I am working on a project that requires user login/registration. I'd like to avoid setting up private SSL since I am using a shared hosting provider and would like to host multiple domains off of the same plan (but since a private SSL certificate requires a dedicated ip, I can only have 1 certificate per plan...but would still like to s...
I asked this as part of another question but feel like it should have its own: With a shared hosting plan, is there any way to secure multiple domains (assuming the host allows multiple domains under a single plan) with a single SSL certificate? I know that private SSL certificates require a dedicated IP but I am looking for work-aroun...
I'm trying to make it so I can save data from my program when the user is running the applicaiton through run as like through this dialogue box. I'm finding I cant actually write to any folder and read back from it later on. i've tried 'All Users', Application data, My Documents, etc but to no avail. Any ideas how and where I am suppose...
I need to show form as top level system-wide, e.g. over /all/ other windows on screen. I do realize this is usually /bad UI practice/, but I have very specific scenario in mind. We intend to use normal Windows PCs for POS cash registrators. There is an option on the screen to open cash drawer. It would be rather bad for someone just to...
Hi all, I have configured a Spring bean as follows to return a SecurityContext: <bean id="securityContext" class="org.springframework.security.context.SecurityContextHolder" factory-method="getContext"> </bean> When I use this bean the Authentication object returns null. Authentication authentication = securityContext.getAuthen...
In Windows Vista, I am unable to drag/drop files onto my application's window because it is running as a high integrity level process. I need to run it as high, but I also need to be able to accept dropped files from low/medium integrity level processes like Windows Explorer. I believe it is UIPI that is blocking the drag/drop operation....
How can I test whether the request for an API is coming from the correct registered domain. ...
I have built a MVC website on IIS6. I used the built-in ASP.NET Security without Membership, just the way it was implemented in the template solution. It is easy to secure a contoller or action, but now I need to expose the user management to an admin logged into the site. I understand that the builtin ASP controls for doing this are n...
In many applications when you make a mistake in either your user name or password you get a non-specific error indicating that either the user name entered does not exist or the password is incorrect for that user name. I (naively) would expect the application to specify which one of the two errors happened. Is there any reason for not...
I have two ASP.NET pages: site.com/foo/bar.aspx that should be world accessible and site.com/foo/baz.aspx that I want to password protect. I want any un-authenticated users to see a username/password page and then, once they pass that, I want them to see the real thing. I'm looking for the simplest possible solution (this looked good til...
Hi all, I would like to encrypt or obfuscate my WAR file so that reverse engineering will take a little more effort. Is there such a tool or maven plugin that will encrypt a WAR file and its contents? Also, once the WAR is encrypted, how will the Web Application be deployed at that point? If the web server explodes the WAR, can each ...
I'm maintaining an Intranet website for my company that they want to expose to the big, bad outside World. Right now, it has no authentication or authorisation whatsoever. My idea to manage user accounts is by using existing technologies to validate user accounts and build an authorisation model on top of this. Existing techniques would ...
...
I've created a web application that uses Microsoft AzMan, and it works just fine until you have multiple users. I'm almost 100% certain that AzMan is caching the same stuff for multiple users. To simplify it a bit, the problem I'm seeing is user A goes to the site and has full access, the user is granted the correct access and can work...
Hello everyone, I am confused about what does the Unrestricted property of .Net security, as mentioned here, http://msdn.microsoft.com/en-us/library/system.security.permissions.securityattribute.unrestricted.aspx we could give it full or non-full. My confusion is for permission in a straightforward understanding, there should be only t...
I am looking for some guidance on implementing a password recovery service in ASP.NET that emails a link to the user which sends them to a password reset page as I don't want to email existing or regenerated passwords in cleartext. I have seen some suggestions of using the member id as a querystring parameter however I feel this maybe op...
I'm designing an iPhone app that communicates with a server over HTTP. I only want the app, not arbitrary HTTP clients, to be able to POST to certain URL's on the server. So I'll set up the server to only validate POSTs that include a secret token, and set up the app to include that secret token. All requests that include this token wil...
I have a login script that verifies a username/password against data in a 'user' table. Furthermore, I have a 'roles' table that specifies the access level of a given user. Assuming I am using safe login scripts, are there any security holes in simply performing an additional query, upon successful login, against the 'roles' table to d...
My project for this summer is to make a multiplayer online flash game. I could use some advice as I've never implemented a secure login system before, let alone done so in Actionscript. My setup right now is a .swf sending/receiving game data to/from a Java server which communicates with a MySQL database about account info. 1) How ...
Currently my database user and its password are pretty easily to guess, eg. database user: dbadmin database pwd : super + companyname What and how to generate a secure a secure database password? Using md5 or sha1?? What are the things that I need to pay attention to secure my database? I am using php, thanks ...