Retrieve calling application name in wcf
Is there a way to retrieve the calling application name in a wcf service? ...
security
is this ok? salting
Hey i would like do have your input on this I use this to generate unique salts to each of my users when they register (random letters and numbers). how big is the chance that salts will colide? uniqid(mt_rand()); I then use md5 to hash salt, password and email(in that order) together as password and rehash when they log-in. md5($sa...
WCF: The incoming message was signed with a token which was different fron what used to encrypt the body. This was not expected.
For what ever reason, a critical third peaty webservice functions like this. I can connect, send a request, and receive valid response, but i still get the error message. This only happens on one server. "The incoming message was signed with a token which was different fron what used to encrypt the body. This was not expected." (sic) T...
Securing .net Assemblies
Hi All! I want to secure my assembly (dll) by binding it to a specific environment. Say I have a dll (BizLogic.dll), I want to make it available to my co-developers to use it within the organization. But I don't want others to use it outside my organization. Is there any way to address this issue? Thanks in Advance. -- Mohammed. ...
need help with what direction to go in for a project
ive been given the following scenario and am not to sure what programing languages to use, i have used c# for a similar project but am not sure about the mobile phone part, i dont really need a full on answer just a push in the right direction. The aim of this project is to produce a server for monitoring home security. The server shoul...
What is token based authentication?
Hello. I want to understand what is a token based authentication . I searched in the internet but couldn't find anything understandable. ...
How to strengthen Mysql database server Security?
If we were to use server1 for all files (file server), server2 for mysql database (database server). In order for websites in server1 to access to the database in server2, isn't it needed to connect to to ip address of second (mysql server) ? In this case, is remote mysql connection. However, I seen from some people comment on the se...
securing an asp.net web service for use with jquery ajax
Hi, I'm using jquery ajax to fetch data from an asp.net webservice. I'm wondering how I can secure it and have it work with jquery ajax. The service is part of my web application and to access it you have to be logged in to the application. However I'd like to further secure it. For example a consultant looking up all their customer...
How do I secure user registration?
What is the most secure way of registering new users? I know SSL is a good pick. But can I have SSL on user registration only? Take Wordpress for example. User registration is at http://en.wordpress.com/signup/. And the user registration form is sent to https://en.wordpress.com/wp-login.php. The same goes for login. How can I make ju...
Java Encryption C# Decryption
Hi, I got a module which RSA encrypts the data and passes on to the C#. C# needs to decrypt it based on the public key (64 bit encoded) and the passed token. I have token , 64 bit encoded public key, can some help me get with the sample to get started. All I know from Java end is, it is using. I have got the result from Java end and nee...
How can I scan/fuzz my code for vulnerabilites?
I'm looking for an automated way to fuzz my app or scan it for vulnerabilities. Please assume that my hacking knowledge is 0. Also the source is on my localhost so I need a way to fuzz it locally without relying on an internet connection. Can some security experts give me some hints or recommendations? I'm not sure what options are best....
Send Authenticated User To WCF Application
I have 2 applications; one is a ASP.NET 3.5 Ajax Application (Client) and the other is a WCF Web Application (BackEnd). The applications are deployed in a separate Windows Server 2008 over IIS 7. The backend application has the net.tcp and http bindings enabled; some services are exposed under the netTcpBinding and other services are e...
Security concerns with uploadify
I just implemented uploadify in my project, and I noticed what seems like an important security issue with the uploading process: The folder in which the file should be uploaded is provided as a javascript argument, so client-side. If the user changes the script, and fills in a different folder (i.e. "/") for the upload, the file gets u...
Security settings to start a windows service in a ASP.net web app
I have a bit of code in an internal ASP.net application that we use to start automatic services should they be stopped on the server that the web app is running on. The only problem is that it doesn't seem to start the service when its run on the server. It does so fine when its run on my desktop locally though so I'm guessing I have to ...
Site Security Audit
Can anyone recommend a site security audit service? One thats simple to sign up to online and audit sites for xss, sqlinjection, buffer overflow, etc etc. Thanks ...
How do you ensure windows applications and windows services access the same ProgramData on Win2008 x64?
I have a windows forms application that reads and updates an XML file with information which a windows service must act on. This has been working on Windows Server 2003, XP and Vista (x32) for some time. Now, when installed on Windows Server 2008 x64, strange things have started happening, thanks I assume to the User "VirtualStore" fol...
How to run PHP exec() as root?
I'm trying to build a firewall manager in PHP, but when I execute, <?php exec('iptables -L'); ?>, the result array is empty. I have tried, <?php echo exec('whoami'); ?>, and the response is www-data (the user that Apache is using). What can I do to execute the exec function as root? (Preferably without changing the Apache user.) ...
Microsoft Security Catalog Format Documentation and API Samples
I'm looking for any documentation on the API for working with Microsoft Security Catalogs, or in lieu of that, information on the file format so that I may write my own parser. In short, I have some .cat files that I need to be able to work with. Looking at the file in a hex editor, they obviously have different regions, which are deli...
Mysterious url in our html website
Dear Community members, The home-page of our static html website http://www.iffort.com is transferring data from a mysterious website rawalrohi.com. You can check this by going to iffort.com and noticing the footer there. It says transferring data from rawalrohi.com. From our side we did the following things to rectify the issue a.)...
Implementing autologin for ASP.NET MVC
Hi, I've been trying to get membership working in ASP.NET MVC. There are some pages that require authentication. Others that can have guests and authorised members. Much like StackOverflow. They can do things anonymously or as a registered user. We also have a custom database schema of handling members (not the default ASP.NET Membersh...