编写安全代码的技巧。
编写安全代码,它将定义有权访问并使用数据的人员。
Writing the security code that defines who can access and use the data.
计算机公司已然意识,编写安全代码几乎不可能,只有公开才是最好的防御。
Computer firms have learned that writing secure code is almost impossible and that openness is the best defence.
Long说:“如果程序员们不被激励以使用安全的库并避免不好的函数或技术,如何使他们走向更艰难的编写安全代码之路呢? ”。
"If programmers are not motivated to, say, use secure libraries or to avoid known bad functions or techniques, where is the incentive to take the tougher path of writing secure code," Long said.
另一种是找到确保软件开发人员编写的代码中有更少的缺陷的方法,这样黑客就有更少的安全漏洞可以利用。
Another is to find ways to ensure that software developers produce code with fewer flaws in it so that hackers have fewer security holes to exploit.
至少某些开发和评审代码的人必须知道如何编写安全的程序。
At least some of the people developing and reviewing the code must know how to write secure programs.
应用程序开发者应该把他们要实现所需的安全性功能而需要编写的所有代码都保留在某个单独的模块中,将来这个模块会被买来的基础架构代替。
Application developers should keep whatever code they need to write to implement the required security functionality in some separate module that will be replaced by bought infrastructure over time.
我的理解是,当出现这类约束时,开发人员通常会放弃J2EE安全而开始自己编写代码。
My understanding is that when such constraints appear, developers typically abandon J2EE security and start writing code for themselves.
这包括若干安全增强,例如关闭脚本漏洞和欺骗保护。而且,大部分增强不会影响您的工作,除非您正打算编写恶意代码。
Several security enhancements are included, from closing script vulnerabilities to phishing protection, but most of them won't affect your work unless you happen to be writing malicious code.
要编写安全的代码,必须首先了解您的应用面临的威胁。
To write secure code, you must first understand the threats to which your work is exposed.
在本系列文章的第1部分中,我讨论了一些基本的PHP设计规则,并介绍了如何编写安全、简单、与平台无关且快速的代码。
In Part 1 of this series, I discussed some basic PHP design rules and covered how to write secure, simple, platform-independent, speedy code.
CWE还为程序员提供了编写更安全的代码所需要的更详细的内容。
CWE also provides more details needed for programmers to write more secure code.
使用GSS - API的主要优点是,通过使用这种通用API编写代码,您的实现可以与不同的安全性系统互操作。
The main advantage of using the GSS-API is that by writing to this generic API, your implementation can interoperate with various security systems.
当然,使用托管代码的主要的好处之一是对代码访问安全性的支持,并且在您的程序集中编写的代码可利用用户的安全策略。
Of course, one of the main benefits of using managed code is the support for code access security, and code you write in your assembly takes advantage of the user's security policies.
批处理应用程序开发人员可以编写线程安全的、且在单个线程中执行的代码。
Batch application developers write code that is thread-safe and executes on a single thread.
这个代码允许您编写一些UI工件以便在任何DojoX Secure沙箱中使用,并实现安全加载和执行。
This code lets you write UI artifacts for use within any DojoX secure sandbox and count on secure loading and execution.
在刚引入JIT的时候,为了确保GC操作的安全,我不得不编写代码,让垃圾回收器停止(VM)系统内的所有线程。
When I introduced the JIT, I had to write code to allow the garbage collector to stop all threads in the system so it could safely GC.
将其转换为线程安全是一件简单(其实很困难,编写充满bug的代码倒是很简单)的工作(但是需要更多的努力)。
This is simple (but difficult. makes buggy code easy) work to make them thread-safe (but many efforts are needed).
这些工具帮助用户利用我们在内部使用多年的工具,编写自己的安全和高质量的托管代码或原生代码。
This helped customers write secure and quality code for managed and native platforms using the same tools that we had been using internally for years.
从表面上看,锁省略似乎可以允许我们不必忍受同步带来的负担,就可以编写线程安全的代码了,前提是在同步的确是多余的情况下。
On the surface it looks as though lock elision allows us to write thread safe code without any synchronization penalty for using in cases where it really wasn't needed.
换句话说,编译器生成的代码与您手工编写的不用泛型、检查程序的类型安全后进行强制类型转换所得到的代码基本相同。
In other words, the compiler generates pretty much the same code you would have written by hand without generics, casts and all, after checking the type-safety of your program.
您不需要编写任何特定安全代码(即使在安全环境中),因为这个插件将在WSRR应用程序内部运行,从WSRR继承安全凭据。
You don't need to write any specific code for security, even in a secure environment, because this plug-in runs within the WSRR application and inherits security credentials from WSRR.
唯一的麻烦是这款操作系统使用全新编写的代码,因此我们需要花上一些时间才能确定这些代码会不会导致新的安全问题。
The only problem is a lot of new code was written for Chrome OS, and it will take some time to work out all of the potential new problems introduced.
SEA还将负责与编写安全性服务代码的程序员及在部署系统前对其进行测试的安全性系统测试人员合作。
The SEA will also be responsible for working with programmers who have to code security services and security system testers who can put the system through a testing phase before it is deployed.
使用Shiro,您就能够为您的应用程序提供安全性而又无需从头编写所有代码。
By using Shiro, you can provide security for your application without writing all of the code from the beginning.
它主要被设计成供由JiBX框架所添加的代码使用,而不是为手工编写的代码使用,所以它避免了状态检查和类似的安全措施。
It's designed primarily for use by code that's added by the JiBX framework rather than written by hand, so it avoids state checks and similar safeguards.
如果存在一种针对此情形的更安全(且可能更快)的语言风格(映射-减法),则没有借口编写这样的不安全代码,即使它“在此情形下”看起来是安全的。
Given that a safer (and possibly faster) idiom exists for this - map-reduce - there's no excuse for writing such unsafe code, even if it seems safe "in this case."
这可能导致系统不安全,因为黑客可以编写代码来直接调用EJB,而得以绕过web层。
This can lead to an insecure system, as hackers may be able to write code to call the EJB directly and bypass the Web tier.
这可能导致系统不安全,因为黑客可以编写代码来直接调用EJB,而得以绕过web层。
This can lead to an insecure system, as hackers may be able to write code to call the EJB directly and bypass the Web tier.
应用推荐