·û±àÂë±ØÐëÊÇUTF-8£¨»¹ÔÚÓÃGBK£¿ÄÇÊÇÌúÁËÐIJ»Ïë½ø¾ü¹ú¼Ê£©¡£Í³Ò»±àÂë¶ÔºÜ¶àÈË¿ÉÄÜÖ»ÊÇÒâζ×Å£º´ò¿ªIDE²»ÂÒÂ룬ǰºó¶ËÊý¾Ý´«Êä²»ÂÒÂëµÈµÈ¡£Æäʵ»ìÂÒµÄ×Öĸ±àÂëºÜ¿ÉÄܵ¼Ö°²È«ÎÊÌ⣡

ÔÚGBK×Ö·û¼¯ÖУ¬0xbf27 ²»ÊÇÒ»¸öÓÐЧµÄ¶à×Ö½Ú×Ö·û£¬ÔÚ½âÎöΪµ¥×Ö½Ú×Ö·ûµÄ¹ý³ÌÖУ¬ 0xbf27 ±ä³ÉÁË 0xbf(?) ºÍ 0x27(') Ë«×Ö·û£¬0xbf5c ÊÇGBK×Ö·û¼¯ÀïÓÐЧµÄÖÐÎÄ×Ö·û£¨¿\£©¡£

¸Ã©¶´ÔçÔÚ2006Äê¾Í±»·¢ÏÖ£¬¹úÍâÓÃÀ´ÌÖÂÛÊý¾Ý¿â×Ö·û¼¯ÉèΪGBKʱ£¬ÔÚ½øÈëÊý¾Ý¿â֮ǰ£¬±ÈÈçPHPÖÐʹÓÃaddslashes()º¯Êý£¬»òÕß¿ªÆômagic_quotes_gpcʱ£¬Ìí¼ÓµÄתÒå·û¾Í»áÔì³ÉµÄÕâ¸ö×¢Èë©¶´¡£

http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string

¼ÙÉèÒ»ÕÅusers±í£¬²éѯÓï¾äÊÇ

select * from users
where username = '$input_username'
and password = '$input_password'

¹¥»÷ÕßÊäÈëµÄÃÜÂëÊÇ£º

0xbf27 or '1'='1

ÒòΪ 0xbf27 ²»ÊÇÓÐЧ×Ö·û£¬¾­¹ýPHP addslashes() תÒåºó»áÔÚ bf ºÍ 27 Ö®¼äÌí¼ÓתÒå·û ("\"µÄASCII ÂëΪ 0x5c), ×îÖÕ±ä³ÉÁË0xbf5c27¡£

¶ø 0xbf5c ÕýºÃ¶ÔÓ¦GBK×Ö·û£¨¿\£©£¬ËùÒÔSQLµ½Êý¾Ý¿âÀï¾Í±ä³ÉÁË

select * from users
where username = '$input_username'
and password = '¿\' or '1'='1'

SQLÁнضϹ¥»÷

ÔÚÉè¼Æ¿É±ä³¤¶ÈÁеÄʱºò£¬µ½µ×ÉèÖö೤ºÜ¶àÈËÊÇÅÄÄÔ´ü£¬¾ÍËãͻȻÄÄÌì·¢ÏÖ³¤¶È²»¹»ÁË£¬´ó²»ÁË Alter ¼Ó³¤Ò»ÏÂß¡£ µ«ÊÇʵ¼ÊÇé¿öÊÇ£¬ÕâÀï¾ÍÓЩ¶´£¡

MYSQL ÀïÃæÓиö sql_mode Ñ¡ÏÉèÖÃΪdefaultʱ£¬Òâζ×ÅûÓпªÆô STRICT_ALL_TABLESÑ¡ÏÓû§²åÈ볬³¤µÄÖµÖ»»áÌáʾwarning, ¶ø²»ÊÇ error ±¨Òì³£¡£ÀûÓÃÕâµã¾Í¿ÉÒÔʵÏÖԽȨ·ÃÎʵȹ¥»÷¡£

