I would like to cache my website with memcache as much as possible. There are rare modifications (somewhat like in a forum) which I am perfectly ok with re-caching once change is made. My only concern is login information (similar to how stackoverflow has a bar on top). This is how I am doing it right now: $('div#user_bar').load('/logi...
I am trying to check if I have write access to a specific key in the registry before displaying a form that allow the user to change some settings that are written in that key. code sanitized for clarity public bool CanWrite() { string key = @"HKEY_LOCAL_MACHINE\SOFTWARE\MyHaccpPlan, Inc.\2.0"; try { RegistryPermis...
Recently one of our client's websites fell prey to a SQL Injection attack due to a failure to sanitize query string parameters provided to the page. The vulnerable code has since been identified and is being corrected, but it got me wondering about some of the differences between how MySQL and SQL Server process multi-query strings. The...
Hello all, I have an XML web service running on my Windows 2003 server. I have a windows service running on the same machine. I want to call the XML web service from the windows service. This works fine on my development machine, which is running Windows XP. However, when I try to do this on my Windows Server 2003 box, it times ou...
I have an NSTableView with several columns, one of which is set up to use an NSSecureTextFieldCell as its dataCell. I am using a properly configured NSArrayController to provide data to this table. The problem is that my secure text field does not want to work. It shows an appropriate number of dots for the strings that it holds, but it...
Hi, After a few tests, I'm starting to reach the conclusion that a browser does not send a Referer HTTP header when one clicks to a http page from a https one. What security reason is that for? Is is defined somewhere in the standard? ...
Hello everyone, I am using the following code to create Excel object using VBA. I am using Office 2003. I run the following code in classic ASP. Set myexcel = CreateObject("Excel.Application") Error message is, any permission needed to create Excel object? Computer - default permission settings do not permit the address LocalHost (us...
Hi I've succeeded in getting WCF Transport security going for our Logon web service using a self-signed certificate issued against localhost. I added the self-signed certificate as trusted root certificate authority to prevent IE about moaning about a non-trusted certificate. When testing against localhost everything works fine and be...
How do I write/put together a secure login in PHP? The website developer guide said I shouldn't roll my own, so referring to samples available via Google is useless. How do you pros do it? Lets say you're building a world-class app in rails, would the same libraries / techniques be usable here? Thanks ...
Hi, I'm interested in creating a sort of hand-off authentication method, where there's a client and two servers (let's call them Alice, Bob and Carmen Sandiego, respectively). Alice is a client (in a browser) somewhere on the 'net, possibly behind a NAT that gives a different IP for outgoing requests to different addresses (I know there...
If I have a Silverlight client connecting to a web service hosted in a windows service, there's no obvious way to secure communications between the two if you're not using IIS. SSL isn't available, and wsHttpBinding isn't supported by Silverlight. So here's what I'm planning on doing, and just wanted to see if I'd missed any obvious sec...
I am tightening down my web application and I am on SQL right now. I already have sql parameters, doubling apostrophe, stripping javascript and encoding html. Is there other things I need to worry about besides the things above? ...
I'm building a centralized desktop application using Python/wxPython. One of the requirements is User authentication, which I'm trying to implement using LDAP (although this is not mandatory). Users of the system will be mechanical and electrical engineers making budgets, and the biggest problem would be industrial espionage. Its a comm...
In my future web application there would be many user roles. Depending on user's role, webapp should restrict users's access to certain pieces of information. I need to implement following features: depending on role, user should see only columns and rows (in data grid) that are available for current role and user depending on role, us...
I want to develop a Web applications to collect or exchange sensitive or personal data, this system would give user a detailed automated report on : • How secure user's website is? • How easily it can be hacked? • Where exactly is the problem and • What are the remedies? Any suggestions???? ...
Hi community, I am hosting a java service and a flex application on the same server. The flex application accesses the java service. As the flex application loads I get a security error, how can this happen? I thought I do not need a crossdomain.xml when hosting on the same server. My flex app gets the data via a http service that send...
Let me rephrase my last question, what PHP library or framework can I use for professional and secure authentication? Extra points if your idea helps implement account Control Panel features (change password, edit profile). How do you pros do it? Have you ever done trustworthy authentication using PHP? ...
Hi, we wrote a WCF service, deployed on IIS. we chose Integrated Windows Authentication. service can not be used in this case but if we can set the authentication method of the IIS virtual directory to "Anonymous" for WCF services, then the error will go away. But "Anonymous" is not acceptable for our WCF service. We have to use Integra...
How can a user, using one of the major modern browsers, know for sure that he is running my unmodified javascript code even over an untrusted network? Here is some more info about my situation: I have a web application that deals with private information. The login process is an implementation of a password-authenticated key agreemen...
The iPhone app that I am working on requires GET calls to a 3rd party site's api. The 3d part site does not offer SSL and requires the API key be in the GET request's querystring. What is the best way to secure this? I know I can have the iPhone app talk to my server and then my server send a request but I would like to avoid that if pos...