Questions for security


6996

SPTI/SCSI operations from a Windows 7 application

I need some help regarding a security problem in updating some Windows software for communicating with a non-storage SCSI device.
8722

Pitfalls of accessing a webserver on 127.0.0.1 from js with a public site

I'm thinking about exploring the idea of having our client software run as a service on a high port and listen for simple http GET requests from 127.0.0.1. The theory is that I would be able to ac...
6445

Prevent multiple copies of a file on OS X

I have a file somewhere on the hard drive and I would like to make sure it is only accessed by a particular program and not
4831

Reading the local password policy programmatically

Are there Windows API functions that allows reading what the current password policy is? For instance, minimum length, complexity etc.
6797

What is the point of encrypting passwords in a database?

Could someone please confirm the following for me:
6318

Can I use jwcrypto to validate a Google generated OAuth2 id_token?

Building on the work in this question: What is the proper way to validate google granted OAuth tokens in a node.js server?
9849

startActivity and intercept intent extras

I'm considering to do the following for log in a user:
9078

ASP.net Disallow Direct Access to Admin Directory

We have a directory named Admin in the root folder of an ASP.net (4.0) web application.
1523

Process.Start() not spawning new process under the same user

I was always under the impression that when you're running a process as (domain\user) mydomain\myuser, when using Process.Start() it would start this new process using the same credentials -
3258

How do I update my security in my login script from MD5 to something more secure?

I have a PHP login script with salt on the database, but in my register script I see:
147

Asp.net - Prevent file (PDF, Word) download from a particular folder

I am creating a recruitment site and have a folder called /CV/ where I am storing resume files uploaded by the member.
4906

What steps are there to prevent someone inside a company to alter user data (e.g. Facebook, Google, etc.)?

I've always wonder what security mechanisms are there to prevent an employee (dba, developer, manager, etc.) from modifying users' data. Let say a user has a Facebook account. Knowing who database ...
4366

PHP input sanitizer function?

What's a method to sanitize PHP POST data for passing to a mail function? (I prefer a method that's not part of the mysql_function() family of functions.)
4518

What are best practices/methods in preventing ajax requests and or form submisions from pages that my server did not serve?

Knowing that anyone can see my AJAX URL string and or forms how can I prevent calls or submissions from pages that my server did not serve?
6910

Sending e-mail out of client application without storing password

My Aim: Sending an email (e.g. support request, error report) out of a C# Windows forms application. I know how do do this technically but here is the catch:
6970

Need a way to identify a user if the user got incontact regarding they're account being hacked?

I am developing a PHP application which has user accounts, I have followed best practices for security (so have done my part) - but this will obviouslly not stop accounts from being hacked.
4518

Recusing myself from my own secure system

This is more of a software engineering question than a programming one. I tried to make the title as relevant as possible, if someone feels they can word it more appropriately please let me know.
4716

Copy permissions from one Windows Folder to another

I need to create a small C# Windows app which copies security permissions from one folder to another. That includes copying group permissions too. What would be the best way to approach such a chal...
7989

Security considerations when hosting signed jars

What are the security implications for hosting signed jars on the internet?
3483

How can I avoid SQL injection attacks in my ASP.NET application?

I need to avoid being vulnerable to SQL injection in my ASP.NET application. How might I accomplish this?
2702

Can using self-signed certificates with WCF be secure?

Imagine for a moment that we're using classic asymmetric encription with WCF (private/public key pairs). Obviously it's secure until private keys aren't stolen. We don't need any trust chains between
3956

What are security problems with piggybacking authentication off another site (basic auth)?

I have a WSS installation that's behind basic authentication/SSL (it's hosted at a public web host). I'm creating a sister site in ASP.NET, and am considering just running the credentials through and
8434

How can Paypal store credit card numbers and ccv?

How can paypal store credit card numbers and CCV without worrying that the database can be compromised ?
6827

Securing password authentication without SSL

I know it's a bad idea but I need to do this. I'm about 8 weeks away from getting a new server where I can have a working SSL'd application. So for the next 8 weeks I need to make it hard for someo...
4245

(How) does Django prevent data injection by manipulating forms?

