Security

SQL Injection

Use SQL real excape to prevent it, e.g. use mysql_real_escape_string in php to excape special characters to prevent SQL injection. Django also provides this security option by default.

Access Token

Append timestamp at the end of access_token(like this, rsa_encrypt(access_token+"|"+str(timestamp))) to protect access_token for replay_attack
Use digest option. Use message authentication code to verify api call, e.g. sha256(access_token + str(timestampe)).

Salted Password(Detail on checksum cracking prevention)

password salt
Salted Password Hashing - Doing it Right

Man in the middle attack

the best and only way that I found so far is using HTTPS protocol.

Digest access authentication

TODO

HTTP Web Application, include `Denial of service prevention`

Varnish-Cache--high performance accelerator
ModSecurity--Cross Platform Web Application Firewall

githubutilities/Security.md

Select an option

No results found

Select an option

No results found

Security

SQL Injection

Access Token

Salted Password(Detail on checksum cracking prevention)

Man in the middle attack

Digest access authentication

HTTP Web Application, include `Denial of service prevention`

githubutilities/Security.md

Security

SQL Injection

Access Token

Salted Password(Detail on checksum cracking prevention)

Man in the middle attack

Digest access authentication

HTTP Web Application, include Denial of service prevention

HTTP Web Application, include `Denial of service prevention`