How can I protect a directory using .htaccess?
How can I protect a folder using .htaccess? I want the folder /files/myfiles to only be accessed by the server, not by a user? How can I do that? ...
security
windows security
Good day Im trying to implement a read/write privilege in a folder but no delete rights in windows server 2003. Does anyone knows how to set this kind of security? Thanks ...
Good source to learn how about virus and other security tools?
Anti-virus, malware, botnets and the like are becoming larger and larger parts of our daily lives. Are there any resources that discuss creating anti-virus tools, security tools and such? Seems like an interesting topic, but I have not been able to find any real source to refer to in order to learn more. Suggestions? (Good and bad?) I ...
What is return oriented programming?
What is return oriented programming? ...
asp.net WebForms & asp.net MVC security options
What are the options for implementing secure login on a website and ensuring that the website itself as a whole is secure? - for both asp.net and mvc...... Kind regards ...
Bouncycastle Install Provider Programmatically
Is it possible to install Bouncycastle provider programmaticly without modifying security policy file? ...
Why doesn't free() zero out the memory prior to releasing it?
When we free() memory in C, why is that memory not filled with zero? Is there a good way to ensure this happens as a matter of course when calling free()? I'd rather not risk leaving sensitive data in memory released back to the operating system... ...
How do I send email over SMTP with SSL using Java client?
I need to send email over smtp with ssl using java client. I'm not sure how to do that. If I have my server certificate installed on my Windows machine, how do I use it? If I want it to work on a non-Windows machine, do I need to get the certificates in a different way? BTW: If the SMTP server that I use is using SSL, can I be sure t...
CreateProcessWithLogonW and AssignProcessToJobObject
I have a Windows service (under WinXP SP2), running under the LocalSystem account, that launches processes using CreateProcessWithLogonW. In order to clean up child processes, I'm trying to use a job object and TerminateJobObject. MSDN states that the job handle must have JOB_OBJECT_ASSIGN_PROCESS access right, which it has since it's c...
Centralized Credentials Service For Various Apps
We are researching the possibility to build a centralized credentials storage for internal applications. These apps (vb6, vb.net, web apps in asp.net, etc) are using various instances of SQL servers and iSeries. We want to implement a central credentials facility that would act as a security broker. Basically it should work like this: C...
Security considerations when deploying an open source application to production
I am using an open source eCommerce application and will soon push the application (including some modifications of my own) to production, i.e. the internet. Given that the code and data structures are freely available online, what are the security considerations/best practices when deploying such a piece of software? ...
Moved to Windows 7 (64) for development. What about UAC settings? [Windows Application]
For years Windows XP (32 bit)was my development desktop (personal projects). I develop many hobby projects and distribute it as open source and have never worried or bothered about checking it in Vista (I have used Vista only for a week). But none of my users have complained much about my apps in Vista. Now I have moved to Windows 7 64 ...
Pre-validating website users via a remote site
Hi, I need to work out a way to setup the validation of the users of a web application before they've actually arrived at the site. That is, someone browses to a url, enters a username and password which is then validated against a db or whatever. They are then automatically redirected to the real web application, on a different domain ...
How to create a secure mysql prepared statement in php?
I am new to using prepared statements in mysql with php. I need some help creating a prepared statement to retrieve columns. I need to get information from different columns. Currently for a test file, I use the completely unsecure SQL statement: $qry = "SELECT * FROM mytable where userid='{$_GET['userid']}' AND category='{$_GET['cate...
Is JDBC secure?
I am new to JDBC, and the new project require me to use JDBC. What I want to know is, is the JDBC secure? How to prevent "Mysql Injection"-like problem? What are the security issues that I need to pay attention when I use JDBC? And how to ensure, I mean optimize the security, in order to prevent from hackers to hack the database? ...
Is there any way for a malicious user to view the controller/model code in my Rails app while it is running?
This is probably a stupid question but I'll go ahead and humble myself. The Ruby code in my controllers and models are interpreted so that a HTML result is sent to the browser. Ok, I get that part. But is there any way for a mailicious user to somehow take a peek at the Ruby code in the controllers and models by bypassing the process ...
SHA256CryptoServiceProvider and related possible to use on WinXP?
Is it possible to use SHA256CryptoServiceProvider and related SHA2 providers on Windows XP? I know the providers use the cryptography services that are included in Vista and above is it possible to install these services in XP from Microsoft? EDIT: I should've provided more information the documentation on the MSDN is wrong in regards t...
Any clever workaround to avoid having to type the h method everywhere?
It seems ridiculous (and a violation of DRY) to have to type the h method all over the place in your view code to make it safe. Has anyone come up with a clever workaround for this? ...
Understanding the ASP.NET application folders
The application folders in ASP.NET are used for storing various elements critical to running a website. I want to get a handle on understanding these folders in more depth, specifically the folder accessibility. According to the article on ASP.NET Web Site Layout: The content of application folders, except for the App_Themes folde...
Sql Server User vs Role
In Sql Server 2005, what is the difference between a database user account that is mapped to an active directory group vs. a database role that is contains the same active directory group as a member? ...