Hi ! I want to secure a webservice using Netbeans with mechansim : "Message Authentication over SSL" and I do everything that Netbeans documentation and Sun WSIT tutorial told to do. I also import the generated SSL key in client jre but when I run the client code, I still got this error : Failed to access the WSDL at: https://loca...
Hi, I am new to spring and spring security, I have understood how beans are created and referenced in the xml files, I need to provide security using spring into my application. I included a custom applicationContext-security.xml file in my web.xml : contextConfigLocation in this file, I have intercepted url patterns using <intercep...
Hi, What is the difference between "Default Enabled" and simply "Enabled"? My guess would be that "Default Enabled" can be changed at some point, but "Enabled" cannot. Is this correct? Thanks! ...
Hi everybody, I have been administering a few LAMP servers with 2-5 sites on each of them. These are basically owned by the same user/client so there are no security issues except from attacks through vulnerable deamons or scripts. I am builing my own server and would like to start hosting multiple sites. My first concern is... ISOLATION...
The title should say it all really - I was wondering if it's better to store connection variables as constants (because they can't be changed) or as private properties (because they can't be viewed). My apologies to all those who reel in horror at my lack of security nous... ...
I have a JS file that puts an iframe on every site its on. both the JS and the iframe location comes from the same domain, mine. Can I somehow communicate from within the iframe to the outside script, which isn't running on my domain, but is called from it? I know about JSONP but i'm looking for a better way if possible ...
My major weakness is securing my sites -- I know, a bad weakness. I have a site now that when I view the source in Firebug, I'm seeing all kinds of scripts with the src of http://mylocksmithusa.com/sitebuilder/acura2002.php -- but they're not in my files that I can find. How did they get there, how can I find them, how can I remove them...
I have a web application which works perfectly fine on my own machines, perfectly fine on my customer's PCs but on their customers machines each page they visit they get a prompt for the Mixed Content coming up. However it doesn't matter whether they answer yes or no to the question, they still get all of the functionality of the site. ...
is there a Best Practice or industry standard for the length of "time out" for web pages for Ecommerce businesses with website containing Personal Identity Information? ...
This may sound like a frivolous question, but those in the security field will get it. Should I let the user enter any number of characters as long as it's greater than 0 chars. My logic is: the password is going to be hashed and salted anyway, and it's more fun for someone doing a rainbow table to NOT have any length/other guideline...
I have an Air application that lets users import jpg, png and swf files and use them as the source to an Image which they can drag around a Canvas. The import function copies the selected file to an images directory inside ApplicationStorageDirectory. When I click on an Image that has an swf as its source, I get a Security Sandbox Viol...
Hello all, I am about to begin writing a Rails application that will allow clients to have a separate subdomain for their access to our application. Thinking from a data security standpoint, it would be nice if each client's access was truly limited to their database, that way, if there is a bug in production code, they would only be ab...
I have a web application deployed on GlassFish. I would like to use the "enabledOnUserRole" component attribute. I am looking to be pointed in the right direction on what I need to do to make the application aware of user roles, and thus use this attribute. I currently use a GlassFish security realm, where I have DB tables for users and...
Hi I am creating a Silverlight 3 application for which i am designing the security block. I already have an existent ASP.NET authentication module that i will reuse in the WCF security service(which will be like a wrapper and this will be called from Silverlight). My goal is to use SSL for the transport security. Also i would want this ...
I am trying to get the WindowsIdentity for the computer account the current user is logged into. Currently I am using the following code to get the group membership of the current user: WindowsIdentity currentIdent = WindowsIdentity.GetCurrent(); foreach (IdentityReference indentity in currentGroups) { String groupName = indentity.Tr...
I'm playing around with django and built a small app where a user can access their info via the url http:///localhost:8000/username/info/ . I want to add the ability to edit that info through http:///localhost:8000/username/info/edit/, but also want to make sure the currently logged in user (using django.contrib.auth) can access only his...
We have two backend applications, one that is reponsible for acquiring data from the internet and storing it in a database, and the other that is effectively a COMET server, accepting connections from the internet, hooked into the http pipeline via the HttpListener API. In development, both these items have been created as console appl...
If I were to select a row from a table I basically have two options, either like this int key = some_number_derived_from_a_dropdown_or_whatever SqlCommand cmd = new SqlCommand("select * from table where primary_key = " + key.ToString()); or use a parameter SqlCommand cmd = new SqlCommand("select * from table where primary_key = @pk")...
I am trying to read the value of a static variable in C like: int variable = value; The thing is that I only have the binary, and the code with a fake value (it is for a lecture, where we study security aspects of software development). I have been trying to read the value using the GDB, and (gdb)info variables which just gives m...
I'm trying to integrate Spring Security and GWT. I'm also using gwt-incubator-security. I configured everything as it was described on their wiki pages. I managed to get security working by using intercept-url, but I can't get it working using annotations. Any ideas about what the problem is? P.S. I'm using Spring 2.5.6, Spring Security...