Hello, I have c# program (.exe), I will give it to other people, and want that exe to work only from where it was run the first time, any copy should no not work. How can I do it? VERY THANKS ...
I know the solid security recommendation of avoiding accepting user input that you then use to choose a path to read/write a file. However, assuming you have a base directory you want to keep within (such as the root of an ftp folder), how do you best ensure that a given user input keeps us within that folder? For instance, Path.Combi...
I have a problem with C# accessing AD objects. The goal of the code is to retrieve a users's groups. We have 2 domains involved - the domain where the application and many users reside, plus a trusted domain that also contains users so the code must be able to get groups from both domains. I am using a DirectorySearcher object and filt...
I am building a control in .net 2.0 to allow users to write HTML into a textarea and then upload it. .NET won't allow them to upload it unless I set the page ValidateRequest=false. Of course, this opens up potential security threats. But, my plan is to uplaod the code, scan it for only the basic tags I would allow (like <B>), possibly in...
Synopsis: We are making a software that will be installed on many computer of a single network. The installation will most probably be made using a machine ghost. The users group consist of students and teachers. The software has to store a license key, along with an username and a password. These information are used to retrieve some ...
I am trying to put a business case together for the deployment of Silverlight within a corporate SEO. One aspect I am looking at is security. I know Flash has a terrible history of exploits, but what about Silverlight? Has there even been any Silverlight exploits that allow execution of foreign code? Anyone know where I can get some i...
I have a socket created with socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)), and I've set it into promiscuous mode using struct ifreq ifr; strncpy((char*)ifr.ifr_name, interface, IF_NAMESIZE); if(ioctl(sock, SIOCGIFINDEX, &ifr)<0) fail(2); struct packet_mreq mr; memset(&mr, 0, sizeof(mr)); mr.mr_ifindex = ifr.ifr_ifindex; mr.mr_type = P...
I'm using the Windows DPAPI to encrypt some sensitive data for me. The cipher is stored in the registry. This all works well, but I was wondering if someone could clarify my understanding of the 'entropy' bytes that are (optionally) supplied to ProtectedData.Protect() in .NET. The 'entropy' byte array appears to be analogous to an initi...
Hi, I have couple of .swf games files uploaded to my server. I want to run some test, but I dont want to expose or let public/others people to see our swf files. Currently, if I type: www.domain.com/games/game1.swf It will play the swf file. I tried to visit some other flash game based websites. When I visit one of the swf files (e.g ...
Is it sufficient to secure a Java web application with the rights of the user that is running the application server process or is it reasonable also to use SecurityManager with a suitable policy file? I have used to do the former and not the latter, but some customers would like us to also use SecurityManager that would explicitly give...
Many websites have password strength checking tool, which tells you how strong your password is Lets say I have st4cK0v3rFl0W which is always considered super strong, but when I do st4cK0v3rFl0Wst4cK0v3rFl0W it is suddenly super weak. I've also heard that when password have just small repeating sequence, it is much weaker. But h...
I need to develop an application, which adds telephone numbers to existing or new contacts in Blackberry. The application is preferrably a web application. Is it possible to add and read contact information on Blacberry devices using JavaScript? If yes, a code sample would be appreciated. ...
This is a moot question as I'm not on this project any more, but it continues to bug me. I wonder if anyone has a better idea for future reference and general good programming practices. The textbook approach to security is "role-based security". Every screen, report, or other task is attached to one or more roles; every user is assigne...
I heard some firewalls and browsers disable cookies, and I think I may have heard blocking POST data. What are reasons a company may want to block cookies? (and alternatively post data. Which I am not interested in ATM.) ...
What is the simplest and most efficient way in C# to check if a Windows user account name exists? This is in a domain environment. Input: user name in [domain]/[user] format (e.g. "mycompany\bob") Output: True if the user name exists, false if not. I did find this article but the examples there are related to authenticating and mani...
So after a lot of searching, trying and failing I've finally got the recipe down for creating a COM visible .net dll file, signing it and installing it (via cab and an exe) via IE such that you can use the control inside IE. Problem now is, it won't run at the default IE security level (Vista/Windows7). I got a thawte Authenticode cert...
Can anyone help me getting started with this? We have a current keygen for a set of our apps that's using des-ede2 in C++. I need to make my vb.net app validate keys generated by that keygen. Anyone have any ideas where to start? I'm googling like mad, but hoping someone can point me in the right direction. Thank you! ...
Recently our Web hosting provider moved to a medium trust level for all shared ASP.NET site hosting. As a result, we're having some issues completing transactions via PayPal's SOAP API. Specifically, a SecurityException exception is being thrown with the following stack trace: [SecurityException: Request for the permission of type 'Syst...
Is there a way to configure a mysql table so that writting and reading is possible but not deleting ? Exampe is : a table that contains many log that are legally important and that must never be deleted ! ...
If you are a programmer of an app, with potential (costly) ramifications if the security of the app is compromised, are you responsible if anything goes wrong (e.g data is leaked)? Does it depend on whether you are the manager of the project? ...