Is it possible to use the LoginView control in combitation with the server session in ASP.NET?
Is it possible to use the LoginView control in combitation with the server session in ASP.NAT? ...
security
How to save encrypted data in cookie (using php)?
I would like to save data in cookies (user name, email address, etc...) but I don't the user to easily read it or modify it. I need to be able able to read the data back. How can I do that with php 5.2+? It would be used for "welcome back bob" kind of feature. It is not a replacement for persistence or session storage. ...
How do you protect code from leaking outside?
Besides open-sourcing your project and legislation, are there ways to prevent, or at least minimize the damages of code leaking outside your company/group? We obviously can't block Internet access (to prevent emailing the code) because programmer's need their references. We also can't block peripheral devices (USB, Firewire, etc.) The ...
JKS protection
Are JKS (Java Key Store) files encrypted? Do they provide full protection for encryption keys, or do I need to rely solely on access control? Is there a way to ensure that the keys are protected? I'm interested in the gritty details, including algorithm, key management, etc. Is any of this configurable? ...
Unlock Windows workstation programatically
I would like to write a small application that unlocks the workstation. To put the specs of what I need very simple: Have an exe that runs and at a defined time (let's say midnight) unlocks the workstation. Of course the application knows the user and password of the logged on account. I know of the LogonUser API and have tried using it...
Will web browsers cache content over https
Will content requested over https still be cached by web browsers or do they consider this insecure behaviour? If this is the case is there anyway to tell them it's ok to cache? ...
Making secure code a focus for your development team
How do you go about promoting secure coding practice in a development team? ...
How do I tighten security of my hybrid ASP.NET 1.1 / Ajax solution?
Scenario I have an HTML/javascript website that uses javascriptSOAPClient communicate with an ASP.NET 1.1 web service in order to read/write to a SQL database. (http://www.codeproject.com/KB/ajax/JavaScriptSOAPClient.aspx). The database contains anonymous demographic information--no names, no credit cards, no addresses. Essentially the ...
customer-configurable asp.net web site security for fine-grained control of page and button access
I have an ASP.NET 2.0 [no ajax...yet] web site that will be deployed in compiled form on multiple customer sites. Typically the site will be intranet only. Some customers trust all of their people and don't care about limiting access to the site and/or page functions, others trust no one and want only certain people and/or groups to be a...
How to show SQL server 2000 server roles through an SQL query
what sql query will i need to show the activated server roles in a specific user? ...
SecurityException thrown when app starts from remote folder
I have an app written in C# that lies on a network share. When I run it from a local drive, everything works fine. When I start it from the remote share, calls like try { System.Reflection.Assembly.GetExecutingAssembly(); System.IO.Directory.GetCurrentDirectory(); } throw a SecurityException 'Request failed'. What causes this...
NT Kernel Programming
Hi, I would like to know where to get started, or how possible it is to hook into, or patch the windows kernel(XP and up). I am specifically interested in software like McAfee Entercept, or certain antivirus scanners that patch the kernel. I would like to know how feasable it is for a startup to create software that added in functionali...
User configurable security in multi-tenant ASP.NET website
We are building a multi-tenant website in ASP.NET, and we must let each customer configure their own security model. They must be able to define their own roles, and put users in those roles. What is the best way to do this? There are tons of simple examples of page_load events that have code like: if (!user.InGroup("Admin") ...
Alternatives for java sql PreparedStatement IN clause issue?
I'm looking for the best workarounds for the PreparedStatement "IN clause" issue, which apparently is not supported for multiple values due to sql injection attack security issues: One ?, One value. Not a list of values. To illustrate: select my_column from my_table where search_column in (?) using ps.setString(1, "'A', 'B', 'C'");...
Are there any security risks associated with me using OpenID as the authentication method on my site?
Is OpenID a secure method of authentication users on a website? And, if not, what are the security risks associated with OpenID? ...
SQL Server 2005 replication configuration
Hi Folks, Does anyone have a link to a decent tutorial on configuring SQL Server 2005 replication. The article needs to explain how to configure the correct security for the replication snapshot agent, there a lots of articles out there but they all seem to miss out on that part of the process. Or....if someone has set this up already ...
What are the disadvantages to using a PHP proxy to bypass the same-origin policy for XMLHttpRequest?
http://developer.yahoo.com/javascript/howto-proxy.html Are there disadvantages to this technique? The advantage is obvious, that you can use a proxy to get XML or JavaScript on another domain with XMLHttpRequest without running into same-origin restrictions. However, I do not hear about disadvantages over other methods -- are there, and...
Can clone VM be application backup plan?
Hi, I am application developer and don't know much about virtual machine(VM). however, our application is resided on a VM. frequent patch need be apply to fix/update this application. For diaster recovery, It was suggest to backup every thing on the server. so, once server is restored, no application need be re-installed and configured....
What are some best practices for handling sensitive information?
I'm currently creating an application for a customer that will allow them to automatically bill their customers credit cards. I'm curious as to what are some best practices to safely store and access the credit card information, and for that matter, any other sensitive information, like social security numbers, account numbers and so ...
What is good way to learn java?
I have a little experience in C++ and Java, but I want to be professional with them. Also, when i want to develop a secure application, what is the recommended way? ...