WordPress¾Í³öÏÖ¹ýÒ»¸öÕæÊµµÄ°¸Àý£¬×¢²áÒ»¸öÓû§ÃûΪ¡°admin (55¸ö¿Õ¸ñ) x¡±µÄÓû§£¬´æµ½Êý¾Ý¿âµÄʱºò±»½Ø¶ÏÁË£¬ÕâÑùÊý¾Ý¿âÀï¾ÍÓÐÁ½Óû§ÃûÊÇ admin µÄ¼Ç¼¡£µ±È»Äã¿ÉÒÔ˵µÚ¶þÌõÓпոñ²»»áÓõÈʽ²éѯûÎÊÌ⣬µ«Èç¹û³öÏÖ like Ö®ÀàµÄÓï¾äÄØ£¬Ë­Ò²²»¸Ò±£Ö¤¡£

CRLF×¢Èë

CR = »Ø³µ (ASCII 13, \r, 0x0d)£¬ ±¾ÒåÊǹâ±êÖØÐ»ص½±¾ÐпªÍ·£¬rµÄÓ¢ÎÄreturn£¬¿ØÖÆ×Ö·û¿ÉÒÔд³ÉCR£¬¼´Carriage Return¡£

LF = »»ÐÐ (ASCII 10, \n, 0x0a)£¬ ±¾ÒåÊǹâ±êÍùÏÂÒ»ÐУ¨²»Ò»¶¨µ½ÏÂÒ»ÐÐÐÐÊ×£©£¬nµÄÓ¢ÎÄnewline£¬¿ØÖÆ×Ö·û¿ÉÒÔд³ÉLF£¬¼´Line Feed

ÔÚ¼ÆËã»ú»¹Ã»ÓгöÏÖ֮ǰ£¬ÓÐÒ»ÖÖ½Ð×öµç´«´ò×Ö»ú£¨Teletype Model 33£©µÄÍæÒ⣬ÿÃëÖÓ¿ÉÒÔ´ò10¸ö×Ö·û¡£µ«ÊÇËüÓÐÒ»¸öÎÊÌ⣬¾ÍÊÇ´òÍêÒ»Ðл»ÐеÄʱºò£¬ÒªÓÃÈ¥0.2Ã룬ÕýºÃ¿ÉÒÔ´òÁ½¸ö×Ö·û¡£ÒªÊÇÔÚÕâ0.2ÃëÀïÃæ£¬ÓÖÓÐеÄ×Ö·û´«¹ýÀ´£¬ÄÇôÕâ¸ö×Ö·û½«¶ªÊ§¡£

ÓÚÊÇ£¬ÑÐÖÆÈËÔ±ÏëÁ˸ö°ì·¨½â¾öÕâ¸öÎÊÌ⣬¾ÍÊÇÔÚÿÐкóÃæ¼ÓÁ½¸ö±íʾ½áÊøµÄ×Ö·û¡£Ò»¸ö½Ð×ö¡°»Ø³µ¡±£¬¸æËß´ò×Ö»ú°Ñ´òÓ¡Í·¶¨Î»ÔÚ×ó±ß½ç£»ÁíÒ»¸ö½Ð×ö¡°»»ÐС±£¬¸æËß´ò×Ö»ú°ÑÖ½ÏòÏÂÒÆÒ»ÐС£

°×ñ×ÓÖн²µÄµÚÒ»¸ö³¡¾°ÊÇÈÕÖ¾Îļþ×¢È룬ͨ¹ý»»Ðзû¿ÉÒÔ´òӡһЩαÔìµÄÈÕÖ¾£¬µ«ÊÇʵÓÃÐԱȽÏÈõ¡£ÁíÒ»¸öΣº¦±È½Ï´ó£¬ÊÇ¡°×¢ÈëHTTPÍ·¡±¡£

