hey, someone outthere is trying to flood my website with some script. luckly my application caught it i just wanna know what this code is doing <script> <!-- document.write(unescape("<?php //================================= // // scan inb0x hotmail v3.0 // // coded by FilhOte_Ccs and LOST // re-c0d3d by delet // // //================...
I have a controller and a view; the data that I'm working with inside the controller can't be trusted (it's drawn from somewhere external, and isn't $_GET or $_POST). How do I escape the data when printing it in the view to ensure that tags and other things are escaped properly? I'm used to Zend_View's $this->escape($foo), which is used...
In jboss-web.deployer/conf/web.xml there is a listener defined called SecurityFlustSessionListener. This listener searches for the component java:comp/env/security/securityMgr and if not found prints that info in the debug log. It is understood that if this security feature is not needed then, one can simply remove this listener. How h...
My understanding is that a salt is not intended to be secret, it is merely intended to be different from any centralized standard so that you can't develop a rainbow table or similar attack to break all hashes that use the algorithm, since the salt breaks the rainbow table. My understanding here might not be completely correct, so corre...
I need to store sensitive information (a symmetric encryption key that I want to keep private) in my C++ application. The simple approach is to do this: std::string myKey = "mysupersupersecretpasswordthatyouwillneverguess"; However, running the application through the strings process (or any other that extracts strings from a binary ap...
Hi, I've implemented a catch all security exceptions method in my global.asax like this... protected void Application_Error(object sender, EventArgs e) { Exception err = Server.GetLastError(); if (err is System.Security.SecurityException) Response.Redirect("~/Error/Roles.aspx); } Is there a property I can access that shows...
I have been experimenting with a lot of web development apps like Drupal, Moodle, Efront and Elgg lately. For better security, I run test servers on a XAMPP setup on a virtual XP machine inside Mac OS X 10.4, using Parallels. I think this should be pretty secure, right? When installing software like Elgg, it asks me to create a user in ...
How can I make a PDF non-printable programmatically using .net? ...
I understand that the AntiForgeryToken feature in ASP.NET MVC does prevent cross-site attacks. However, does it prevent from changing form values before POST? For example, a malicious attacker may find out that the rating page always contains a hidden field contaning the rated entity ID and create POST requests to artificially rate al...
I'm building a SaaS app and have some issues in dealing with authorization and ASP.NET MVC. I have a previous question and this is kind of taking a cue from comments there. I need to provide somewhat granular security (e.g. lots of permissions) for each user. I realize that any discretionary system can be modeled as a roles system by jus...
I built a assembly which is a class library, for example lib.dll . And I also have a application to access this lib, for example test.exe. I changed the security permission for the test.exe to "intranet". At the same time, I want to change lib.dll to "Internet" like this: (Because I want to do some testing for security.) CasPol.exe -m ...
Hello, I have somethings to store some data. Some of it information about how I'm implementing and other is some secure info like passwords,Activation code. Now how do I store this info on a file (info.dat). I don't want user to see ANY of this data when he opens info.dat in a text editor. What do I need to do? How to do? ...
I'm doing a personal number-crunching project, and I'd like to launch multiple programs on multiple computers (maybe even on Amazon's servers someday), and have them all storing and sharing data in a common SQL database, located on my web hosting account. The hosting company won't allow foreign connections directly to the SQL server, bu...
i know its impossible for 100% protection, but something high or that works for majority of the users. for instance, i encountered a site where viewing the current page's source returned nothing. in another case, accessing or trying to download the .js files itself from browser http://gget.com/somesecret.js, it would redirect you an...
I’m doing some research into the capabilities of Windows Azure for an European company. One of their concerns is that data will be processed/stored by servers in the USA. (Regarding the patriot act) Microsoft does provide the option to select a geo-location, but I have yet to find them guaranteeing that the data won’t be processed or st...
I have a security descriptor for an object. I want to get users and groups having permission on that object using that security descriptor. How to know which users are having what permissions using that security descriptor? Is it possible using ObjectSecurity or CommonObjectSecurity abstract classes? If so how to define access rules? Is ...
Hello, I recently deployed a Flash application to a server, and am now experiencing errors when making HTTPService requests. I have put what I believe to be the most permissive crossdomain.xml possible in the wwwroot folder, and still get the errors. Interestingly enough, the error only seems to occur when the request is made from a d...
I have a website with a large number of admin generators to take care of an assortment of tables. Within the realm of authenticated users, I want to be able to deny access, not just to individual actions or fields, but an entire admin module. There doesn't appear to be a global credentials parameter for generator.yml, and putting stuff ...
I have a .Net DLL that I created that implements a WCF client that talks to a WCF service, allowing the end-user to pipe data to the server where the service resides. I use this DLL in client programs I developed for work, but now I wish to use this .Net DLL in a web page so the client can be delivered to an end-user on the net. ASP.Ne...
Is it possible to block an action to be executed directly from the browser, but still be able to redirect to it from inside the site? I know it sounds stupid but this is what I want: Lets say there are two routes, Index and Index2 of HomeController. www.website.com/home will cause Index to be executed, I then want to execute some code...