################## Python syntax foundation #######################
Project section
4.python scene for what? When faced with compute-intensive tasks how to do?
2. Rapid prototyping 3. Website 4. Python script for a scene 1. scientific computing. In fact in all directions it has a lot applications, a relatively forefront of several fire it. Compute-intensive tasks module to do with the C / C ++. Multi-process, multi-thread can slightly increase some.
5.python high concurrency solution? I hope to hear twisted-> tornado-> gevent, can wander golang, erlang better
Safety
web security-related
1.sql injection is how to produce, how to prevent?
The so-called SQL injection, is inserted into a Web form submitted by the SQL command or query string input domain name or page request,
And ultimately achieve the purpose of deceiving the server to execute malicious SQL commands.
How to prevent:
1. Never trust user input. To verify the user's input, by a regular expression, or to limit the length; single quotes and
Double "-" in conversion.
2. Never use dynamic assembly sql, you can use parameterized sql directly or using stored procedures for data query access.
3. Never use the database administrator privileges, connecting with limited permissions on the database for each individual application.
4. Do not put confidential information stored directly, encryption or hash out passwords and sensitive information.
5. Application exception information should be given as few prompts, it is best to use self-defined error messages on the original packaging error
detection method 6.sql injection in general, supporting software or web platform to detect, commonly used software sql injection detection tools jsky, web platform, there billion thinking of site security detection platform tool. MDCSOFT SCAN and so on. Using MDCSOFT-IPS effective defense SQL injection, XSS attacks.
2.xss how to prevent? After the html escape can avoid xss?
Cryptography
1. What is the block cipher? What encryption mode? cbc and ecb mode What is the difference? Why iv vector?
2. Simple talk about the process of https?
http runs on top of TCP, data is transmitted in clear text. HTTPS runs over SSL / TLS, SSL / TLS runs over the TCP, an encryption protocol, thus HTTPS transport
The encrypted data has been encrypted using symmetric encryption. However, the symmetric encryption key using asymmetric encryption certificate server side.
SSL / TLS is used in asymmetric encryption, symmetric encryption and HASH algorithm.
http://www.cnblogs.com/binyue/p/4500578.html
HTTPS encryption algorithm and HASH generally used as follows:
Asymmetric encryption algorithms: RSA, DSA / DSS
symmetric encryption algorithms: the AES, RC4,3DES
HASH algorithm: MD5, SHA1, SHA256
3. symmetric encryption and asymmetric encryption difference?
Symmetric encryption means and the encryption key decryption using the same key, with each other or can be calculated.
Symmetric encryption algorithm has the advantage that simple, encryption and decryption efficiency, small system overhead, large amount of data for encryption.
The disadvantage is that use the same key to decrypt the encrypted, secure key exchange and how to consider the case of remote communication, if the key is lost,
The so-called encryption and decryption becomes ineffective.
Asymmetric encryption and decryption keys are not using the same key, one open to the outside world, is called the public key, only the owner knows the other,
Called the private key.
Encrypted with the public with the private key can unlock information must, on the contrary, with the private key encrypted with the public key can unlock information only.
4. How to generate a shared secret key? How to prevent man in the middle attacks?