I'm using Django's built-in User model in one of my projects. Users should be editable, of course. Since it's the most convenient solution I started providing the form for User edits by using Djang...
7278

How to validate domain credentials?

I want to validate a set of credentials against the domain controller. e.g.:
5142

Are reset password links a bad idea?

We have a password reset web application. The application sends out an confirmation code to an alternative e-mail. My manager believes it is not a good idea to include a link to the page were you h...
2324

Do you require deep packet inspection on a server-only firewall?

I have a server behind a firewall. It runs a web application (Java servlets under Apache Tomcat) and responds only to port 443 (HTTPS). There is no scripting code in the pages served - the forms us...
2540

Faking GetCallingAssembly() to point to a different assembly

I'm a developer of a game in c#, and I have a security feature in which my server dynamically creates a DLL with some secret keys in it and uploads this DLL to amazon s3, and then pushes out challe...
5896

Database files and ASP.NET Login controls

I was trying the ASP.NET login control tutorial and everything works well. However, I do not know how to have the Log-in control use my own database (SQL Server 2005) instead of using it's mdf file...
4237

What replaces .htaccess on IIS/ASP.NET sites?

On Apache/PHP sites if I want to put a senstive file within my website folders, I put a .htaccess file in that folder so users can't download the sensitive file.
5140

Checking an assembly for a strong name

Is it possible to check if a dynamically loaded assembly has been signed with a specific strong name?
154

Catch hacker in action

I have caught a hacker after looking through my site's FTP logs - it looks as if they have gleaned a list of passwords for several of my sites and are now connecting on a daily basis to upload spam...
4098

Control menu display and page level security using Active directory for an ASP.NET website

I would like to control the menu display (show/hide menu items) in my ASP.NET 3.5 website based on the user's AD group and also control the functionality within a page using user's active directory...
9032

Compile SQLite with SQLCipher on Windows

I am following this tutorial for compiling SQLite with SQLCipher on Windows. I am confused about pre-requisites for compilation. I found that I need to install following to compile it:
217

ASP.NET application exhibits strange behaviour through firewall

This problem has been solved thanks to your suggestions. See the bottom for details. Thanks very much for your help!
3585

MVC Editing Entities - Security implications

Probably a bit of a newbie question but Im going to ask it anyway.
4282

Spring Security hasIpAddress issue

I have a method in a controller using the below configuration:
7634

The performance concern of AES (RijndaelManaged) in .NET

I intend to encrypt large data (around 3-5 MB) with RijndaelManaged. Is there any performance issue\suggestion on doing so?
7904

Intermittent 'access denied' 'accessClassInPackage.sun.plugin.javascript' error with applet in IE

I have an applet which requires execute priveledges and which communicates with javascript. It is signed.
6763

Generating a token that I can prove I generated

I need to generate random tokens so that when I see them later I can determine absolutely that they were actually generated by me, i.e. it should be near impossible for anyone else to generate fake
8299

Is the JSON CSRF/Theft attack still possible?

I read this article: http://jeremiahgrossman.blogspot.com/2007/01/gmail-xsrf-json-call-back-hackery.html
641

SSL Login Structure

I have a members only celebrity photo and video gallery, for media professionals only. It's setup on a dedicated server and I have recently installed a wildcard SSL certificate.
3729

How to forbid a .NET DLL class library to be referenced

How can I forbid dll class library to be referenced in other solutions?
7352

passing CSRF credentials as url parameters?

How do you handle csrf credentials sent to django as url parameters?
7807
4630

How to prevent anonymous file uploads from HTML Forms

There is a major security breach in one of our company's websites. The website is built on C#, ASP.Net and IIS 7. There are some hackers who are able to upload files from the login form from the
1275

Disabling PUT TRACE DELETE request in Apache Tomcat 6.0

I need to disable PUT, DELETE & TRACE HTTP requests on my Application Server, Apache Tomcat 6.0.
8963

Migrating a certificate keystore to another JVM

I am working on a installer which needs a JRE and creates certificates as well. I am working on the next version of installer which bundles a new JRE. I need to move all the certificates that are

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.