With the token of the legitimate user in hand, the attacker can proceed to act as the user in interaction with the site, thus to impersonate the user.
手边有了合法用户的标记,黑客可以继续扮演用户与站点交互,从而冒充用户。
You login as the client manager and select the name of the user that you would like to impersonate.
您以客户机管理人员的身份登录,并选择您希望模拟的用户的姓名。
There are, of course, things we can do to ameliorate these security concerns to a degree, the fact remains that we are explicitly allowing someone to impersonate a user.
当然,我们可以做一些事情,将这些安全问题减轻至一定程度,事实仍然是我们正在显式地允许某个人来模拟用户。
If an LTPA token is successfully captured, the thief can impersonate the user identified until it expires.
如果ltpa令牌被成功截获,则窃取者可以模拟该用户的身份,直到它到期为止。
If a user's Kerberos password is stolen by an attacker, then the attacker can impersonate that user.
如果一个用户的Kerberos密码被攻击者窃取,攻击者就能够模拟该用户。
Once stolen, an attacker can use the cookie to impersonate the user.
一旦偷取到cookie,攻击者会使用cookie去伪装成真正的用户。
After creating the root object and making changes to the properties of any object accessed through it, your code should not impersonate a different user.
创建一个根对象并改变一些配置属性后,你的代码不能扮演不同的用户。
Describes how to use the EXECUTE AS clause to impersonate another user.
描述如何使用EXECUTE A s子句来模拟另一用户。
The server (and developers/ops) never receives the user private key and cannot impersonate the user.
服务器(和开发人员/操作)从不接收用户私钥,并且不能模拟用户。
The server (and developers/ops) never receives the user private key and cannot impersonate the user.
服务器(和开发人员/操作)从不接收用户私钥,并且不能模拟用户。
应用推荐