Use case: the "I forgot my password" button. We can't find the user's original password because it's stored in hashed form, so the only thing to do is generate a new random password and e-mail it to him. This requires cryptographically unpredictable random numbers, for which mt_rand is not good enough, and in general we can't assume a ho...
I need to store payment gateway processor username/password credentials on a production web server, but would prefer not to do so in clear-text. What is the best way to store these credentials? Are their best practices for encrypting and decrypting this information? ...
I would like to know about managing user's login and logout on IPhone native apps. For example, every time my app is running, the user must be logged in. The information the app serves and the list of users it's on a website running php+mysql. What's the "standard" procedure for this? Is there any library for handling user's login on a r...
Hi, I am creating an application which uses the Java Plugin Framework to load plug-ins and intergrate them into the program. My question is: Is there anyway restrict certain operations (such as starting a new process) in the plug-ins? What I have in mind is something like Java WebStart, i.e when the application wants to access the File...
What is the ASP.NET Membership framework's reputation as far as security goes? Are there any typical default configuration settings that are problematic? What best practices are there? Are there any built-in methods to combat things like session hijacking? ...
I'm trying to get the attributes of a keychain item. This code should look up all the available attributes, then print off their tags and contents. According to the docs I should be seeing tags like 'cdat', but instead they just look like an index (i.e., the first tag is 0, next is 1). This makes it pretty useless since I can't tell whi...
I'd like to know what application connected to DB and executing SPs. (I want to limit SP execution to only my App - all other - eg MS SSMS would be ignored) So is there a way to find out connected client name? If not maybe you have other suggestion how to ensure only dedicated app is used (App is using Windows' integrated security) ED...
Hello, I am trying to set transport level security on a webHttp binding WCF service my current config looks like this <system.serviceModel> <client> <endpoint binding="webHttpBinding" bindingConfiguration="webHttp" contract="PrimeStreamInfoServices.IService1" name="Client" /> </client> <bindings> <webHttpBinding> <binding name...
I'm trying to come up with a good way to do authentication and authorization. Here is what I have. Comments are welcome and what I am hoping for. I have php on a mac server. I have Microsoft AD for user accounts. I am using LDAP to query the AD when the user logs in to the Intranet. My design question concerns what to do with that A...
Hi, I am new to php, I can do a simple login page, e.g create form, submit form, process and authenticate in a php page and so on. I read somewhere on the internet, and saw some big companies like banks, google and yahoo, their login form is in "https" not "http". So I try google what is "https" thing. Well, I could not say I fully unde...
I have implemented a custom membership provider using LINQ to SQL. When I added the Membership provider to my asp.net mvc website in the web config the logon page stopped working. My Web.config setup: <membership> <providers> <clear/> <add name="MyMembershipProvider" type="MyMembership.MyMembershipProvider" ...
Hi guys, I have a ccnet.config file which uses my login details to a tfs server. Here is a example: <sourcecontrol type="vsts" autoGetSource="true" applyLabel="false"> <server>http://TFSSERVER</server> <username>USERNAME</username> <password>PASSWORD</password> <domain>DOMAIN</domain> <project...
Hello everyone, I learned the Javascript concept of same source of origin, which means Javascript code could only access the host where it is downloaded from. My confusion is, I have developed Javascript code, store the code locally into a .js file and call Javascript code from another local html file. When I use IE to open the local h...
HI there: I m a software developer and as (probably) most of you, have an app that has data that i want to back up to a different location. I created this little application that will back up my data every so often and then keep a copy to ourselves and do another copy and upload it to S3. The "customer" (ie the actual owner of this d...
Ever visit a website such as myspace where they leverage CAPTCHA to prevent spam? The typical pattern is to present a challenge to each URL that is opened, yet the challenge doesn't actually belong to the page itself which causes additional bandwidth usage. So, if I open up six pages at the same time and want to present a challenge on e...
Reformatted into a question.... Is drag and drop a good catcha method? I.e. would it be a good way of allowing only humans to submit a form? Original text: You can start voting down but i am a newbie and here is my captcha version! The captcha will be based on drag and drop... a human being could implement drag a...
I have created an authentication module in ASP.Net but I do not want the logic in the authentication module to be executed if the resource is configured for anonymous access since the logic is expensive. There are pages that require authentication in the same directory with pages that do not require authentication. I have no control ove...
There have been a couple of questions about limiting login attempts, but none have really discussed the advantages or disadvantages or different ways of storing the record of login attempts (most have focused on the issue of throttling vs captchas, for instance, which is not what I'm interested in). Instead, I'm trying to figure out the ...
Hello, I am using C# 2008 SP1 I developed a program that will be run on several user computers, ranging from a few hundred to a few thousand. What is the best way to download the files to update the user program HTTP or FTP? Also, are the security issues related to each protocol? Many thanks ...
I am building in C#/.NET2.0 a page that updates different columns dynamically in SQL call for example: myajaxpage.aspx?id=1111&fieldname=title What is the correct way to build SQL query for reading column name from querystring? Is this good approach in a first place? I tried: cmd.CommandText = "UPDATE MyTable SET +"Request.QueryStri...