封裝是要劃定清楚的界限。在網頁瀏覽器中,這可能意味著確保您的行動程式碼不會被其他行動程式碼濫用。在伺服器上,這可能意味著區分經過驗證的資料與未經驗證的資料、區分一個使用者的資料與另一個使用者的資料,或區分允許使用者查看的資料與不允許查看的資料。
"Resources": {
"RDSDBExample": {
"Type": "AWS::RDS::DBInstance",
"Properties": {
"StorageEncrypted": false,
"DBName": "Test DB",
"DBInstanceClass": "db.m4.large"
}
}
}
"Resources": {
"RedshiftClusterTest": {
"Type": "AWS::Redshift::Cluster",
"Properties": {
"DBName": "mydb",
"MasterUsername": "master",
"MasterUserPassword": "masterPass",
"NodeType": "ds2.xlarge",
"ClusterType": "single-node",
}
}
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "My SNS topic",
"Resources": {
"MySNSTopic": {
"Type": "AWS::SNS::Topic",
"Properties": {
"Subscription": [
{
"Endpoint": "MySNSEndpoint",
"Protocol": "sqs"
}
],
"TopicName": "MyTopic"
}
}
}
}
AWSTemplateFormatVersion: 2010-09-09
Description: My SNS Topic
Resources:
MySNSTopic:
Type: AWS::SNS::Topic
Properties:
Subscription:
- Endpoint: "MySNSEndpoint"
Protocol: "sqs"
TopicName: "SampleTopic"
kSecAccessControlUserPresence
:限制使用 Touch ID 或密碼進行存取。不一定非要提供或註冊 Touch ID。即使新增或移除指紋,仍可透過 Touch ID 存取項目。kSecAccessControlTouchIDAny
:限制使用 Touch ID 中任何註冊的指紋進行存取。新增或移除指紋不會使項目失效。kSecAccessControlTouchIDCurrentSet
:限制使用 Touch ID 中目前註冊的指紋進行存取。新增或移除指紋會使項目失效。kSecAccessControlTouchIDCurrentSet
屬性,以免指紋在未來被新增或移除。kSecAccessControlTouchIDAny
限制,該限制允許任何未來註冊的指紋來解除鎖定金鑰鏈項目:
...
SecAccessControlRef sacRef = SecAccessControlCreateWithFlags(kCFAllocatorDefault,
kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly,
kSecAccessControlTouchIDCurrentSet,
nil);
NSMutableDictionary *dict = [NSMutableDictionary dictionary];
[dict setObject:(__bridge id)kSecClassGenericPassword forKey:(__bridge id) kSecClass];
[dict setObject:account forKey:(__bridge id)kSecAttrAccount];
[dict setObject:service forKey:(__bridge id) kSecAttrService];
[dict setObject:token forKey:(__bridge id)kSecValueData];
...
[dict setObject:sacRef forKey:(__bridge id)kSecAttrAccessControl];
[dict setObject:@"Please authenticate using the Touch ID sensor." forKey:(__bridge id)kSecUseOperationPrompt];
dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{
OSStatus status = SecItemAdd((__bridge CFDictionaryRef)dict, nil);
});
...
kSecAccessControlUserPresence
:限制使用 Touch ID 或密碼進行存取。不一定非要提供或註冊 Touch ID。即使新增或移除指紋,仍可透過 Touch ID 存取項目。kSecAccessControlTouchIDAny
:限制使用 Touch ID 中任何註冊的指紋進行存取。新增或移除指紋不會使項目失效。kSecAccessControlTouchIDCurrentSet
:限制使用 Touch ID 中目前註冊的指紋進行存取。新增或移除指紋會使項目失效。kSecAccessControlTouchIDCurrentSet
屬性,以免指紋在未來被新增或移除。kSecAccessControlTouchIDAny
限制,該限制允許任何未來註冊的指紋來解除鎖定金鑰鏈項目:
...
let flags = SecAccessControlCreateWithFlags(kCFAllocatorDefault,
kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly,
.TouchIDAny,
nil)
var query = [String : AnyObject]()
query[kSecClass as String] = kSecClassGenericPassword
query[kSecAttrService as String] = service as AnyObject?
query[kSecAttrAccount as String] = account as AnyObject?
query[kSecValueData as String] = secret as AnyObject?
...
query[kSecAttrAccessControl as String] = sacRef
query[kSecUseOperationPrompt as String] = "Please authenticate using the Touch ID sensor."
SecItemAdd(query as CFDictionary, nil)
...
<cfdump>
標籤會洩漏部署的 web 應用中的機密資訊。<cfdump>
標籤。雖然在產品開發過程中允許使用 <cfdump>
,但身為開發人員,對程式碼負責是開發網路應用程式的重要部分,所以應仔細考慮是否能夠使用每個 <cfdump>
標籤。X-Frame-Options
表頭指定框架原則。X-Frame-Options
表頭指定框架原則。