Great job on these guides! I have always been interested in security, I regularly research it, and I keep updated with trends. Even though I can't read Chinese I can easily read the code and know what security features you are showing. I consider your guide to be of both great quality and in a compact format that allows for developers at any skill level to effectively use the content to secure their apps. Even for experienced developers like myself your compact format can be used as a good checklist when reviewing an app.
Do you have plans to translate this content into other languages or would you consider it? I feel this guide would be of great benefit to developers for many other languages. I'm a native english speaker so I'll include a Google Translate text as well. Personally I've worked with several open source projects where Google Translate was used (other options can be used as well) then a native translator was able to provide corrections and updates so the process can be completed without too much time.
2、解决建议
可以使用libsodium库提供的一组函数,来产生不可预测的数据。可以使用该库的随机数生成函数来生成安全随机数,
如示例(网上copy的,没验证过):
#include "sodium.h"
int foo() {
char myString[32];
int myInt;
randombytes_buf(myString, 32);
/* myString will be a string of 32 random bytes /
myInt = randombytes_uniform(10);
/ myInt will be a random number between 0 and 9 */
}
Abs returns an absolute representation of path. If the path is not absolute it will be joined with the current working directory to turn it into an absolute path. The absolute path name for a given file is not guaranteed to be unique. Abs calls Clean on the result.