因为PHP可以为您管理记忆,所以PHP代码不会导致堆栈和缓冲溢出。
Because PHP manages memory for you, there's no PHP code that can result in stack and buffer overflow exploits.
这里有两种主要的超级用户进入类型:缓冲溢出攻击和在服务器上执行脚本。
There are two main types of root exploits: buffer overflow attacks and executing scripts against a server.
在缓冲溢出攻击中,黑客利用了程序执行期间存储分配中的特定计算机程序漏洞。
In a buffer overflow attack, the hacker takes advantage of specific type of computer program bug that involves the allocation of storage during program execution.
此外,您要记住,有些问题必须通过更新才能修复,比如缓冲溢出和网络客户端等问题。
Also keep in mind that many times, updates are the only way to fix problems such as those related to buffer overflows, network client issues, and so on.
有很多应用程序级别的普通保密问题会引起打破保密性,包括缓冲溢出和嵌入SQL。
There are many common application-level security issues which can lead to security breaches, including buffer overflows and SQL injection.
例如,在描述缓冲溢出攻击时,他让我们想像一些不懂得质疑,仅仅是无条件遵循手工列出的条例的办公室工作人员。
For instance, to describe a buffer overflow attack, he asks us to imagine an office worker who follows the instructions listed in a manual without questioning them.
网络安全日益为人们所重视,其关键就是缓冲溢出问题,几乎所有的操作系统都避免不了缓冲溢出漏洞的威胁。
The network security takes day by day for the people, its key is the cushion overflow question, the nearly all operating sys- tem could not avoid the cushion overflow loophole threat.
由模糊测试导致的许多故障都是内存分配错误及缓冲器溢出的直接结果。
Many of the crashes resulting from fuzz testing are direct results of memory allocation mistakes and buffer overflows.
如果没有发生缓冲区溢出,返回值始终是组合字符串的长度;这使得检测缓冲区溢出真正变得容易了。
The return value is always the size of the combined string if no buffer overflow occurred; this makes it really easy to detect an overflow.
当进程尝试将数据储存到固定长度的缓冲区的范围之外时,就会出现缓冲区溢出。
A buffer overflow, or buffer overrun, occurs when a process attempts to store data beyond the boundaries of a fixed-length buffer.
这可防止在缓冲区溢出时服务器进行额外的CPU和磁盘工作。
This prevents the server from doing added CPU and disk work if the buffer overflows.
它对潜在的问题提出警告,如在c中编程时可能出现的缓冲区溢出,并就如何预防这些问题提供了建议。
It gives warnings about potential problems, such as buffer overflows that can occur when programming in c, and gives advice about how to prevent them.
任何允许外部实体来输入数据的程序都容易受到恶意的攻击,例如缓冲区溢出和嵌入式控制字符。
Any program that allows an external entity to input data is vulnerable to malicious activity, such as buffer overflows and embedded control characters.
毕竟,也许有人已经用十六进制编辑器手工修改了字节符,试图触发缓冲器溢出。
After all, someone could have changed the bytecode manually with a hex editor to attempt to trigger a buffer overflow.
从根本上讲,所有这些方法都能减轻从程序接管攻击到拒绝服务攻击的缓冲区溢出攻击所带来的破坏。
Fundamentally, all these approaches reduce the damage of a buffer overflow attack from a program-takeover attack into a denial-of-service attack.
利用缓冲区溢出进行攻击可以改变这个过程,并且允许黑客执行任何他们期望的函数。
Attacking using a buffer overflow can change this process and allow an attacker to execute any function they wish.
攻击者也许能够通过改变函数中其他数据的值来利用缓冲区溢出;没有哪种方法能够防止这点。
An attacker may be able to exploit a buffer overflow by changing the value of other data in the function; none of these approaches counter that.
缓冲区溢出是许多安全性问题的起因。
一种替代方法是使用另一种编程语言,因为如今的几乎其他所有语言都能防止缓冲区溢出。
An alternative is to use another programming language, since almost all of today's other languages protect against buffer overflows.
如果攻击者能够导致缓冲区溢出,那么它就能控制程序中的其他值。
If an attacker can cause a buffer to overflow, then the attacker can control other values in the program.
假设您了解缓冲区溢出问题的存在,则您也不得不检查每一行代码以发现这个特殊的漏洞。
You also have to review every line of code to find this particular hole, assuming you understood that it existed.
为什么缓冲区溢出如此常见?
有许多工具可以在缓冲区溢出缺陷导致问题之前帮助检测它们。
There are a number of tools that can help detect buffer overflow vulnerabilities before they're released.
从2004年开始,用户应该开始避免使用这样的操作系统,即它们至少没有对缓冲区溢出提供某种自动保护机制。
Beginning in 2004, users should start avoiding any operating system that fails to provide at least some automatic protection against buffer overflows.
现在让我们快速回顾一下缓冲区溢出问题。
在缓冲区溢出攻击的实例中,程序的内部值溢出,从而改变程序的运行方式。
In the instance of a buffer overflow attack, an internal value in a program is overflowed to alter how the program runs.
这样使得操纵返回地址困难多了,但它不会阻止改变调用函数的数据的缓冲区溢出攻击。
This makes it much harder to manipulate the return address, but it doesn't defend against buffer overflow attacks that change the data of calling functions.
内存空间缺口——通过栈溢出、缓冲区溢出或堆错误来实现,以宿主进程的权限执行攻击者提供的任何代码。
Memory space breach — Accomplished via stack overflow, buffer overrun, or heap error, enables execution of arbitrary code supplied by the attacker with the permissions of the host process.
这种攻击可能还会导致缓冲区溢出。
这种攻击可能还会导致缓冲区溢出。
应用推荐