PKCS12 certificate is stored in binary format while PEM certificate is an ASCII file which can be opened and viewed in a text editor. Q1. How can I convert a PEM ceritificate of the form below to a PKCS12 certificate programmatically? -----BEGIN CERTIFICATE----- *****CERTIFICATE DATA***** -----END CERTIFICATE----- -----BEGIN RSA PRIV...
I currently run several Wordpress MU installations. My users are asking for the ability to post video (not just Youtube, but from our own Flash Media Server). By default, Wordpress strips out <embed> tags. Now, I would never allow users to include PHP or JavaScript in their posts, do I have to worry about Flash vulnerabilities? How d...
Hi all, We’re generating a video and pushing it to our client's web site. You can see it here, as an example: http://www.expresspassport.com/ We're calling the code by a remote JavaScript file that injects a few DOM elements. We're also setting a cookie to handle repeat visitors in a different behavior then new visitors. Up until a...
I am creating a PHP script for my website that would allow my clients to login to their client account and view a list of files I've uploaded for them. Then they can download them without having to relogin or re enter a password. I want to keep it secure so anyone cant come in and download the files if they know the clients name. I've ...
Is there a way to detect which programs or modules are listening to a keyboard hook? By Sysinternals maybe? ...
I am writing an application which reads information from am xml plist in the bundle upon startup. The information in the plist has been compiled through many days of work and I would like to ensure that it cannot be extracted easily from the app bundle by another party after distribution. Is there any way to secure or encrypt xml plists...
Hi, Does anyone have a good example of how to do https over http (or a socket)? The embedded java platform doesn't support https out of the box, but I'm sure it should be possible using some 3rd party libraries or source code snippets. If anyone can point me to the correct direction I'd be very grateful ...
I created a web service that I want to make more secure by using forms authentication. I added the following code: [WebMethod(Description = "Login function returns true for success and false for fail.", EnableSession = true)] public bool Login(string Username, string Password) { return User.Validate(User...
I am looking for a tool to scan a given URL for security vulnerabilities. I've googled around a bit and found a few but most of them require something that's publicly facing and my DEV environment isn't publicly facing, or they have some expensive solution that's more than I need for now. I don't need anything super powerful as I'm jus...
What .Net controls automatically encode output data? ...
How would you go about hiding sensitive information from going into log files? Yes, you can consciously choose not to log sensitive bits of information in the first place, but there can be general cases where you blindly log error messages upon failures or trace messages while investigating a problem etc. and end up with sensitive inform...
I started a new solution with a website project and a logic project for all my class files. I copied the web.config file I use for all my other projects and just changed the database name in the connection string. When I run this project to be debugged, it won't let me access any files until I login. This includes javascript files, html...
What is the worst security hole you've ever seen? It is probably a good idea to keep details limited to protect the guilty. For what it's worth, here's a question about what to do if you find a security hole, and another with some useful answers if a company doesn't (seem to) respond. ...
I have a website where users are going to submit files (pdf, doc, xls). What do I need to do to ensure that the files are secured during submission? What type of security I need to put on my server to ensure that the files are going to be secure/hacker proof? What's the technique that you recommend to re-set passwords to allow the user...
I have passwords stored in a database using md5, and was wondering if there was a way to reverse the hash to email the user's password to him in case they forget it. If that's not the most appropriate method, what is the appropriate method for dealing with a lost password? ...
Hi, I have a simple, single-page in ASP.NET (C#). I wanted to add login control, so I just added LoginView as follows: <form id="form1" runat="server"> <asp:LoginView ID="LoginView1" runat="server"> <AnonymousTemplate> <asp:Login ID="Login1" runat="server"> </asp:Login> </AnonymousTemplate> <LoggedInTempl...
What is the best way to prevent introduction of malicious code when using snippets, skins, etc.? Obviously this is less of a problem with sites like StackOverflow; however, how often have you run into Malicious Code Snippets? I don't just mean careless or wrong. I mean actively malicious. For example, I have used Wordpress a lot late...
What would be the best approach to generate a secure feed? Would some sort of token (feed.example.com/user_private?user=1&token=XXXXXXXXXXX) be allright or are any other more appropriate solutions? ...
Join me in the fight against weak password hashes. A PBKDF2 password hash should contain the salt, the number of iterations, and the hash itself so it's possible to verify later. Is there a standard format, like RFC2307's {SSHA}, for PBKDF2 password hashes? BCRYPT is great but PBKDF2 is easier to implement. Apparently, there's no spec....
If I implement the Synchronizer Token in my struts application, would i need to edit all my forms to add some kind of tag for the token or is that done automatically by struts? ...