- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 110 for attacks (0.17 sec)
-
docs/en/docs/advanced/security/http-basic-auth.md
# Return some error ... ``` But by using the `secrets.compare_digest()` it will be secure against a type of attacks called "timing attacks". ### Timing Attacks But what's a "timing attack"? Let's imagine some attackers are trying to guess the username and password. And they send a request with a username `johndoe` and a password `love123`.
Plain Text - Registered: Sun Apr 21 07:19:11 GMT 2024 - Last Modified: Thu Jan 11 14:33:05 GMT 2024 - 5.9K bytes - Viewed (0) -
cmd/generic-handlers.go
header.Set("X-XSS-Protection", "1; mode=block") // Prevents against XSS attacks header.Set("X-Content-Type-Options", "nosniff") // Prevent mime-sniff header.Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains") // HSTS mitigates variants of MITM attacks // Previously, this value was set right before a response was sent to
Go - Registered: Sun Apr 21 19:28:08 GMT 2024 - Last Modified: Thu Apr 11 01:08:52 GMT 2024 - 20.7K bytes - Viewed (0) -
okhttp-tls/src/main/kotlin/okhttp3/tls/HandshakeCertificates.kt
} /** * Configures this to not authenticate the HTTPS server on to [hostname]. This makes the user * vulnerable to man-in-the-middle attacks and should only be used only in private development * environments and only to carry test data. * * The server’s TLS certificate **does not need to be signed** by a trusted certificate
Plain Text - Registered: Fri Apr 26 11:42:10 GMT 2024 - Last Modified: Mon Jan 08 01:13:22 GMT 2024 - 8.5K bytes - Viewed (1) -
okhttp/src/main/kotlin/okhttp3/CertificatePinner.kt
import okio.ByteString import okio.ByteString.Companion.decodeBase64 import okio.ByteString.Companion.toByteString /** * Constrains which certificates are trusted. Pinning certificates defends against attacks on * certificate authorities. It also prevents connections through man-in-the-middle certificate * authorities either known or unknown to the application's user.
Plain Text - Registered: Fri Apr 26 11:42:10 GMT 2024 - Last Modified: Mon Jan 08 01:13:22 GMT 2024 - 14.2K bytes - Viewed (1) -
doc/godebug.md
that can be used in TLS handshakes, controlled by the [`tlsmaxrsasize` setting](/pkg/crypto/tls#Conn.Handshake). The default is tlsmaxrsasize=8192, limiting RSA to 8192-bit keys. To avoid denial of service attacks, this setting and default was backported to Go 1.19.13, Go 1.20.8, and Go 1.21.1. Go 1.22 made it an error for a request or response read by a net/http client or server to have an empty Content-Length header.
Plain Text - Registered: Tue Apr 23 11:13:09 GMT 2024 - Last Modified: Tue Apr 16 17:29:58 GMT 2024 - 13.5K bytes - Viewed (0) -
CHANGELOG.md
``` * New: `Cookie.sameSite` determines whether cookies should be sent on cross-site requests. This is used by servers to defend against Cross-Site Request Forgery (CSRF) attacks. * New: Log the total time of the HTTP call in `HttpLoggingInterceptor`. * New: `OkHttpClient.Builder` now has APIs that use `kotlin.time.Duration`.
Plain Text - Registered: Fri Apr 26 11:42:10 GMT 2024 - Last Modified: Thu Apr 18 01:31:39 GMT 2024 - 21.4K bytes - Viewed (0) -
cmd/object-api-utils.go
} return o.DecryptedSize() } return o.Size, nil } // Disabling compression for encrypted enabled requests. // Using compression and encryption together enables room for side channel attacks. // Eliminate non-compressible objects by extensions/content-types. func isCompressible(header http.Header, object string) bool { globalCompressConfigMu.Lock() cfg := globalCompressConfig
Go - Registered: Sun Apr 21 19:28:08 GMT 2024 - Last Modified: Mon Mar 11 11:55:34 GMT 2024 - 35.6K bytes - Viewed (1) -
okhttp/src/main/kotlin/okhttp3/HttpUrl.kt
* * ```java * String attack = "http://example.com/static/images/../../../../../etc/passwd"; * System.out.println(new URL(attack).getPath()); * System.out.println(new URI(attack).getPath()); * System.out.println(HttpUrl.parse(attack).encodedPath()); * ``` * * By canonicalizing the input paths, they are complicit in directory traversal attacks. Code that * checks only the path prefix may suffer! *
Plain Text - Registered: Fri Apr 26 11:42:10 GMT 2024 - Last Modified: Tue Jan 09 12:33:05 GMT 2024 - 63.5K bytes - Viewed (1) -
android/guava/src/com/google/common/collect/Synchronized.java
return typePreservingCollection(entry.getValue(), mutex); } }; } }; } // See Collections.CheckedMap.CheckedEntrySet for details on attacks. @Override public @Nullable Object[] toArray() { synchronized (mutex) { /* * toArrayImpl returns `@Nullable Object[]` rather than `Object[]` but only because it can
Java - Registered: Fri Apr 26 12:43:10 GMT 2024 - Last Modified: Mon Apr 01 16:15:01 GMT 2024 - 53.4K bytes - Viewed (0) -
cmd/admin-handlers-users.go
return } operation := mux.Vars(r)["operation"] if operation != "attach" && operation != "detach" { writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminInvalidArgument), r.URL) return } isAttach := operation == "attach" password := cred.SecretKey reqBytes, err := madmin.DecryptData(password, io.LimitReader(r.Body, r.ContentLength))
Go - Registered: Sun Apr 21 19:28:08 GMT 2024 - Last Modified: Thu Apr 18 15:15:02 GMT 2024 - 76K bytes - Viewed (0)