If I HTML encode any data entered by website users when I redisplay it, will this prevent CSS vulnerabilities? Also, is there a tool/product available that will sanitize my user input for me, so that I don't have to write my own routines. ...
We've been having an problem recently where other sites are running our e-commerce site inside a frameset where our site (with the offenders affiliate id tacked on) is the only content in a single full width frame. So essentially it looks and feels like our site with their URL at the top. We can cut off their affiliate id, which would ...
Im quite new to PHP, i was wondering what methods/preventions other programmers use to stop data being entered twice into a MySQL database when a user refreshes on the same page as a form? Obviouly it happens and i need a good way to stop this. Thanks, Ben ...
What's the best way to prevent javascript injections in a VB.NET Web Application? Is there some way of disabling javascript on the pageload event? Recently, part of the security plan for our vb.net product was to simply disable buttons on the page that weren't available to the specific user. However, I informed the guy who thought of ...
I use to know what it was called but it was years ago. The site basically allowed the developer to add an ID or Class inside tags to let the site know the client is only able to make changes to the code between tags with a certain ID or Class. I hope someone knows. This is killing me. ...
I am creating a webpage where the user can interact and perform basic filesystem operations(create file/dir, delete file/dir, navigate filesystem) on a remote computer. The webpage is basic HTML(UTF-8 encoding) and Javascript. I need to make this webpage XSS proof. Would escaping all non-alphanumeric chars in user input(to protect again...
I need to make sure that only one instance of a SWF is open at any one time on a computer, whether it is in 2 browser windows, or two different browsers. How can I go about doing it? I have so far thought of two potential solutions: 1) Using a Flash sharedobject - but since they never expire, if the user closes the browser window with...
Today I first saw the potential of a partial accidental deletion of a colleague's home directory (2 hours lost in a critical phase of a project). I was enough worried about it to start thinking of the problem ad a possible solution. In his case a file named '~' somehow went into a test folder, which he after deleted with rm -rf... when ...
I am converting an open source Java library to C#, which has a number of methods and classes tagged as deprecated. This project is an opportunity to start with a clean slate, so I plan to remove them entirely. However, being new to working on larger projects, I am nervous that the situation will arise again. Since much of agile developme...
it is possible ? what is the best way to do this ? ...
Has anyone been able to successfully prevent spam on their site without placing a burden on your visitor (e.g. CAPTCHA) and without using a centralized spam reporting system (e.g. Akismet) I've found this & it looks promising, but doesn't contain detailed deployment instructions. I want to present my web forms without burdening my user...
Is there anything out there that I can use to indicate an application that shouldn't be closed if it doesn't have the built in option to warn you that you are closing the application. So you don't accidentally close an application by mistake. TIA ...
I have some trial software that I wish to distribute to clients. I want the trial based software to stop working 30 days after installed. A simple check of the system date in the software is the most straightforward way to achieve this, but couldn't a client easily circumvent this protection by changing his system time/date in Windows? ...
As a spam filter I want to block any comments that contain djgalkgjlkdg or any other excessive amount of consonants in a row. I thought of maybe having an array of consonants and then check the comment with it, but seems too long and cumbersome. Do you know of any way I can do this without guzzling memory? ...
I've got an ASP.NET application that serves MP3 content, but that content is generated during the request and can delay the sending of the response's first byte by several minutes. The client is a podcatcher (I don't know which), and the lowest timeout I've seen is 20 seconds. That is, these clients are (reasonably enough) giving up re...
I just want to let Google, Bing, Yahoo crawl my website to build indexes. But I do not want my opposite website use crawling service to steal my website content. What should I do? ...
I have an website where people can place a vote like this: http://mysite.com/vote/25 This will place a vote on item 25. I want to only make this available for registered users, and only if they want to do this. Now I know when someone is busy on the website, and someone gives them a link like this: http://mysite.com/vote/30 then th...
My web page has a countdown snippet which reads its remaining time from a hidden field. It count downs from 300 to 0 with a step of 1 second, and updates the hidden field consequently. When I reload the page, browser serves the old value of the hidden field rather that fetching it from the server. The snippet is: <span id="counter">...
Hi there, I am creating a website for someone for free (as a favor) however I in return will have my link at the bottom, How can I make it so the website will not work correctly if the link is removed? Also can I double up on this and allow it so I can remotely change the link? Obviously I would be using either javascript for php (pref...
Hi. I'm programing in ActionScript 3, and loading a swf file. I want to know how to prevent an already loaded swf file from loading again after clicking on a button. (ie. I click on the About button, which loads the swf file called "about". I click on the About button again, and the About swf file doesn't load, because its already loaded...