When the connector is passivated and the application server writes it to disk, an unauthorized party could go into the temporary file and retrieve the credentials.
但是,将解密后的 AuthBundle 存储到实例变量(_credentials)中,则是个错误的做法,在连接器被挂起以及应用服务器将其写入磁盘的过程中,未经身份验证的人就可能进入临时文件中检索凭证。
When the connector is passivated and the application server writes it to disk, an unauthorized party could go into the temporary file and retrieve the credentials.
但是,将解密后的 AuthBundle 存储到实例变量(_credentials)中,则是个错误的做法,在连接器被挂起以及应用服务器将其写入磁盘的过程中,未经身份验证的人就可能进入临时文件中检索凭证。
应用推荐