I am running a webservice on server 2008 that needs access to a windows service and I need to give access to [the user that the web service is running as] via the command line. (sorry if my wording is terrible, hopefully the brackets helped?). I know there is a utility available with the windows 2000 resource kit (SUBINACL.exe), but i...
I am looking to call a web service requiring basic authentication from a bpel process. I have configured my wsdl as close to what the "net" says as possible but it still doesn't work. It makes the call but without the all important line in the header of the request. Can anyone who has done this please help? Maybe an example or something...
I'm trying to have access to a back.end system through webservices, everytime i try to take data out I'm facing this Soap Exception I've been struggling with this for a while now. Any tips? System.Web.Services.Protocols.SoapException: System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.Reflect...
The company that I work for is redeveloping an in-house product for external use. The product will initially be developed in C# using WPF, then ported to Silverlight. One of the focus points is coding against malicious attacks e.g. SQL injection etc. Questions: Can anyone recommend URLs pointing to articles on security 'best practic...
is there any tools that can help you testing you web apps for security problems ? (i am using php & mysql for develepement) ...
We have an admin debug console in our app that lets you enter a script and submit it to get the result back. We're not worried about malicious users, but would like to prevent basic stuff like someone entering System.exit(1) just to see what it does. Unfortunately, adding a security policy file isn't an option. Is there any other way to...
Is it possible to eliminate these characters from a wordpress password? I have heard that it can open up scripts this way, that hackers can use to get in. Thank you. ...
How can you create a temporary FIFO (named pipe) in Python? This should work: import tempfile temp_file_name = mktemp() os.mkfifo(temp_file_name) open(temp_file_name, os.O_WRONLY) # ... some process, somewhere, will read it ... However, I'm hesitant because of the big warning in Python Docs 11.6 and potential removal because it's ...
I have a JSF web client and a Java client that both use the same stateless EJB layer for their application logic. I'm unsure of how to balance the need for performance (limiting the amount of data that is transported between the presentation and application layers) with security (in the sense of ensuring all decisions are made based on u...
Hello, We are developing a very simple first stage GUI for a company database. At the moment our time to deliver is rather limited. So we thought about using a simple SQL stored procedure and retrieve all data. The data the users are allowed to see is depending on security levels defined in the database and also in our Active Directory....
I know this might sound like something which is explained everywhere.. but I've been watching lots of asp.net/learn videos reading articles - and still there's something missing that explains how all this "Membership" ties together. On the one hand, there's this built-in .net user management which allows you to create roles, users etc....
I have a 4 step form process. form.php, validation.php, review.php and complete.php Form.php posts to validate.php which depending on the validation redirects either back to form.php or to review.php. The final step is complete.php Each page is called with HTTPS except validate.php which is where the SESSION variables are created a...
I'd like to create a web service architecture that can be called by various platforms such as mobile devices, winforms applications, iphone, blackberry, you name it. So going with something like WCF and wsHttp binding probably kills this and I would need to downgrade to a basicHttp binding for compatibility. With that said, I need a sy...
Client side I need to pass a piece of information (for this example lets say a string) to every service call I make. The services use this string (currentRole) along with user/pass credentials to retrieve a user's set of claims associated w/their current role. The solutions I have come across thus far are: 1) Modify message headers as...
Hi all... I have a site with a Silverlight-enabled WebSerivce (.svc file). In that app is also a Silverlight application which references this service. Now, our website uses multiple headers (to account for the user coming to it with or without the 'www.' subdomain, e.g. mydomain.com and www.mydomain.com). So i put in a clientaccesspol...
My reading of this article suggests that a benefit of ReCAPTCHA is that it can have humans verify words not recognised in the OCR/digitization of books. It does this by using these words in "Are you human?" tests. So ReCAPTCHA kills two birds with one stone. Great! But I dont get it. If the word can't be recognised by the digitization p...
I have an ASP.net app which needs to save files to a network share(samba). The share requires a username and password to connect. I have mapped a persistant drive to the share and provided the login credentials whilst logged in to the server as DOMAIN\WEBUSER. I have changed the virtual directory which hosts my app to use the DOMAIN\W...
I'm working on a user authentication thing for a web site. Having read the book Innocent Code, I have followed its advice for storing passwords as hash(username+password+salt). The theory being that hashing the password alone is not secure (subject to dictionary/rainbow table attacks, and potentially not a unique hash on any given site ...
This is something I've always wanted to learn. When I design a system (software or hardware) where multiple components communicate with each other, how can I implement some simple encryption or other features in the protocol for some basic security? I can change the protocol anyhow, since I have low-level access down to the series of by...
I've just got a site running nicely with the whole site running through SSL, but Google Chrome is throwing a "This page contains some insecure elements" message, which isn't good in terms of end user trust-ability. All other browsers work fine, and give the golden padlock. The site is a Drupal 6 e-commerce site, running on apache2, and ...