游戏中的人物有5种决定战斗能力的属性:攻击值、伤害、攻击速度、防御和盔甲。
The game's characters currently have five combat attributes that determine their performances in battle. They are attack value, damage, attack speed, defense, and armor.
如果与属性值没有任何关联,那么这种攻击甚至可以通过溢出字符串限制来损害基于SAX的系统。
If it's dereferenced in an attribute value, this attack can even damage a SAX-based system by overflowing the limits of a string.
XML对元素名称、实体深度和类似的东西没有内建限制,所以攻击者可以为这些构造体提供很长的值。
XML has no built-in limits on names of elements, entity depths, and the like, so an attacker could provide long values for these constructs.
攻击者也许能够通过改变函数中其他数据的值来利用缓冲区溢出;没有哪种方法能够防止这点。
An attacker may be able to exploit a buffer overflow by changing the value of other data in the function; none of these approaches counter that.
在缓冲区溢出攻击的实例中,程序的内部值溢出,从而改变程序的运行方式。
In the instance of a buffer overflow attack, an internal value in a program is overflowed to alter how the program runs.
会话固定攻击就是将客户端的会话id强制设置为一个明确的已知值。
A session fixation attack is designed to force the session ID of a client to an explicit, known value.
如果有不怀好意的使用者覆写缓冲区,则会变更标志的值,从而指出攻击者是非法存取专用文件。
If a malicious user can overwrite the buffer, then the value of the flag can be changed, thus providing the attacker with illegal access to private files.
你还可以看到疯狂卷曲的花,你可以攻击它们并得到一些生命值。
Also, you're going to see these crazy spiraled flowers that you can attack and get to spit out health.
当数字值在不同的尺寸之间转换时,攻击者会利用这个操作吗?
When numeric values are translated between different sizes, can an attacker exploit this?
把SSH的标准端口改为不常用的值并增强SSH配置,从而挡住最简单的攻击。
Changing SSH's standard port to an unusual value and reinforcing SSH configuration so that simple-minded attacks just bounce back.
注意,程序的名字只是命令行值的第0个参数——不要相信程序名,因为攻击者会改变它。
Note that the name of the program is just argument number 0 in the command line values — don't trust the program name, since an attacker can change it.
不管怎样,输入值验证和数据消毒(sanitation)是防止XSS攻击的关键因素。
In either case, input value validation and sanitization are the key to preventing XSS attacks.
服务器将假设Request - Token头部中缺乏正确的值的任何请求都是CSRF攻击企图并将拒绝它们。
The server will assume that any requests that lack the correct value in the Request-Token header are CSRF attack attempts and will reject them.
要防止受到XSS攻击,只要变量的值将被打印到输出中,就需要通过htmlentities()函数过滤输入。
To guard yourself against XSS attacks, filter your input through the htmlentities() function whenever the value of a variable is printed to the output.
如果一位粗心大意的开发人员输入了清单5中的文本(以便直接嵌入值),这个调用将面临SQL注入攻击的风险。
If a less-than-careful developer entered the text from Listing 5 (in the hopes of embedding the values directly), the call would be exposed to SQL injection attacks.
与上一示例一样,此页也会受到SQLInjection攻击,因为执行的SQL是通过用户输入的值动态构造的。
Like the last example, the page is ripe for SQL injection attacks because the executed SQL is constructed dynamically from a user-entered value.
但是有可能通过rainbow表去攻击密码的hash值:预先计算出来的数量庞大的hash值,涵盖所有可能的字符组合。
But it is possible to attack the hashed value of your password using rainbow tables: enormous, pre-computed hash values for every possible combination of characters.
Web应用程序使用POST中包含的nonce(值仅在短期内有效的惟一字符串)来防范服务拒绝攻击。
The Web application USES a nonce (a unique string whose value is valid only for a short time) that is included in the POST as a way to guard against denial-of-service attacks.
要问的问题是攻击者可以控制变量filename的值吗?
The question to ask is can an attacker control the value of the variable filename?
通常攻击者会使用它想要运行的恶意代码来使缓冲区溢出,然后攻击者会更改返回值以指向它们已发送的恶意代码。
Often the attacker will overrun the buffer with the malicious code the attacker wants to run, and the attacker will then change the return value to point to the malicious code they've sent.
如果攻击者能够导致缓冲区溢出,那么它就能控制程序中的其他值。
If an attacker can cause a buffer to overflow, then the attacker can control other values in the program.
这是不对的,因为攻击者非常聪明;他们常常会想到出其他的危险数据值。
It's a mistake because attackers are quite clever; they can often think of yet another dangerous data value.
攻击者接下来将密码重新设置为特定的值。
The attacker then asks for the password to be reset to a specific value.
这是一种有用的方法,不过要注意这种方法无法防止缓冲区溢出改写其他值(攻击者仍然能够利用这些值来攻击系统)。
This is a useful approach, but note that this does not protect against buffer overflows overwriting other values (which they may still be able to use to attack a system).
这是因为攻击者可能会做一些不合常理的事情,例如为同一个环境变量名创建多个值(比如两个不同的LD _ LIBRARY _ path值)。
It's because attackers can do weird things such as create multiple values for the same environment variable name (like two different LD_LIBRARY_PATH values).
某些攻击会以属性伤害或属性吸取的形式对属性值造成伤害。
Some attacks deal damage to an ability score in the form of ability damage or ability drain.
这些调用不是成功攻击的必要条件,但它们可用来说明攻击的最终结果,那就是创建了一个包含无效值的Vulnerable对象。
These calls are not necessary for the attack to succeed, but they serve to demonstrate the end result of the attack, which is that a Vulnerable object is created that has an invalid value.
爆炸雕文:雕文被破坏时将会爆炸,伤害值基于剩余的充能。雕文每回合、或每次受到攻击都将会消耗掉一层。
Explosive Glyph: the Glyphs explode when destroyed, inflicting damage based on the charges left. Glyphs automatically lose a charge each turn and when they are attacked.
即使一个攻击者获得权限看到你经过hash的密码,也不可能只从hash值重建密码。
Even if an attacker gained access to the hashed version of your password, it's not possible to reconstitute the password from the hash value alone.
即使一个攻击者获得权限看到你经过hash的密码,也不可能只从hash值重建密码。
Even if an attacker gained access to the hashed version of your password, it's not possible to reconstitute the password from the hash value alone.
应用推荐