V2EX 第 236963 号会员,加入于 2017-06-23 22:40:03 +08:00
根据 sue0917 的设置,主题列表被隐藏
二手交易 相关的信息,包括已关闭的交易,不会被隐藏
sue0917 最近回复了
15 天前
回复了 kensoz 创建的主题 程序员 上司不允许使用 es6 新特性理由是他看不懂
等你成 Leader,你也会成为你最讨厌的人。。。 如果你考虑不到那些,可能你成不了 Leader
@Blessing1 原来一个用户只可以用一次 100 代金券,。 我来找你续费了
@xz410236056 香港轻量,230 一年
本来想续费的,结果香港轻量 100 代金券才 12.8 一个月,这个 230 一年要 19 一个月,感觉不太值呢
51 天前
回复了 nightspirit 创建的主题 程序员 jwt 的 token 被获取怎么办

Token Sidejacking¶

This attack occurs when a token has been intercepted/stolen by an attacker and they use it to gain access to the system using targeted user identity.

How to Prevent¶
A way to prevent it is to add a "user context" in the token. A user context will be composed of the following information:

A random string that will be generated during the authentication phase. It will be sent to the client as an hardened cookie (flags: HttpOnly + Secure + SameSite + cookie prefixes).
A SHA256 hash of the random string will be stored in the token (instead of the raw value) in order to prevent any XSS issues allowing the attacker to read the random string value and setting the expected cookie.
IP addresses should not be used because there are some legitimate situations in which the IP address can change during the same session. For example, when an user accesses an application through their mobile device and the mobile operator changes during the exchange, then the IP address
55 天前
回复了 theklf4 创建的主题 奇思妙想 想发明一种用声卡挖矿的币
当然是微 PE 了,很好用的
61 天前
回复了 10bkill1p 创建的主题 知乎 如何应对孤独感?
关于   ·   帮助文档   ·   FAQ   ·   API   ·   我们的愿景   ·   广告投放   ·   感谢   ·   实用小工具   ·   1269 人在线   最高记录 5497   ·     Select Language
World is powered by solitude
VERSION: · 10ms · UTC 00:19 · PVG 08:19 · LAX 17:19 · JFK 20:19
♥ Do have faith in what you're doing.