ÔÚHTTPЭÒéÖУ¬HTTPÍ·ÊÇͨ¹ý¡°\r\n¡±À´·Ö¸îµÄ£¬ÕâÖÖCRLF×¢ÈëÒ²½Ð¡°Http Response Splitting¡±£¬×ÖÃæ¾Í˵Ã÷°×ÁË£¬¾ÍÊǰÑÓ¦´ðµÄ body ¸øÖ«½âÁË£¬¹¥»÷Õß°Ñ×Ô¼ºµÄ´úÂë×¢Èëµ½Ö«½âºóµÄÔ­±¾Ò³Ãæ´úÂëÖУ¬´ïµ½¹¥»÷Ä¿µÄ¡£

¼ÓÃÜËã·¨¹¥»÷

³£¼ûµÄ¶Ô³Æ¼ÓÃÜËã·¨·ÖΪ·Ö×é¼ÓÃÜËã·¨ÓëÁ÷ÃÜÂë¼ÓÃÜËã·¨Á½ÖÖ¡£

·Ö×é¼ÓÃÜËã·¨»ùÓÚ¡°·Ö×顱£¨block£©½øÐвÙ×÷£¬¸ù¾ÝËã·¨µÄ²»Í¬£¬Ã¿¸ö·Ö×éµÄ³¤¶È¿ÉÄܲ»Í¬¡£´ú±íËã·¨ÓÐDES, 3-DES, Blowfish, IDEA, AESµÈ¡£

¶øÁ÷ÃÜÂë¼ÓÃÜËã·¨£¬Ôòÿ´ÎÖ»´¦ÀíÒ»¸ö×Ö½Ú£¬¼ÓÃܺͽâÃÜË«·½Ê¹ÓÃÏàÍ¬Î±Ëæ»ú¼ÓÃÜÊý¾ÝÁ÷£¬Ò»°ã¶¼ÊÇÖðλÒì»òËæ»úÃÜÂë±¾µÄÄÚÈÝ¡£´ú±íÓÐ RC4, ORYX, SEAL µÈ¡£

1 Á÷ÃÜÂë¹¥»÷

Á÷ÃÜÂë¼ÓÃÜËã·¨µÄÐÔÄܷdz£ºÃ£¬Òò´Ë·Ç³£ÊÜ¿ª·¢ÕߵĻ·¾³¡£µ«ÊÇÔÚÁ÷ÃÜÂëµÄʹÓÃÖУ¬×î³£¼ûµÄ´íÎó±ãÊÇʹÓÃͬһ¸öÃØÔ¿½øÐжà´Î¼Ó½âÃÜ¡£ÆÆ½âÁ÷ÃÜÂëµÄÕâÖÖ¹¥»÷³Æ×÷ ¡°Reused Key Attack¡±£¬ÔÚÕâÖÖ¹¥»÷Ï£¬¹¥»÷Õß²»ÐèÒªÖªµÀÃØÔ¿¾Í¿ÉÒÔ»¹Ô­³öÃ÷ÎÄ¡£

»ù±¾Ô­Àíͨ¹ý¼òµ¥µÄ¹«Ê½ÍƵ¼¾Í¿ÉÒÔÀí½â¡£¼ÙÉèÃ÷ÎÄA£¬ºÍÃ÷ÎÄB£¬ÃØÔ¿C£¬ÄÇô XOR Òì»ò¼ÓÃܿɱíʾΪ£º

E£¨A£© = A xor C
E£¨B£© = B xor C

ÎÒÃÇÖªµÀÃÜÎĿ϶¨Êǹ«Ö®ÓÚÖڵģ¬ÓÖÖªµÀÏàͬµÄÁ½¸öÊý×Ö½øÐÐ XOR Òì»òÔËËã½á¹ûΪ 0£¬Óɴ˿ɵãº

E(A) xor E(B) = (A xor C) xor (B xor C) = A xor B xor C xor C = A xor B

¼´£º

E(A) xor E(B) = A xor B

Õâ¸ö¹«Ê½ËĸöÊýÖµ£¬Òâζ×ÅÖ»ÐèÒªÖªµÀÆäÖÐÈý¸ö£¬¾Í¿ÉÒÔÍÆµ¼³öʣϵÄÒ»¸ö¡£¶ø¹«Ê½ÖÐÍêȫûÓÐÃØÔ¿CµÄ´æÔÚ...

