This answer is based on this answer. Cha uses arrays in storing login -info in contrast to my code. It likely improves the efficiency in searching the login -data and keeps your data organized. However, I am not sure whether this is the best data structure in storing all pieces of the login info. My solution always fetches passhash fro...
Hi all, I am writing a client application that needs to send a file via BITS to my server. I have everything working for the most part, but I can't get the BITS connection to operate securely with HTTPS. Right now I'm just using basic authentication through HTTP, so the login is being sent cleartext--which is not optimal :-) I would ...
I'm working on developing a page that pulls data down only via ajax: http://itprojectguide.org/projectmatrix/itprojectguideprojectmatrix.html the page currently pulls a status json data file. To authenticate I'll be adding a preliminary signin (user name/password) and I'm thinking about doing the following to ensure a valid logged in u...
What is the best and most secure way to license software? Is there an existing program for doing so? I want to sell a script of mine, but I want to make sure that users cannot redistribute or sell it themselves (of course, if they deactivate the registration on their own computer and choose to resell, that is their choice). The software...
I wrote a Windows Service using VS 2005 and C# on WinXP Pro SP3. It starts another program which runs to completion and then exits. The service is installed using installutil and serviceInstaller. It is built release and put into the C:\Program Files\MyService directory. The serviceProcessInstaller Account is set to LocalSystem in it's...
Is it possible to know the location of const variables within an exe? We were thinking of watermarking our program so that each user that downloads the program from our server will have some unique key embedded in the code. Is there another way to do this? ...
I'm writing a database driven windows application and both the executable and database need to be installed on the customers machine. Is there a database that I can use as a backend to my application that the user can't get into even though the user is using the same machine that the database is stored on. As far as I can tell, Postgre...
I'm writing a web application that is supposed to run on Tomcat on Ubuntu. On Ubuntu, Tomcat is per default configured to run with the Java SecurityManager. Besides my own web application, there will only be some well known third party web applications related to my own, like the BIRT report engine. If one of the web applications fails ...
Here's the situation: we have a common library which can retrieve database connection details from a central configuration store that we have setup. Each application uses this library when working with a database. Basically, it will call a stored procedure and say "I am {xyz} application, I need to connect o " and it will return the co...
I'm currently trying to create a policy file for the Nexus repository manager running on Tomcat. Nexus tries to read the file WEB-INF/plexus.properties (for which I already granted permission), and seems to try to read all properties from there, which fails because it is missing the following permission: java.security.PropertyPermissio...
Controls such as RadControls, FtpWebRequest requires Full Trust Level. I had to change hosting from Godaddy to SoftSys cause I couldn't run my application properly according to the client's specification. What measures, do i need to take to secure my application on Full Trust level? ...
My goal is to find out how to programmatically adjust permissions on files & directories in Windows using .NET. I have identified the following options: Windows API (yuck!) Active Directory Service Interfaces (COM... ugh...) Windows PowerShell (?) Google for an easy-to-use facade. None of these seem very palatable to me. Which route...
I'm using the Logging Application Block in my ASP.NET application and want to convert the application to a Sharepoint WebPart. It all works fine as long as I change: <trust level="WSS_Minimal" originUrl="" /> to <trust level="Full" originUrl="" /> If not I get an exception in the logs: Failed to add webpart *************255Fcatal...
Once auditing is turned on, you can view the built-in reports here: /_layouts/Reporting.aspx?Category=Auditing It looks like running the custom reporting allows you to view the following things: Opening or downloading documents, viewing items in lists, or viewing item properties Editing items Checking out or checking in items Mo...
Looking around the horizon of the web server side, I see that scripted languages like PHP are quite popular, probably due to the speed of development and ease of programming. However scripted languages are human readable so isn't code security would be an issue here. I would like to know that if I am keen of security of my code on th...
Have you read a book on web application security that could serve as a solid introduction to the subject for beginning web programmers? So far I've found the following canditates, but none of them seem to be suitable for beginners (I haven't read any of these, this is just my impression from what is available on the web): Stuttard, ...
I'm working on an application that I will soon be publicly distributing. I would like to do anything in my power to make sure those who download my program do not reverse engineer it. I understand that distributing a .jar file is highly insecure. Can anyone recommend a platform independent way to distribute my Java application? Also, I ...
I want to know is there any way to prevent elements of HTML form from changing on client side before submit (the elements they have value, like hidden elements)? Lets say I have hidden elements. I want to make sure their values haven't been changed by user in purpose. Or what is HTML FORM Security Best Practice? ...
Assume an ASP.NET MVc application has a protected members area. Some URLs generated contain sensitive data, for example Accounts/123, 123 being the sensitive data such as an account number. If the users machine later got compromised the attacker could not get to Accounts/123 as this would be protected, but they we have obtained the users...
I am currently re factoring one of my web applications and I was hoping for some advice on improving my security. I'll note that the application is in ASP.net and the current implementation prevents me from using integrated authentication. This is also in no way an application that requires high security, I just like having my bases cov...