Hello, all. I'm pretty new to web development, so please be gentle. Apologies if I'm posting a topic that's already been discussed; I searched but couldn't find quite what I was looking for in another thread. Background: I have a site that allows file uploads, but once uploaded, they won't need to be viewed by anyone but me. I've ...
I'm in the process of opening up a company that will eventually hire 2-5 developers to work on a large web app. My main concern is that one or more developers could steal the code. I could make them sign contracts against this type of thing, but I live in a country where the law is "bendable". Is my only option to lock them up in a ro...
Assume that the following Perl code is given: my $user_supplied_string = &retrieved_from_untrusted_user(); $user_supplied_string =~ s/.../.../g; # filtering done here my $output = `/path/to/some/command '${user_supplied_string}'`; The code is clearly insecure, but assume that the only thing that can be changed is the filtering code on...
He guys, I just read this post about really nasty (and cool at the same time) ways to perform XSS. However, there is still something unclear to me. I understand the full concept of the attack, however, I dont see how this can potentially be exploited. The "action" attribute inside the form must point to a ftp server (or any other serve...
I am upgrading my reset password procedure of my webpage. What fields should i include in my SQL table? After searching all over the web i decided to add these goodies Guid Expiration date of guid (i guess 3 days is fine) Timestamp of the change password request Ip address of the user is there anything else that could be usefull? ...
I wrote an app in C# which uses the webbrowser control. While using it, the site i happen to use it on had an ad that auto DLed and ran itself on my comp causing me to be very annoyed. According to safebrowsing.clients.google.com 2/5000 pages had this exploit, unlucky me. I use IE6 for testing so what can i do to protect myself from tho...
This is related to this question which hasn’t had much success in the context of SharpSVN so I’m rephrasing in a pure .NET security context. I’m wondering if it’s possible to create a NetworkCredential object based on the current logged on user in an ASP.NET app without explicitly requesting username and password (it’s an integrated auth...
I want to limit my SWF file so that it cannot be stolen and hosted on another server. So if the domain serving the SWF file isn't on a list of approved domains, the SWF will not load normally but will instead display a message that links to one of the approved locations. What I'm unsure about is how to access the domain that is hosting t...
I am creating a login system for a web application using PHP. My question is, is it safe to only store the user login information in the current session? For example, if a user named John logs in successfully to my site, can I just store $_SESSION['Username'] = 'John' and $_SESSION['LoggedIn'] = 1 then check that $_SESSION['LoggedIn'] ...
Has anyone ever curomized the Wbesite admin tool in ASP.Net? I would like to add some fields when ceating a user and keep it all in one place. Any pointers would be appreciated. ...
Hi, My application runs in Websphere 6.1 and it needs to encrypt OutputStream using security certificate. I guess that I have to use WAS keystore, so certificate will be configurable through admin console. I've searched Developerworks and WAS documentation and got stuck on amount of information, most of which leads to securing passwords...
Is it possible to upload a virus to a remote computer using a webform? If yes how do we prevent this from happening assuming we are limiting file types to just images? ...
I am not able to connect to an remote known server through Java code; the exception while connecting is java.net.NoRouteToHostException: No route to host. But strangely, I am able to connect to same server through ssh. Details: Simple Java client when tries to establish connection with Java standalone server, while conneting the except...
Current situation: Users are downloading the whole video clip (>70mb or >140mb). This is not as effective as we would like. [I am a non programmer looking for a solution]... I want to be able to stream video for a professional development package from our servers to the user. The user logs in and access the video from the dashboard. ...
My application is throwing a Security Exception with the following details: Description: The application attempted to perform an operation not allowed by the security policy Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0...
I am trying to prevent any SQL injection in all my queries and would like to know how to put double quotes in this query. Thanks string.Format("SELECT TOP 10 article_guid, article_title FROM article WHERE article.article_isdeleted = 0 AND FREETEXT(article_title, @val)"); ...
I'm using ASP.NET MVC and I am trying to separate a lot of my logic. Eventually, this application will be pretty big. It's basically a SaaS app that I need to allow for different kinds of clients to access. I have a two part question; the first deals with my general design and the second deals with how to utilize in ASP.NET MVC Primaril...
I have a web service implemented in WCF. This service is only going to be called by a single client, a site with a static IP address. I would like to implement simple security that would verify that all calls to the service are only valid if they came from this particular static IP. What is the best way to do this? ...
I am developing a custom shopping cart for which existing customers will need to log in to access their account. I am trying to decide if ASP.NET membership is appropriate for all or part of the application. It certainly makes sense for existing customers - you log in and get access to your order history and can make changes to your s...
I understand that for Silverlight to be able to make a cross-domain request using the WebClient class, there needs to be a clientaccesspolicy.xml at the root of the server. I got this working, and when the Silverlight app has been compiled in debug mode, this works great. When the Silverlight app is compiled in release mode, however, I g...