¹¥»÷Ô­ÀíÒ²¾ÍÇåÎúÁË£¬ÎÒÏÈͨ¹ýºÏ·¨ÇëÇó»ñÈ¡µ½Ã÷ÎÄ A ¶ÔÓ¦µÄÃÜÎÄ E(A)£¬È»ºóÄõ½ÁíÒ»¸öÓû§µÄÃÜÎÄ E(B)£¬ ¿ÉÒÔÇáËÉ·´ÍƳöÃ÷ÎÄ B À´¡£

ÓйØÁ÷ÃÜÂëµÄ¹¥»÷·½·¨»¹Óм¸ÖÖ£¬ÖîÈç Bit-flipping Attack£¬ ÈõËæ»ú IV ÎÊÌ⣬WEPÆÆ½âµÈµÈ¡£×ÜÖ®£¬ÕâÒ»Çж¼ÌáÐÑÎÒÃÇ£¬×÷Ϊ¿ª·¢ÕßÔÚʹÓÃÈκÎÒ»¸ö¼ÓÃÜËã·¨µÄʱºò£¬Ò»¶¨Òª½«ÆäÔ­ÀíÑо¿Í¸³¹£¬·ñÔò×ÔÈÏΪµÄ"°²È«"¶¼¿ÉÄÜÂÙΪ±ðÈ˵ÄЦ±ú¡£

2 ECBģʽµÄȱÏÝ

·Ö×é¼ÓÃÜËã·¨£¬³ýÁËËã·¨±¾Éí£¬»¹ÓÐһЩͨÓõļÓÃÜģʽ£¬³£¼ûµÄÓУºECB, CBC, CFB, OFB, CTR µÈ¡£Èç¹û¼ÓÃÜģʽ±»¹¥»÷£¬ÄÇô²»ÂÛ¼ÓÃÜËã·¨µÄÃØÔ¿Óж೤£¬ ¶¼¿ÉÄܲ»°²È«¡£

ECBģʽ£¨µçÂ벾ģʽ£©ÊÇ×î¼òµ¥µÄÒ»ÖÖ¼ÓÃÜģʽ£¬ËüµÄÿ¸ö·Ö×éÖ®¼äÏà¶Ô¶ÀÁ¢£¬¼ÓÃܹý³ÌÈçͼ£º

ECBģʽ×î´óµÄÎÊÌâÒ²¾Í³ý·Ç·Ö×éµÄ¶ÀÁ¢ÐÔÉÏ£º¹¥»÷ÕßÖ»Ðè¶Ôµ÷ÈÎÒâ·Ö×éµÄÃÜÎÄ£¬ÔÚ¾­¹ý½âÃܺó£¬ËùµÃµÄÃ÷ÎÄ˳ÐòÒ²ÊǾ­¹ý¶Ôµ÷µÄ¡£

À´¸öÖ±¹ÛµÄÀý×Ó£¬ºÜÈÝÒ×Àí½â¡£¼ÙÉèij¸öÖ§¸¶Ó¦ÓÃÖУ¬Óû§Ìá½»µÄÃÜÎĶÔÓ¦µÄÃ÷ÎÄÊÇ£º

member=abc||pay=10000.00

ÆäÖÐǰ16¸ö×Ö½ÚΪ£º

member=abc||pay=

ÕâÕýºÃÊÇÒ»¸ö»òÕßÁ½¸ö·Ö×éµÄ³¤¶È£¬Òò´Ë¹¥»÷ÕßÖ»ÐèҪʹÓá°1.00¡±µÄÃÜÎÄ£¬Ìæ»»¡°10000.00¡±µÄÃÜÎÄ£¬¾Í¿ÉÒÔαÔìÖ§¸¶½ð¶î´Ó10000Ôª±ä³ÉÁË1Ôª¡£

