I understand that cross site scripting (xss) is not good and is not supported in most browsers. However, I am building a page to be used only by about 3 or 4 people within my company. On this page I have a frame from another domain and I need the parent page to be able to access the values within that frame. So my question is, is ther...
We have a server application that we want to restrict non-users from triggerring it off from other machines or even by double-clicking from any share. However, it should be easy for dev's to run it on their boxes. What are the various ways to enforce this policy? ...
Context: I work at a small software company that has traditionally done research-type work, and does not have much experience in the commercial space. We are now trying to push into the commercial world. Due to our origins in research we are used to a very rapid development cycle and very little structure in terms of maintaining proper v...
Is there any merit in creating a policy that requires developers to specify default values for all null columns? ...
In short, I want to stop our devs from overriding policy failures on check in. If I can't do that then I want to modify the Reason text box to look for something more than just a single character being typed in. ...
I have a flash file developed with Flex/ActionScript and put it on www.domainA.com How can I prevent others to download my flash (*.swf) and to embed it in other web site (e.g. www.domainX.com) ? I can hard code it by checking if "loaderinfo.url" is the same as www.domainA.com, but it seems not a clever solution. can policy file be us...
We have a baseline folder and development branches in TFS. We'd like to add a policy where changes can only be merged into the baseline from a development branch and not edited directly unless you override the policy. How can we do this? ...
I wanted to create add to my jdk6\jre\lib\security\java.policy file an interdiction to create some classes that are blacklisted by appengine. For example I want my local jvm to throw an exception when the application tries to instantiate javax.naming.NamingException. It is possible? I will try to explain my specific problem here. Googl...
Is there a legal way to add/remove permissions to Java security policy at runtime? ...
My flash game needs to connect to my PHP Socket Server. Because of security things, a policy file has to be send to the flash client when it tries to connect. The following is what I've done. In Actionscript / Flex 3 / Flash: Security.loadPolicyFile("http://[SERVER.IP]:9000/crossdomain.xml"); socket.connect(hostName, port); //connect ...
Has anyone been able to successfully implement a service to serve the required socket policy file to FlashPlayer? I am running the Python implementation of the service provided by Adobe at http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html and using the following policy file: <?xml version="1.0" encoding="UTF...
i work at a place where we build applications that process and store sensitive data. we have 3 environments. Dev, UAT / QA (user acceptant testing) and Production the developers at my work have no access to UAT or Production and have limited access to Dev. All we can do in dev is connect to a dev DB server . we have no access to the de...
Our company, being rather small, doesn't have much in the way of policies and procedures for good development. When I first started, I developed some, but we now need to update these in a more formal manner. Since I don't have much experience in writing policies (I've written plenty of instruction sets, so I'm not as worried about the ...
I'm asking this question because I haven't seen it documented anywhere. We are using a combination of Team Foundation Server 2008 and Team Explorer 2005. Is it possible to deploy a custom check-in policy that works in such an environment ? Obviously, the custom check-in policy contains some code that must run on the client-side (in ord...
Is it possible to install Bouncycastle provider programmaticly without modifying security policy file? ...
Having the best forum website among developers, I think I will find a very good consensus of what policies and best practices make good coding. I will put some of them here, so I give the idea, but I will like to hear your opinion and the votes will probably be the judge of the best policies around. Specific Indentation for coding be...
My company is struggling with the question of maintenance releases versus "normal" releases, in the context of an application installed on-site at large organisations who pay for support. First let me define my terms: Imagine we've released versions 1.0, 1.1, and 1.2 of the product. These are what I call "normal" releases, i.e. they ar...
I'm in the process of opening up a company that will eventually hire 2-5 developers to work on a large web app. My main concern is that one or more developers could steal the code. I could make them sign contracts against this type of thing, but I live in a country where the law is "bendable". Is my only option to lock them up in a ro...
How do I go about making a socket policy file server in C#. All it has to do is listen on port 843 for the string "<policy-file-request/>" followed by a NULL byte and then return an XML string (which is the socket policy file). I haven't coded this sort of thing before and am unsure of where to start. Do I create it in a windows service...
My boss wants me to think about what to use for version control. I am a big fan of subversion, bazaar, mercurial, etc. However, we have a policy at our shop to not use open source tools! Does anyone know of any good commercia/proprietary version control tools? We are a .NET shop and I know about Visual SourceSafe. However, I have heard ...