通过阻塞特定IP的HTTP请求处理,可以防止暴力破解口令攻击。
The blocking of processing HTTP requests for particular IPs prevents brute force password attacks.
仿真实验表明,该身份认证模型能够承受各种口令攻击,有效过滤非法用户的登录请求,具有较好的鲁棒性和可用性。
Simulation tests show that the identity authentication model can stand with password attacks, filtrate out invalid login requests availably, and have advantages of good robustness and reliability.
防止这种类型攻击的最佳方法是加强策略,使口令很难被猜中。
The best way to prevent this type of attack is to enforce policies that make passwords difficult to guess.
通过修改url,攻击者可以对数据库结构逆向开发,有可能找到用户姓名、口令甚至信用卡号。
By modifying the URL, attackers can reverse-engineer the database structure and potentially find users' names, passwords, or even credit card Numbers.
利用这些方案,计算机系统不仅能监测和控制口令的使用,而且可以抗击许多对口令的伪造攻击。
By using these schemes, computer system can not only supervises and controls all passwords, but also withstand all attack of forging password.
如果有人要攻击一次交易,他不要破译加密的口令就能在IS P层面上得到所需的一切。
If someone wanted to attack a transaction, they could get everything they need at the ISP level, without breaking an encrypted password.
EKE协议是基于弱口令的密钥交换协议,通过使用对称密钥加密体制和公钥加密体制,能够很好地抵抗离线字典攻击。
EKE is a kind of key exchange protocol based on week password and can resist offline dictionary attacks by use of symmetric key encryption and public key encryption.
在他们的方案中,用户能随意更改口令,远程系统不需要存储用户的口令表或验证表,并能防止重放攻击。
In their scheme users can change their passwords freely and the remote system does not need the directory of passwords or verification tables, and replay attack can be avoided.
这样增加了安全性,因为攻击者需要知道用户的口令,并且能够对提供第二因子的客户端进行访问,如e -mail账号或移动电话等。
Security is increased because an attacker needs to know the user's password and have access to whatever provides the second factor, such ane-mail account or cell phone.
基于验证元的口令认证密钥交换协议的最基本安全目标是抵抗字典攻击和服务器泄露攻击。
The fundamental security goal of verifier-based password-authenticated key exchange protocol is security against dictionary attack and server compromise attack.
由于每次登录时用户提交的认证信息都是固定不变的,传统的口令认证机制容易遭受回放攻击。
Traditional password authentication schemes are vulnerable to replay attacks because of the fixed password and unchanged messages submitted by users for verification.
利用漏洞对系统进行攻击成为了黑客们惯用本文针对对管理员账号口令为空这一安全漏洞,采用了一些基本的攻击方法,详细地描述了具体地攻击过程。
In this paper, we focus on the vulnerability that the administrator account and password are empty, using some basic methods of attack, describing in detail the process of attacks.
传统的身份认证只是一种用户名和口令的简单组合,在充满黑客和攻击的网络环境下,这种认证方式已经不能充分保证应用系统的安全。
Traditional ID authentication combines a user name and a password, which is not sufficient enough to assure the security of application systems in an environment full of hackers network attacks.
针对服务器泄漏攻击,给出了抵抗这种攻击的方法,提出了一个新的基于口令的认证密钥协商协议。
Attack, a method of resisting server compromise attack is given and a new password-based authenticated key agreement protocol is proposed.
该方法在保持原有协议的基本体系不变的前提下,较大地提高了安全性,有效地防范了口令猜测攻击和口令泄漏等。
This way improved its security against password guessing attacks and password leaking without any change of the original protocol framework.
主要手法有:口令漏洞攻击、SQLServer扩展存储过程攻击、SQL注入(SQLInjection)、窃取备份等。
The main way: password loophole attack, SQL Server extended stored procedure attack, SQL Injection (SQL Injection), steals backup, etc.
特点是网络用户可以自由选择其口令,通过对口令增加时间戳还可抵抗重放攻击。
Not only can the network users freely choose their preferred passwords, but the network system can also be protected against replaying by time stamping the password.
特点是网络用户可以自由选择其口令,通过对口令增加时间戳还可抵抗重放攻击。
Not only can the network users freely choose their preferred passwords, but the network system can also be protected against replaying by time stamping the password.
应用推荐