Questions for security


SPTI/SCSI operations from a Windows 7 application

I need some help regarding a security problem in updating some Windows software for communicating with a non-storage SCSI device.

Pitfalls of accessing a webserver on from js with a public site

I'm thinking about exploring the idea of having our client software run as a service on a high port and listen for simple http GET requests from The theory is that I would be able to ac...

Prevent multiple copies of a file on OS X

I have a file somewhere on the hard drive and I would like to make sure it is only accessed by a particular program and not

Reading the local password policy programmatically

Are there Windows API functions that allows reading what the current password policy is? For instance, minimum length, complexity etc.

What is the point of encrypting passwords in a database?

Could someone please confirm the following for me:

Can I use jwcrypto to validate a Google generated OAuth2 id_token?

Building on the work in this question: What is the proper way to validate google granted OAuth tokens in a node.js server?

startActivity and intercept intent extras

I'm considering to do the following for log in a user:
9078 Disallow Direct Access to Admin Directory

We have a directory named Admin in the root folder of an (4.0) web application.

Process.Start() not spawning new process under the same user

I was always under the impression that when you're running a process as (domain\user) mydomain\myuser, when using Process.Start() it would start this new process using the same credentials -

How do I update my security in my login script from MD5 to something more secure?

I have a PHP login script with salt on the database, but in my register script I see:
147 - Prevent file (PDF, Word) download from a particular folder

I am creating a recruitment site and have a folder called /CV/ where I am storing resume files uploaded by the member.

What steps are there to prevent someone inside a company to alter user data (e.g. Facebook, Google, etc.)?

I've always wonder what security mechanisms are there to prevent an employee (dba, developer, manager, etc.) from modifying users' data. Let say a user has a Facebook account. Knowing who database ...

PHP input sanitizer function?

What's a method to sanitize PHP POST data for passing to a mail function? (I prefer a method that's not part of the mysql_function() family of functions.)

What are best practices/methods in preventing ajax requests and or form submisions from pages that my server did not serve?

Knowing that anyone can see my AJAX URL string and or forms how can I prevent calls or submissions from pages that my server did not serve?

Sending e-mail out of client application without storing password

My Aim: Sending an email (e.g. support request, error report) out of a C# Windows forms application. I know how do do this technically but here is the catch:

Need a way to identify a user if the user got incontact regarding they're account being hacked?

I am developing a PHP application which has user accounts, I have followed best practices for security (so have done my part) - but this will obviouslly not stop accounts from being hacked.

Recusing myself from my own secure system

This is more of a software engineering question than a programming one. I tried to make the title as relevant as possible, if someone feels they can word it more appropriately please let me know.

Copy permissions from one Windows Folder to another

I need to create a small C# Windows app which copies security permissions from one folder to another. That includes copying group permissions too. What would be the best way to approach such a chal...

Security considerations when hosting signed jars

What are the security implications for hosting signed jars on the internet?

How can I avoid SQL injection attacks in my ASP.NET application?

I need to avoid being vulnerable to SQL injection in my ASP.NET application. How might I accomplish this?

Can using self-signed certificates with WCF be secure?

Imagine for a moment that we're using classic asymmetric encription with WCF (private/public key pairs). Obviously it's secure until private keys aren't stolen. We don't need any trust chains between

What are security problems with piggybacking authentication off another site (basic auth)?

I have a WSS installation that's behind basic authentication/SSL (it's hosted at a public web host). I'm creating a sister site in ASP.NET, and am considering just running the credentials through and

How can Paypal store credit card numbers and ccv?

How can paypal store credit card numbers and CCV without worrying that the database can be compromised ?

Securing password authentication without SSL

I know it's a bad idea but I need to do this. I'm about 8 weeks away from getting a new server where I can have a working SSL'd application. So for the next 8 weeks I need to make it hard for someo...

(How) does Django prevent data injection by manipulating forms?

I'm using Django's built-in User model in one of my projects. Users should be editable, of course. Since it's the most convenient solution I started providing the form for User edits by using Djang...

How to validate domain credentials?

I want to validate a set of credentials against the domain controller. e.g.:

Are reset password links a bad idea?

We have a password reset web application. The application sends out an confirmation code to an alternative e-mail. My manager believes it is not a good idea to include a link to the page were you h...

Do you require deep packet inspection on a server-only firewall?

I have a server behind a firewall. It runs a web application (Java servlets under Apache Tomcat) and responds only to port 443 (HTTPS). There is no scripting code in the pages served - the forms us...

Faking GetCallingAssembly() to point to a different assembly

I'm a developer of a game in c#, and I have a security feature in which my server dynamically creates a DLL with some secret keys in it and uploads this DLL to amazon s3, and then pushes out challe...

Database files and ASP.NET Login controls

I was trying the ASP.NET login control tutorial and everything works well. However, I do not know how to have the Log-in control use my own database (SQL Server 2005) instead of using it's mdf file...

What replaces .htaccess on IIS/ASP.NET sites?

On Apache/PHP sites if I want to put a senstive file within my website folders, I put a .htaccess file in that folder so users can't download the sensitive file.

Checking an assembly for a strong name

Is it possible to check if a dynamically loaded assembly has been signed with a specific strong name?

Catch hacker in action

I have caught a hacker after looking through my site's FTP logs - it looks as if they have gleaned a list of passwords for several of my sites and are now connecting on a daily basis to upload spam...

Control menu display and page level security using Active directory for an ASP.NET website

I would like to control the menu display (show/hide menu items) in my ASP.NET 3.5 website based on the user's AD group and also control the functionality within a page using user's active directory...

Compile SQLite with SQLCipher on Windows

I am following this tutorial for compiling SQLite with SQLCipher on Windows. I am confused about pre-requisites for compilation. I found that I need to install following to compile it:

ASP.NET application exhibits strange behaviour through firewall

This problem has been solved thanks to your suggestions. See the bottom for details. Thanks very much for your help!

MVC Editing Entities - Security implications

Probably a bit of a newbie question but Im going to ask it anyway.

Spring Security hasIpAddress issue

I have a method in a controller using the below configuration:

The performance concern of AES (RijndaelManaged) in .NET

I intend to encrypt large data (around 3-5 MB) with RijndaelManaged. Is there any performance issue\suggestion on doing so?

Intermittent 'access denied' 'accessClassInPackage.sun.plugin.javascript' error with applet in IE

I have an applet which requires execute priveledges and which communicates with javascript. It is signed.

Generating a token that I can prove I generated

I need to generate random tokens so that when I see them later I can determine absolutely that they were actually generated by me, i.e. it should be near impossible for anyone else to generate fake

Is the JSON CSRF/Theft attack still possible?

I read this article:

SSL Login Structure

I have a members only celebrity photo and video gallery, for media professionals only. It's setup on a dedicated server and I have recently installed a wildcard SSL certificate.

How to forbid a .NET DLL class library to be referenced

How can I forbid dll class library to be referenced in other solutions?

passing CSRF credentials as url parameters?

How do you handle csrf credentials sent to django as url parameters?

How to prevent anonymous file uploads from HTML Forms

There is a major security breach in one of our company's websites. The website is built on C#, ASP.Net and IIS 7. There are some hackers who are able to upload files from the login form from the

Disabling PUT TRACE DELETE request in Apache Tomcat 6.0

I need to disable PUT, DELETE & TRACE HTTP requests on my Application Server, Apache Tomcat 6.0.

Migrating a certificate keystore to another JVM

I am working on a installer which needs a JRE and creates certificates as well. I am working on the next version of installer which bundles a new JRE. I need to move all the certificates that are

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.