2. Never - under any
circumstances - trust
data from browser!
213年10月1⽇日星期⼆二
3. A simple theory of security
(based on 質餘)
‣ choose 2 prime p, q
‣ n = p, q
‣ based on Euler Function, phi(n) = (p-1)(q-1)
‣ 1 < e, public key <= phi(n)
‣ let d 是 e 的modulo reverse,
d。e 同餘 1 mod phi(n)
313年10月1⽇日星期⼆二
4. A simple theory of security
(based on 質餘) cont.
413年10月1⽇日星期⼆二
5. Number example (from wiki)
1. Choose two distinct prime numbers, such as and .
2. Compute n = p。q giving
3. Compute the totient of the product as φ(n) = (p − 1)(q − 1) giving.
4. Choose any number 1 < e < 3120 that is coprime to 3120. Choosing a prime number for
e leaves us only to check that e is not a divisor of 3120.Let
5. Compute d, the modular multiplicative inverse of e (mod φ(n)) yielding
The public key is (n = 3233, e = 17). For a padded plaintext message m, the encryption
function is
The private key is (n = 3233, d = 2753). For an encrypted ciphertext c, the decryption
function is c2753(mod 3233).
513年10月1⽇日星期⼆二
9. Solutions
• Never allow session information to be contained in the URL.
Django bless you.
• Don’t store data in cookies directly.
request.session bless you.
• Prevent attackers from spoofing session IDs whenever
possible.
Django use hash function to protect you session ID.
(As I know, some hash function is not safe, ex. SHA-1)
• Sensitive Data? use Https://
SESSION_COOKIE_SECURE
=
TRUE
913年10月1⽇日星期⼆二
14. SQL Injection Solution
1. Use Django API, please.
2. Exception Person.objects.raw('SELECT * FROM foo')
django.db.connection.ops.quote_name(user)
1413年10月1⽇日星期⼆二
15. Cross Site Script, XSS
XSS enables attackers to inject client-side
script into Web pages viewed by other users.
xss, xsstc(css javascript)
1513年10月1⽇日星期⼆二
16. Cross Site Script, XSS
Q. How it works?
A. 攻擊者利⽤用Client Browser可以動態執⾏行語法的特性,或可從
其他Server讀取程式碼的⽅方式,設計⼀一組簡易的link提供victims。
1. Find a Web Page who contains leak of any
kind of XSS.
2. Design the XSS script, stolen cookies, do
sth., etc
3. Send a link toVictims. (By mail or anything.)
再好的網站設計也不能阻擋清純的使⽤用者
1613年10月1⽇日星期⼆二
19. Email Header Injection
• A field of E-Mail form would provide another
Injection method.
"helloncc:spamvictim@example.com" (where "n” is a newline character)
solution:
django.core.mail.send_mail
1913年10月1⽇日星期⼆二
20. Filename Injection
• A field to let user fill the file name...
• how about ../../../../../etc/passwd.
• Needless to say, you should never write code
that can read from any area of the disk!
2013年10月1⽇日星期⼆二