I have found a lot of obfuscation tools with no clickonce support. Could you provide vendors with click once support? I would like to deploy obfuscated software at once without adding ANY extra line of code (pre-buid, post build etc) p.s. I believe that is software related ...
I have SSRS setup and working fine. I can even access them from a web browser. The only problem is that it requires me to log in every time I want to review a report. I need anonymous users to be able to view these reports. Is this possible? ...
I built a photo gallery which uses Paperclip and validates the content-type using validates_attachment_content_type. The application runs on a shared host with Passenger. Is it possible to bypass the validation and run malicious scripts from the public/pictures directory? If so, is there anything that I can do to avoid evil scripts fro...
Dear all, I need to implement a client to consume a Web Service that is deployed on the WSO2 WSAS with username token security. I can use the stub generated by the wsdl2java, a dynamic approach is not necessary right now. There is any tutorial that can help me to accomplish this task? I have already searched but without success! Best ...
The code below is simplified for example I'm developing an AIR application (using Flex) which loads several of its images from a remote web server. The images display fine, however, whenever I'm manipulating the containers which hold the remotely-loaded images, I get errors in my console: *** Security Sandbox Violation *** SecurityDom...
Within a VB.NET program, I want to read files from a filesystem, then write a compressed version of those files to a remote, secure fileshare, using different credentials. The analogous operation at the cmd prompt is: net use s: \\server\share /user:foo P@ssw0rd copy a+b | compress > s:\foo.bin net use s: /delete Is this possible? ...
I searched online a bit and couldn't find anything that really nailed the spot or covered the bases how to go about setting up users/roles on a database. Basically, there would be a user that would be used to access the database from the application (web application in this case) that will need access to database for the regular databas...
I'm looking for an alternative tool to CAT.NET for performing static security scans on .NET code. Currently the CAT.NET tooling/development is at a somewhat fragile stage and doesn't offer the reliability that I'm looking for. Are there any alternative static code analyzers that you use for detecting security issues? ...
Hi, Can anyone suggest tools or an approach to doing a source code “Security Review” of some JavaScript libraries. Particularly Cross-site scripting (XSS) activities potentially left by an unscrupulous individual. Ideally a something like the “RATS - Rough Auditing Tool for Security” which can be used for JavaScript, which parses th...
My web application operates only over SSL and sets a time limited cookie for each user after they successfully login with a username and password. The biggest weaknesses in the system are one compromising an existing user's cookie. And two guessing a session ID GUID. I know of mechanisms for the first weakness but I'm wondering how muc...
Does Dot NET supports PKCS11 certificates for HSM devices. If not, are there any other third party utilities available which supports pkcs11 certificates? ...
Hiya, I'm trying to use GNUPG and Crypt_GPG to encrypt data ready to be sent across email to a client server but i'm having problems setting it up. I've installed GNUPG on the server, and it works just fine, located in /home/myserver/.gnupg I've installed Crypt_GPG into /home/myserver/php/Crypt and edited the various files to have ab...
I'm am developing a Firefox extension which interfaces with an underlying Windows service (which I have already made). During the development so far I encountered one bug in the installer program (which installs the FF extension AND the service). This was due to the security model on Vista requiring elevated privileges to be able to ins...
We have Sony security cameras which have an inbuilt web server, giving a web interface to view and control the camera. We would like to integrate the camera picture into a Java web application, is there a way to connect to the camera from my code? I see plenty of generic software (for PC, PDA, Iphone etc) whereby you just tell the softw...
I'm trying to sandbox JSR-223. Specifically, I don't want any script to have access to any of my classes. (I hear Rhino can do that with ClassShutter, but I want to do it generally. ie. for all script engines of JSR-223). I first tried to use the AccessController.doPrivileged solution, by passing no permissions at all. It works for most...
I have a C# .net webservice that I need to restrict access to. I already require my consumers to use a username and password to call the service. But, is there a way to restrict access to the actual asmx page and the WSDL? I would need to restrict access to the webservice by username/password and IP address. If a user did not have th...
I've got an ASPxGridView that I would like to allow some users to have read and others users write access to. Ideally this would be based on Active Directory groups. How can I do this? ...
I was wondering, what is the reason for having _syscall0 to _syscall6 in Linux to handle different number of parameters. Are there any security/performance issues with having just _syscall6 alone and letting calling code pass in null values for unused parameters? ...
I've set up a local SVN repo with apache https access on an ubuntu machine using this example: http://stackoverflow.com/questions/60736/how-to-setup-a-subversion-svn-server-on-gnu-linux-ubuntu Everything works great. The next step is to allow users to access SVN over the internet. This works, but here's my question: Currently it seems e...
At the company that I work with, we often have to integrate with client’s infrastructure. Recently, after hearing that we use Hibernate, one client manifested following concern: Since user under which Hibernate connects to database has a direct access to tables and Hibernate generates SQL dynamically, then such user can do pretty mach an...