要降低这种攻击形式的风险,您应该考虑启用会话安全性。
To reduce the risk of this form of attack, you should consider enabling session security.
会话安全由SSL/TLS 保证,并且只允许来自指定主机或地址范围的连接。
The session is secured by use of SSL/TLS and can be restricted to permit connections only from specified hosts or address ranges.
如果其中任何一台机器停机,会话仍然是安全的。
If any of the machines goes down, the session is still safe.
如果是的话,它将更新会话对象中的安全上下文。
If so, it updates the security context in the session object.
典型的例子包括记录关于请求和响应的数据、处理安全协议、管理会话属性,等等。
Typical examples include logging data about the request or response, processing security protocols, managing session attributes, and more.
在这个文献中,我们没有找到任何关于将这个标识作为安全会话标识符的警告。
In the documentation, we did not find any warning against using the token as a secure session identifier.
这些设置可以是JMS连接工厂和目的地、jdbc数据源、J2EE安全设置、邮件会话等等。
These Settings can include JMS connection factories and destinations, JDBC data sources, J2EE security Settings, mail sessions, and so on.
成功认证后,同用户的安全会话就被确立了。
On successful authentication, a secure session is established with the user.
增强认证支持,对建立安全的远程会话和用户认证提供了更强大的处理能力。
Enhanced authentication support that provides stronger processes for establishing secure remote sessions and authenticating users.
现在就建立了一个安全连接,会话其余部分的通信是用秘钥加密的。
A secure connection is now established, and communication for the rest of the session is encrypted using the secret key.
当使用EJB安全模型调用服务实现、会话ejb时,将实现授权处理。
Authorization is achieved when the service implementation, session EJB, is called using the EJB security model.
这三个样式表将这个SAML 令牌和一个给定的安全会话事务关联起来。
Together, they will associate the SAML token with a given secure conversation transaction.
SIF将检查是否存在一个会话对象,以及它是否包含安全上下文。
SIF checks whether a session object exists and contains a security context.
客户端连接器和本机的流程代理程序建立一种安全的会话,并在基础架构中将玩家的标识与会话关联起来。
The Client Connector establishes a secure session with the local Process Broker, and associates the session with the player’s identity within the infrastructure.
安全会话的上下文在安全文档内受到很有效的保护。
The context of a secure session is effectively preserved within the secure document.
创建的合乎逻辑的安全会话很灵活、具有很长的寿命,而且它允许多方参与同一安全会话。
A logical secure session is created that is flexible, has a long life, and allows numerous parties to be part of the same secure session.
这样,我们就清楚生产一个良好的会话管理解决方案是相当困难的,更不用说一个安全的会话管理解决方案了。
Thus, we see that it is difficult to produce a good session management solution, let alone a secure session management solution.
服务器相信会话已处于活动状态,从而返回一个确信响应给新用户,这表明一个全新的会话被创建且凭证已被安全存储。
The server, believing that the session is already active, returns a reassuring response to the new user that suggests that a brand new session was created and the credentials were safely stored.
它从会话对象中检索安全上下文,并将其放置在名为securitycontextholder的临时占位符中。
It retrieves the security context from the session object and places it in a temporary placeholder called security context holder.
Header包含了对处理调用非常有用的附加信息,如安全、验证、会话信息或者其他任何有用的信息。
The header contains additional information that is useful in processing the call, such as security, authentication, session information, or any other useful data.
一旦一个安全的Servlet访问该会话,则它会被标记为被该用户“拥有”。
Once a secure servlet accesses the session, it is marked as "owned" by that user.
生成一个安全会话令牌的能力,WebSphereDataPower和MicrosoftWCF客户机可以使用该令牌来保护消息交换。
Ability to generate a secure conversation token that WebSphere DataPower and the Microsoft WCF client can use to secure the messages exchanged.
在你使用这个模式的时候,全部的web会话更安全,因为在历史记录及缓存中不会保留任何数据。
When you use the private browsing mode, your entire Web session is more secure, since no data is retained in the history or cache.
因此,您能够将有效的门户会话和对安全资源的访问授权给WebSphereApplicationServer无法使用其缺省的身份验证机制进行身份验证的请求。
Hence, you have the ability to grant valid portal sessions and access to secured resources to requests that WebSphere Application Server can't authenticate with its default authentication mechanism.
多方(不止两方)之间的安全会话。
对于会话bean,将数据保持在安全、长期的数据存储中是开发人员的责任。
With session beans, the responsibility of persisting data to a secure, long-term datastore is on the developer's shoulders.
过滤器支持servlet和jsp页面的基本请求处理功能,比如日志记录、性能、安全、会话处理、XSLT转换,等等。
Filters support the basic request processing facilities of servlets and JSP pages, such as logging, performance, security, session-handling, XSLT transformation, and more.
确保登录页面在安全会话期间只出现一次,这也是Acegi的职责。
It is also Acegi's responsibility to make sure that the login page is served only once during a secure session.
WebSphereDataPowerSOA设备也用于对需要安全会话的Web服务实施安全策略。
The WebSphere DataPower SOA appliance is also used to enforce the security policy of the web service that requires the secure conversation. The scenario was implemented on
与任何其他Web应用程序一样,如果用户的机器的安全性受到威胁的话,最好结束浏览器会话以规避将来的安全隐患。
As with any other Web applications, it is best to end the browser session to be safe of any future exploits, if the user's machine is compromised.
应用推荐