×¢Ò⣬ECBģʽµÄȱÏݲ¢·ÇÊÇij¸ö¼ÓÃÜËã·¨µÄÎÊÌ⣬¼´Ê¹Ç¿×³Èç AES-256 Ëã·¨£¬Ö»ÒªÊ¹ÓÃECBģʽ£¬Ò²ÎÞ·¨±ÜÃâÕâÎÊÌâ¡£Òò´Ë£¬µ±ÐèÒª¼ÓÃܵÄÃ÷Îij¤¶È´óÓÚÒ»¸ö·Ö×éµÄ³¤¶ÈÊÇ£¬Ó¦µ±±ÜÃâʹÓÃECBģʽ¡£

ÓÐЩͬѧ»á˵£¬ÒÔºó¾ÍÓà CBC·Ö×éÁ´Ê½¼ÓÃÜģʽ£¬¿Ï¶¨Ã»ÎÊÌâÁË¡£ÉÙÄ꣬ÌìÏÂûÓÐÎÞ·ìµÄµ°¡£ÆäʵÕë¶ÔCBCģʽµÄ¡°Padding Oracle Attack¡± ÔÚ2002Äê¾Í³öÏÖÁË£¬µ«ÊÇ CBC ȷʵ±È ECBµÄ¹¥»÷ÄѶÈÒª´óºÜ¶à£¬ÓÐÐËȤµÄͬѧ¿ÉÒÔÑо¿Ï¡£

½áÓï

»¥ÁªÍø°²È«ÊǸöºÜ´óµÄ»°Ì⣬°×ñ×ÓÒ»ÊéÖн«Æä»®·Ö³ÉËĴ󲿷֣ºÊÀ½ç¹Û°²È«¡¢¿Í»§¶Ë½Å±¾°²È«¡¢·þÎñÆ÷¶ËÓ¦Óð²È«¡¢¹«Ë¾°²È«ÔËÓª£¨ÒµÎñ°²È«£©£¬ÉíΪ»¥ÁªÍøÈË£¬°²È«·À·¶£¬ ÔðÎÞÅÔ´û¡£

   
1579 ´Îä¯ÀÀ       29
 
Ïà¹ØÎÄÕÂ

iOSÓ¦Óð²È«¿ª·¢£¬Äã²»ÖªµÀµÄÄÇЩÊÂÊõ
Web°²È«Ö®SQL×¢Èë¹¥»÷
ÒÆ¶¯APP°²È«ÔÚÉøÍ¸²âÊÔÖеÄÓ¦ÓÃ
´ÓGoogle±¸·Ý»¥ÁªÍø¿´¡°Êý¾Ý°²È«¡±
 
Ïà¹ØÎĵµ

web°²È«Éè¼ÆÓë·À»¤
»¥ÁªÍøº£Á¿ÄÚÈݰ²È«´¦Àí¼¼Êõ
ºÚ¿Í¹¥»÷Óë·À·¶¼¼Êõ
WEBºÚºÐ°²È«¼ì²â
 
Ïà¹Ø¿Î³Ì

WEBÍøÕ¾ÓëÓ¦Óð²È«Ô­ÀíÓëʵ¼ù
webÓ¦Óð²È«¼Ü¹¹Éè¼Æ
´´½¨°²È«µÄJ2EE WebÓ¦ÓôúÂë
ÐÅÏ¢°²È«ÎÊÌâÓë·À·¶