My logic of APT (Anti-Paching Technology) is as follows... 1) Store on the MSSQL server the md5 hash of the executable for protection. 2) Perform an md5 comparison (within my application startup) the hash found on the server, with the executable itself. 3) If comparison fails exit application silently. And all these above before it i...
When a low-privilege non-administrator user logs into my web app successfully, I am storing the following data in the $_SESSION array: $_SESSION = array( 'user_id' => 2343, // whatever their user_id number is from the DB 'allow_admin' => false, // don't give them access to admin tools 'allow_edit' => false, // don't le...
My client side application works only when online. Could i check the integrity of a winforms client application on server side? I would like to make my application useless when it will be pached. I mean these guys http://www.webutils.pl/SFV%5FCalculator have something similar. Of course in my case i don't want to upload the file, but...
I'm looking for best way to send digitally signed email from .NET code. What I found so far are commercial mail components. I don't have a problem with buying those, I would just like to be sure I'm spending my money well. Any suggestions? ...
I need to make a file truly read only - to keep it as is. No delete, no nothing. (Setting the 'ReadOnly' attribute isn't an option) I see now some approaches: Use a program to keep the file open. Drawback: One can kill the process an then the file closes. Use a program to set the security attributes. Drawback: The file can be deleted...
Is there special security settings needed for a server side VB script to create a COM object on Vista (64 bit, Enterprise) ? The COM object (a DLL) is registered. THanks, ...
We are building an intranet application that would use integrated windows authentication. The application would require custom actions and roles to secure different parts and functions. My current idea is to extend active directory by storing the roles and actions in a different database linked to an active directory user using the SID....
Hello I worked and completed a PKI project which used a HSM for generating - storing keys and performing crypto functions. I used PKCS#11 to interface with our application for sigining/verifying and encryption/decryption. Our platform is windows. Now we are looking to offer a low cost alternative solution by replacing the the HSM with ...
When developing an application, there might come a time where I would want to establish a secure connection like a vpn with a client. An iphone is the topic here. Once the user has established this, is all IP traffic routed when I suggest it do so? I'm curious about some open port or inspection of vpn traffic. Is there any method availa...
When cookies are created purely client-side in javascript by setting document.cookie(), what effect does the "secure" attribute have on them? In particular: are client-created cookies sent to the server in the "Cookie:" header of subsequent requests? can client-created be modified by subsequent Set-Cookie headers from the server? in t...
I am wondering what technology problems arise from associating a markup language to email? Without examining the language let us assume a hypothetical markup language exists with the following conditions: It meets all possible user-agent needs for properly structuring and defining content in email. It properly sanctions communications...
I am trying to assess our security risk if we allow to have a form in our public website that lets the user upload any type of file and get it stored in the database. I am worried about the following: Robots uploading information A huge increment of the size of the database The form is an resume upload so HR people will be downloadi...
if (file_exists("pages/$page.php")) { include($page.'.php'); } Is this safe? With Safe i mean that you cant include remote scripts etc ...
how can one create a password on a visual basic access database when you have a vb datagrid ...
Hi, i am running windows Xp 64 bit. i want to hide the taskbar when i run my application. I tried codes by searching in google. In all those, it hides the task bar. But the problem is, when i open a notepad and maximize it, it is not actually into full screen. Because the space where task bar was there is still blocked with empty space. ...
I plan on using Kohana's encryption class but is there a better and more secure way of doing a two-way processing? I want my users to be able to send requests for their previous passwords, not give them a reset one. Any algorithms or libraries you can suggest? prticularly in PHP? ...
I am looking for the best-practice solution regarding how to secure a "shopping-cart" part of an otherwise (relatively) unsecure website. The existing setup in the site uses an unsecure-cookie, and only secures (via SSL) the transaction of credentials. The rest of the site is accessed via HTTP and thus, data is transmitted unsecurely. ...
I am currently developing an MVC application in ASP.net. I am using AJAX.ActionLink to provide a delete link in a list of records, however this is very insecure. I have put this: <AcceptVerbs(HttpVerbs.Post)> Over the function to do the deleting, which stops the function being called simply by a URL. However, the other security hole t...
Is it possible to make HttpWebRequest query to windows Live ID enabled web sites? What is the method of authentication knowing username and clear text password? Could not found anything like that in Live ID SDK. ...
I am using javax.scripting to add support for running arbitrary user-uploaded JavaScripts on the server-side. Obviously I want to secure those scripts! Rhino, on it's own, has a framework for securing scripts at runtime. The documentation for javax.scripting, however, doesn't mention security, permissions or restricting classes availa...