I'm trying to come up with a way to effectively easily clean all POST and GET variables with a single function. Here's the function itself: //clean the user's input function cleanInput($value, $link = '') { //if the variable is an array, recurse into it if(is_array($value)) { //for each element in the array... fore...
Could someone please explain why $_POST= array(); isn't an effective way of resetting your $_POST superglobal? I thought of this when reading this question. Being an array, I would imagine all elements of that array, be it $_POST or any other, would be reset when re-initializing it. ...
The UserDetails interface has two properties that seem to be the same, locked and enabled. Aren't these just the opposite one of the other? ...
Give me an example on how I could apply the Strong Link - Weak Link principle in designing a security component for a piece of software. Is there such a concept of "weak" modules in software security, where in case of an attack these will deliberately fail first, and determine the impossibility of the attacker to access and compromise an...
I have two HTTP services running on one machine. I just want to know if they share their cookies or whether the browser distinguishes between the two server sockets. ...
I'm trying to get an MD5 hash of a value in ColdFusion. I tried this code using the Encrypt function1: <cfscript> val = 1117; md5 = Encrypt(val, 0, "MD5", "Hex"); </cfscript> But I get an error: The MD5 algorithm is not supported by the Security Provider you have chosen. How can I choose a different security provider? 1 Yes, ...
Please help!!! I wonder how can I reconcile the following error: "JVM cannot use large page memory because it does not have enough privilege to lock pages in memory"? The settings are: set JAVA_OPTS=-Xms20g -Xmx20g -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:+UseLargePages -Duser.timezone="GMT" %DEBUG% This happen on Windows 2003 ...
for more details about the live id : https://accountservices.passport.net/ppnetworkhome.srf I have seen jar files in spring-security-2.0.5 indicating support for acl (i dont knw wht it is) cas (no idea again) NtLm open id does it support windows live id / is there any extension for spring that supports it ? ...
I recently started looking into building web applications using .NET MVC and I stumbled upon this blog post by Phil Haack: JSON Hijacking. For those of you who aren't aware of this vulnerability when using JSON to transfer sensitive data it's really a must read. It seems that there are three ways to handle this vulnerability. Require ...
My app has a session timeout after 30 minutes. If the user has a "permanent login" feature activated, then on a subsequent HTTP request the server reads the "perm session" cookie and restores the session. However, if the user does not reload or navigate to another page after his session expired, but rather clicks on a button that retrie...
I've got an ASP.NET app that requires Windows Integrated Security. For some reason, I don't what to discuss that here, I need to create a WebRequest at runtime, call some other page in the app and process the result. The application runs on a server for which we use a DNS alias, something like theapp.domain.com. So I create a NetworkC...
I was looking at an authentication system which had this code: # prevents a user from submitting a crafted form that bypasses activation # anything else you want your user to change should be added here. attr_accessible :login, :email, :password, :password_confirmation, :first_name, :last_name I don't understand why attr_accessi...
I don't know if the term "mass assignment" is Rails-specific but I get the basic idea that mass assignment is when you assign values to a bunch of variables all in the same method. Is that a correct definition and why is there a special name for this? ...
I want a form where user can change password. I am able to encrypt a password, however when it is selected from the database(the original password say 'test') it does not recognise it. This is when the password has been encrypted in db. i am checking to see if the typed password in form matches the one in the db: SELECT * from table wh...
I want to limit my database possible access ways to only using stored procedures. Everything works fine except System.Data.SqlClient.SqlBulkCopy. I'm using it only in one class for massive data import. Is it possible to avoid this problem? I tried to grant a right before calling SqlBulkCopy and remove it after: EXEC [db_mod].[sys].[sp...
What's the best place to start learning this when you already have some background ? ...
subject says all, the REST api docs seem to make me think I do (and if I dont my code doesnt work) Do: -hard code ProductToken -ask user for authorization key DoNot: -hard code (or use) access key ID -hard code (or use) secret access key keep in mind this is for an application that uses devpay, not a website thanks! ...
i am using a certificate generated by makecert which has both private and public key. The java side uses this public key to encrypt the data and .net decrypts it back. I am trying to decrypt Java's encrypted 64 bit encoded string and getting bad data. To see if all is good on.Net end, I frist tried to encrypt with the public key and th...
My company's CRM system utilizes a captcha system at each login and in order to utilize certain administrative functions. The original implementation stored the current captcha value for in a server-side session variable. We're now required to redevelop this to store all necessary captcha verification information in a hashed client-sid...
So, I'm in a very difficult problem. Using Java: I've an enterprise certificate (in .p12 format) altogether with its public key ("password" string). Also I've a text message which I've to sign in PKCS7 format. I've been reading a lot and I've realized that there's no STANDARD implementation to do what I want to do. There is the JCE/JCA...