- 1、本文档共50页,可阅读全部内容。
- 2、原创力文档(book118)网站文档一经付费(服务费),不意味着购买了该文档的版权,仅供个人/单位学习、研究之用,不得用于商业用途,未经授权,严禁复制、发行、汇编、翻译或者网络传播等,侵权必究。
- 3、本站所有内容均由合作方或网友上传,本站不对文档的完整性、权威性及其观点立场正确性做任何保证或承诺!文档内容仅供研究参考,付费前请自行鉴别。如您付费,意味着您自己接受本站规则且自行承担风险,本站不退款、不进行额外附加服务;查看《如何避免下载的几个坑》。如果您已付费下载过本站文档,您可以点击 这里二次下载。
- 4、如文档侵犯商业秘密、侵犯著作权、侵犯人身权等,请点击“版权申诉”(推荐),也可以打举报电话:400-050-0827(电话支持时间:9:00-18:30)。
查看更多
Chapter1.Introduction分析
* * * * * * * * Security Features != Secure Features Sometimes programmers do think about security, but more often than not, they think in terms of security features such as cryptographic ciphers, passwords, and access control mechanisms. A program to be secure All features must be secure (cask?principle). Defective(缺陷) non-security features can lead to a security problem. In many cases, security failings are not related to security features at all. * Security Features != Secure Features A security feature can fail and jeopardize(危害) system security in plenty of ways, but there are usually many more ways in which defective non-security features can go wrong and lead to a security problem. Security features must function correctly to maintain system security. * Security Features != Secure Features Misguidance from WebLogic (2004) Most security for Web applications can be implemented by a Application developers to the details of securing application. WebLogic Server application developers can take advantage of BEA-supplied API for obtaining information about subjects and principals (identifying information for users) that are used by WebLogic Server. API are found in weblogic.security package. system administrator need not pay attention 注释:WebLogic是美国Oracle公司出品的一个application server,是一个基于JAVA EE架构的中间件,WebLogic是用于开发、集成、部署和管理大型分布式Web应用、网络应用和数据库应用的Java应用服务器。 * The Strength of Cryptography “128-bit keys mean strong security, while 40-bit keys are weak”. “triple-DES is much stronger than single DES” “2,048 RSA is better than 1,024 bit RSA” Is these enough? NO. Because most of us design, analyze and break Few try to do research on published algorithms, protocols and actual products. cryptographic system * From Bruce Schneier We don’t have to try every possible key or even find flaws in the algorithms. We exploit Errors in design, Errors in implementation, and Errors in installation. Sometimes we invent a new trick to break a sys
您可能关注的文档
- chap17综合案例分析分析.ppt
- chap08stata与模型修正分析.ppt
- chap3_2直流电机原理二直流发电机-Linda分析.ppt
- chap12基本时间序列分析分析.ppt
- chap1ProENGINEER简介和基本操作分析.ppt
- chap6_basic_association_analysis分析.ppt
- chap6_在JSP中使用数据库-studen分析.ppt
- cha4词法分析分析.ppt
- Chap7-1分析.ppt
- chap2-焊接CAE前处理——Visualmesh网格划分分析.ppt
- 2024年05月广东广州大学教师招考聘用30人笔试上岸试题历年典型考题与考点剖析附带答案解析.docx
- 2024年05月江苏南京市栖霞区教育局所属学校招考聘用高层次骨干教师9人笔试上岸试题历年典型考题与考点剖析附带答案解析.docx
- 2024年05月广东中山市教育和体育局直属学校(中山市烟洲中学)招考聘用专任教师12人笔试上岸试题历年典型考题与考点剖析附带答案解析.docx
- 2024年05月山西省阳泉市城区2024年公开招考6名司法协理员笔试上岸试题历年典型考题与考点剖析附带答案解析.docx
- 2024年05月广西西林县古障镇2024年公开招考1名村级财务会计委托代理服务中心会计人员笔试上岸试题历年典型考题与考点剖析附带答案解析.docx
- 2024年05月广东广州市荔湾区南源街环卫站招考聘用管理员笔试上岸试题历年典型考题与考点剖析附带答案解析.docx
- 2024年05月江苏南京医科大学公开招聘管理人员3人(第二批)笔试上岸试题历年典型考题与考点剖析附带答案解析.docx
- 2024年05月江苏无锡市交通运输局下属事业单位公开招聘5人笔试上岸试题历年典型考题与考点剖析附带答案解析.docx
- 2024年05月广西横州市国家档案馆2024年招考2名工作人员笔试上岸试题历年典型考题与考点剖析附带答案解析.docx
- 2024年05月广西防城港市交通运输局项目管理办公室2024年招考2名工作人员笔试上岸试题历年典型考题与考点剖析附带答案解析.docx
文档评论(0)