要编写安全的代码,必须首先了解您的应用面临的威胁。
To write secure code, you must first understand the threats to which your work is exposed.
另一种是找到确保软件开发人员编写的代码中有更少的缺陷的方法,这样黑客就有更少的安全漏洞可以利用。
Another is to find ways to ensure that software developers produce code with fewer flaws in it so that hackers have fewer security holes to exploit.
至少某些开发和评审代码的人必须知道如何编写安全的程序。
At least some of the people developing and reviewing the code must know how to write secure programs.
我的理解是,当出现这类约束时,开发人员通常会放弃J2EE安全而开始自己编写代码。
My understanding is that when such constraints appear, developers typically abandon J2EE security and start writing code for themselves.
这包括若干安全增强,例如关闭脚本漏洞和欺骗保护。而且,大部分增强不会影响您的工作,除非您正打算编写恶意代码。
Several security enhancements are included, from closing script vulnerabilities to phishing protection, but most of them won't affect your work unless you happen to be writing malicious code.
从表面上看,锁省略似乎可以允许我们不必忍受同步带来的负担,就可以编写线程安全的代码了,前提是在同步的确是多余的情况下。
On the surface it looks as though lock elision allows us to write thread safe code without any synchronization penalty for using in cases where it really wasn't needed.
应用程序开发者应该把他们要实现所需的安全性功能而需要编写的所有代码都保留在某个单独的模块中,将来这个模块会被买来的基础架构代替。
Application developers should keep whatever code they need to write to implement the required security functionality in some separate module that will be replaced by bought infrastructure over time.
CWE还为程序员提供了编写更安全的代码所需要的更详细的内容。
CWE also provides more details needed for programmers to write more secure code.
在本系列文章的第1部分中,我讨论了一些基本的PHP设计规则,并介绍了如何编写安全、简单、与平台无关且快速的代码。
In Part 1 of this series, I discussed some basic PHP design rules and covered how to write secure, simple, platform-independent, speedy code.
编写安全代码的技巧。
如果存在一种针对此情形的更安全(且可能更快)的语言风格(映射-减法),则没有借口编写这样的不安全代码,即使它“在此情形下”看起来是安全的。
Given that a safer (and possibly faster) idiom exists for this - map-reduce - there's no excuse for writing such unsafe code, even if it seems safe "in this case."
在刚引入JIT的时候,为了确保GC操作的安全,我不得不编写代码,让垃圾回收器停止(VM)系统内的所有线程。
When I introduced the JIT, I had to write code to allow the garbage collector to stop all threads in the system so it could safely GC.
将其转换为线程安全是一件简单(其实很困难,编写充满bug的代码倒是很简单)的工作(但是需要更多的努力)。
This is simple (but difficult. makes buggy code easy) work to make them thread-safe (but many efforts are needed).
这些工具帮助用户利用我们在内部使用多年的工具,编写自己的安全和高质量的托管代码或原生代码。
This helped customers write secure and quality code for managed and native platforms using the same tools that we had been using internally for years.
换句话说,编译器生成的代码与您手工编写的不用泛型、检查程序的类型安全后进行强制类型转换所得到的代码基本相同。
In other words, the compiler generates pretty much the same code you would have written by hand without generics, casts and all, after checking the type-safety of your program.
唯一的麻烦是这款操作系统使用全新编写的代码,因此我们需要花上一些时间才能确定这些代码会不会导致新的安全问题。
The only problem is a lot of new code was written for Chrome OS, and it will take some time to work out all of the potential new problems introduced.
使用GSS - API的主要优点是,通过使用这种通用API编写代码,您的实现可以与不同的安全性系统互操作。
The main advantage of using the GSS-API is that by writing to this generic API, your implementation can interoperate with various security systems.
当然,使用托管代码的主要的好处之一是对代码访问安全性的支持,并且在您的程序集中编写的代码可利用用户的安全策略。
Of course, one of the main benefits of using managed code is the support for code access security, and code you write in your assembly takes advantage of the user's security policies.
批处理应用程序开发人员可以编写线程安全的、且在单个线程中执行的代码。
Batch application developers write code that is thread-safe and executes on a single thread.
SEA还将负责与编写安全性服务代码的程序员及在部署系统前对其进行测试的安全性系统测试人员合作。
The SEA will also be responsible for working with programmers who have to code security services and security system testers who can put the system through a testing phase before it is deployed.
使用Shiro,您就能够为您的应用程序提供安全性而又无需从头编写所有代码。
By using Shiro, you can provide security for your application without writing all of the code from the beginning.
计算机公司已然意识,编写安全代码几乎不可能,只有公开才是最好的防御。
Computer firms have learned that writing secure code is almost impossible and that openness is the best defence.
它主要被设计成供由JiBX框架所添加的代码使用,而不是为手工编写的代码使用,所以它避免了状态检查和类似的安全措施。
It's designed primarily for use by code that's added by the JiBX framework rather than written by hand, so it avoids state checks and similar safeguards.
Long说:“如果程序员们不被激励以使用安全的库并避免不好的函数或技术,如何使他们走向更艰难的编写安全代码之路呢? ”。
"If programmers are not motivated to, say, use secure libraries or to avoid known bad functions or techniques, where is the incentive to take the tougher path of writing secure code," Long said.
Jt框架还使用声明安全性来避免编写易出错的安全代码。
The Jt framework also uses declarative security which avoids the need for error-prone security coding.
不需要其他第三方支持,每个控件的安全子类技术都是使用汇编代码的编写。
No third party support, the security sub-class of each control technologies are written in assembly code.
不需要其他第三方支持,每个控件的安全子类技术都是使用汇编代码的编写。
No third party support, the security sub-class of each control technologies are written in assembly code.
应用推荐