1、Because the password of the login account of the system background is transmitted in plain text, it can easily enter the background through brute force cracking:
2、The problem lies in the STMP server configuration,which can specify host address and port
3、There is a hidden testConnection () interface in the code to test the connectivity of the mailbox server
4、It is a javaMailSender that depends on springframework:
5、So you can test through this interface, write the address as 127.0.0.1,When the server port is open, the corresponding time is shorter:20millis:
6、The port is not open, the corresponding time is longer:1000+millis:
7、You can obtain the open ports of the server and other hosts on the intranet in batches according to the length of the echo time, and then carry out further attacks
The text was updated successfully, but these errors were encountered:
…alo-dev#806)
#### What type of PR is this?
/kind bug
#### What this PR does / why we need it:
修复编辑旧文章时,没有为文章设置 `content.halo.run/preferred-editor` 的元数据的问题。
#### Which issue(s) this PR fixes:
Ref halo-dev#3080
#### Special notes for your reviewer:
测试方式:
1. 在有旧数据的情况下切换到此 PR。
2. 编辑一篇旧的文章后保存。
3. 打开文章设置,检查元数据中是否包含了 `content.halo.run/preferred-editor`
#### Does this PR introduce a user-facing change?
```release-note
None
```
1、Because the password of the login account of the system background is transmitted in plain text, it can easily enter the background through brute force cracking:





2、The problem lies in the STMP server configuration,which can specify host address and port
3、There is a hidden testConnection () interface in the code to test the connectivity of the mailbox server
4、It is a javaMailSender that depends on springframework:
5、So you can test through this interface, write the address as 127.0.0.1,When the server port is open, the corresponding time is shorter:20millis:
6、The port is not open, the corresponding time is longer:1000+millis:
7、You can obtain the open ports of the server and other hosts on the intranet in batches according to the length of the echo time, and then carry out further attacks
The text was updated successfully, but these errors were encountered: