I have been doing programming for more than 10 years using various programming languages on multiple platforms/technologies/protocols. I am thinking to switch my career and become a security domain expert. How do I get started? I would appreciate any tutorials, books, blogs which would help me to gain security domain knowledge. EDIT: R...
This question is more or less the same as Restrict Certain Java Code in a Plug-In, however the accepted answer was simply to further search with Google, what I already did without having this question answered. Effectively, I want special security constraints only for code I load via plug-ins. When a plug-in is loaded and started, all ...
I am using ASP.NET MVC to build a web application. In the main screen of logged-in user, I am using User.Current.Name to determine logged-in user identity, this is mapped to ID of a domain model data that is related to the current user. No one else should be able to see or edit this information (say his profile). I am using membership a...
In the same way that it's possible to serve up images with php, for use in CAPTACHAS and such, is it possible to do the same with audio files? I've tried this <?php $track = "sometrack.mp3"; if(file_exists($track)) { header('Content-type: audio/mpeg'); header('Content-length: ' . filesize($track)); header('Content-Disposition: filena...
Is there a library for c# that allows me to build an encrypted token containing claims, and then gives me an API to check if a token contains the claims I'm interested in? Similar to how ".NET Access Control Service" works. I hope the question is clear. Thanks, Nestor ...
Hello stackoverflowers! I'm using Exchange Web Service exposed from exchange 2007 SP1 server to create emails from my application and I've encounted a problem I can't figure out. I get this response "When making a request as an account that does not have a mailbox, you must specify the mailbox primary SMTP address for any distinguished...
How can i protect my IL from reverse engineering ? Any Obsfuscator tool is available ? will it offer maximum security ? ...
I have a need to generate a random SecretKey, in Java, which I will be able to regenerate at some future point. The idea is that this key is unique to the machine on which it is created and isn't stored anywhere. I'm attempting something like this: KeyGenerator keyGen = KeyGenerator.getInstance("DESede"); String hostname = InetAddress....
I have an ASP.NET app using Windows authentication, and I'm testing for the existence of a file on a remote server. I'm authenticating as MYDOMAIN\my.username - this works. The file is \MYSERVER\WebShare\example.txt. This file exists. I can open it from various hosts whilst logged in as MYDOMAIN\my.username. Under Windows Explorer, the...
Does anyone know how I can: create IP security policy manage IP filters and IP filter actions PROGRAMMATICALLY on windows 2003? Not use Microsoft GUI utility. I tried to achieve this by programming with windows registry, all data I need that is under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\IPSec\Policy\Local but I h...
Environment Microsoft Office SharePoint Server 2007 SP2 running on Windows Server 2003 R2 SP2. The MOSS server is a standalone server on a domain used for outward facing boxes. It has a one-way trust with our production domain. InfoPath 2007 SP1 is being used to author the forms. Scenario 1) I have a web-enabled InfoPath form that I ...
I already know about User and Role-based security in ASP.NET MVC. But now I need something a little more granular. Let's say I have a list of documents, some of which the user is authorized for, some not. Each document has a corresponding record in a documents table in a database. Documents can be downloaded for viewing, if the user h...
Hi, We are receiving an application from a third party that will eventually be installed in our production environment. As part of the setup, they want us to make Machine\ASPNET an Administrator account. This seems to me like bad practice, but I need specific reasons if I am going to push back on this. What are the implications of ru...
I'm using GData's AuthSub so that my administrative application doesn't need to store user/password information. I just came to the point in the documentation where I learned how to exchange the first, single-use token, for a session token (http://code.google.com/apis/accounts/docs/AuthSub.html#AuthSubSessionToken). And then this state...
Hi. I have part of a model defined like this: logo_image = models.ImageField(upload_to=lambda i, fn: "logo_%s"%(fn), height_field="logo_image_height", width_field="logo_image_width") and had a question about the upload_to function. According to django's documentation for FileField.upload_to, the second paramater, filename is "The fil...
So, I have the following in the web.config <authentication mode="Windows"/> <authorization> <allow users="domain\johndoe" /> <!--Deny All Others--> <deny users="*" /> </authorization> But, what I want to do, is only allow users in a specific GAL group on our AD server and that doesn't seem to work with these settin...
I've been reading about Stanford's Secure Remote Password protocol, and it looks ideal for the sort of environment in which iPhone apps run. Unfortunately, I haven't been able to find a good Objective-C implementation of the protocol. Nor, as far as I can tell, do the crypto libraries in the SDK implement it. Does anyone know of such an...
A hypothetical situation: you've implemented a password handling system, and it doesn't impose any limitations at all on what characters can be used. You want to set up some rules that are a reasonable compromise between two things - Allow the user as much freedom as possible. Allow for the possibility that you may change how you handl...
I have a flex application which collects data entered by the user and posts it off to a web service I have running on a back end server. The flex application does not authenticate users (it's available for anyone to use without setting up an account) and communicates to the web service using HTTPS. There is an XML firewall in place for...
hi , i have created my product and also generated license key for that but i want to ask that key after 30 days. i have do it with registry value storing the date with adding 30 days in that. but i found that if the user change the system date with 30 days before my logic not work. so is there any solution for the trial version softwar...