I've googled and googled for an answer to this and have found loads of answers - all saying pretty much the same thing. Remove any absolute references to images, scripts etc. I did that, but it's made no difference. I searched the code for the string "http://" and made them relative (I've then changed some of the outbound links back t...
What is the actual difference between session.gc_maxlifetime and session_cache_expire() ? Suppose I want the users session to be invalid after 15 minutes of non-activity (and not 15 after it was first opened). Which one of these will help me there? I also know I can do session_set_cookie_params() which can set the user's cookie to exp...
My impression is that standard Delphi uses the Win32 API. Recently Microsoft has been communicating a problem regarding ATL that requires application developers to rebuild ATL-using applications after installing an update on their machines. Will this practice be the general case also for Delphi developers, or are they in the clear wit...
I have an ASP.Net application which renders sensitive information. The application needs users to log on before viewing the main page of the application. The authentication is done via a web service. This is simple enough however the hardware design is multi-tiered. 1) Web Server for logon 2) Application server for main application ...
I'm using HttpHandlers to generate PDF report files "on-the-fly" using the authenticated user context. However, to create the report PDF file I need to call a method on a secure WCF service with the context of the caller (the authenticated user). I saw plenty of answers for the Windows authentication but I'm using plain old Forms authen...
If so, is there any limitation to this ability? Specifically, I need to target Mac OSX. ...
Ahoy Stack Overflow! This be mai first post... I'm attempting to identify users with a salted unique public key. Algorithm - Should I use uniqid(), sha256, sha512, something else? All hashes will be salted. NIST recommended SHA256, but I like recommendations from geeks/scientists like me. Generation - Does hash(SALT + AUTO_INCREME...
I am new to SSRS 2008 and I have ran into an interesting issue and it has me scratching my head. It seems to be applying the roles but it lets a user that is in none of the Reporting roles change site settings. I have searched configuration files and cannot find out where this can be changed. I know there are System Roles and Report Role...
I have written a quick console app to quickly go and generate usernames and logins for my web application for existing accounts that did not have properly hashed passwords. In my web application I am using FormsAuthentication like so: string hashedPwd = FormsAuthentication.HashPasswordForStoringInConfigFile(saltAndPassword, "SHA1"); I...
I am creating a forum software using php and mysql backend, and want to know what is the most secure way to escape user input for forum posts. I know about htmlentities() and strip_tags() and htmlspecialchars() and mysql_real_escape_string(), and even javascript's escape() but I don't know which to use and where. What would be the safe...
I'm in the process of designing a new database for an application. I'd like to be mindful of the security from the start (which should be the norm!). Anyone got a link to a resource describing the best way to use schemas to implement good security? By using schemas, I mean not just dumping everything under the default dbo schema. Surel...
Trying to load remote images into a flash sideshow local files work even if I use absolute path. I am updating existing gallery to dynamically pull images from Picasa. The php works fine and pulls the images from the API. http://domaineseattle.com/gallery/FlashPhotoStack_SRC/gallery.php But when I pass the XML to flash it wont load re...
Will this idea work? It seems pretty stupid, because my app is simply checking that the browser sent two copies of the same information (ie the session key). Also, remembering to make this check sounds very tedious. Do web frameworks such as Rails and CakePHP have things that make it easier to write XSRF-proof web apps? ...
Is there is a best practices way to store credentials in a .NET Windows application, be it be a built in API or just a recommend encryption algorithm? Along the same lines as Tortoise SVN, Spotify and Skype. Edit: My intention is to use a web service that returns a token from it's authentication service. The other services then accept ...
What is the best way of saving user credentials in a Silverlight application? We're making use of the new Silverlight 3 feature that allows WCF calls to be authenticated: we prompt the user for their credentials to the service within Silverlight, and we want to offer a "remember my password" feature. In .Net we can use the ProtectedDa...
Some dimension tables in my warehouse: DML Site Id bigint Name nvarchar(256) Primary key (Id) DATA SiteId Name 2 Site 2 3 Site A DML UserSite Username nvarchar(256) SiteId bigint Primary key (Username, SiteId) Foreign key (SiteId) referrences Site(Id) DATA Username Sit...
We have an ASP.Net application hosted on our network and exposed to a specific client. This client wants to be able to import data from their own server into our application. The data is retrieved with an HTTP request and is CSV formatted. The problem is that they do not want to expose their server to our network and are requesting the i...
I'm working on a registration form in PHP and I'm wonder what the essential functions are to make sure my database is safe. I'm sure there are a lot of ways to both protect your database or attack one, but I'm asking the advice of stackoverflow: what functions or things must you apply to your data before inserting it into the database. ...
For example, using CodeIgniter, and not really dealt with .php files. Are any of the .php files in the directory structure readable? If not why not? Why can't I browse to config.php in my CI directory? Is it just unix file permissions? Thank you. ...
I'm familiar with the typical usages of tools like FindBugs and PMD as they relate to finding sub-optimal code. What I'm not familiar with are the static analysis tools designed specifically for finding security flaws in code. e.g. sql-injection, spoofing, and other security flaws. What kinds of experiences and recommendations do pe...