I'm currently developing a system to transmit data between client and server, and was wondering what the strength of the encryption I planned to use was. My thought was to have a private/public RSA key pair and hand out the public key to each client (leaving the private key solely on the server). Each client would then generate their ow...
I have a simple website which is using C# and Linq to SQL to read an write to the DB. Everything works fine on my local box but now that I have setup on my hosting environment I am getting a "Security Exception" when trying to write to the DB, reading is fine. I have contacted the hosting company who say that they have configured everyth...
Has anyone seen details or a White paper on azure secuirty and the positives and negatives compared to your own hosting? ...
This is not the usual question "Is it safe to store plain-text users' passwords?". No, it's not safe, we all know that. I'm writing a little application that should authenticate against an external system to do some stuff, and the only available authentication method is through a username and a password. It was intended for humans, and ...
How do I ensure that a username/password combination is not read from memory while my application is in use. My program is a GUI wrapper for some CYGWIN tools, including SSH and SCP. I need to ensure single sign-on capabilities to a variety of hosts. ...
I'm trying to implement Sun Tutorials RMI application that calculates Pi. I'm having some serious problems and I cant find the solution eventhough I've been searching the entire web and several javaskilled people. I'm hoping you can put an end to my frustrations. The crazy thing is that I can run the application from the cmd on my deskt...
As an exercise, I'm trying to wrap my head around what goes into letting a user custom skin their profile (like myspace as an example). I'm using PHP. Since I'm clueless as to the whole thing, I'm not sure what to ask, but some of my concerns are how complex this is, is it going to require an overhaul of my code, can I separate this part...
I need to know, if xmlsec returns 0 if file is well authenticated? ...
I have 2 flash games (written in as3). Both the highscore value being hacked. The normal range of each game score is not more than 5000 (normal users, will only get 2000 - 3000 points). My current method of anti-hacking is: After finish the game, flash will use post parameters send: username=mike&score=2000&hash=md5(secret . username . ...
I'm working on a web mapping service and would like to provide my users with a Python API that they can use to create custom plugins. These plugins would be running on my server so I'm trying to lock down Python as much as possible. To ensure that users can't access files they are not supposed to, I'm planning on running the plugins ins...
Hi All, We've got an intranet which normally serves all info/documents that appl to the whiole company (employee handbooks, minutes, etc...) Most of these work by having the web server parse a folder and present the files to the user. The problem in this case is that the latest folder is restricted to cerain users. As Kerberos is not ...
How do you secure a UniData session using UniObjects for .net? The documentation is severely lacking. The UniObjects for Java documentation has a whole chapter on SSL. EDIT The UniObjects .net documentation says this about the UniSession.EncryptionType property: public int EncryptionType {get; set} This property gets or sets ...
I'm looking at a SSO (Single Sign On) solution to fit our relatively simple use case. Website1 - currently authenticates with database user table. Website 2 [new] - wants to use the same authentication information and when user clicks link to website1 they shouldn't have to re-login. Website1 is J2EE based running on Websphere. Web...
I've taken over supporting a time- and expense-entry system. Apache's CGI. CGI programs are written in bash :) I'm going to add some features into it and exposing it out to many more users, but prior to that wanted to get some thoughts on what else needs to be looked-at first in terms of security, holes, CGI gotchas, &c. Not a lot of...
Here's the scenario: Win2003 Build Server (CCNET) IIS7 target deployment server The various MSBuild tasks (Sdc.Tasks, MSBuild Community, MSBuild Extension Pack) for doing this (creating VDirs, setting AppPool properties) are not suitable for at least one or more of the following reasons: No support for IIS 7. No possibility to pass...
I have a web application that you can use to import information from another site by giving it a url. It's been pointed out that you could use this feature to access a private site that is hosted on the same web server. So... How can I check that a given url is publicly accessible (whether on the same web server or somewhere different)? ...
I am building a suite of applications using ASP.NET. Each application can be hosted on separate servers. All the applications share an integrated database. All applications require user authentication before use. I want to build the ability to transfer users from one application to another without having to relogin. Is there a way ...
I have a web-site written in ColdFusion that contains both the usual interactive web pages and some tasks run through the CF scheduler. The dir layout is / /app /scheduledTasks I'd like the tasks to be able to use all the same settings, etc. created in the application.cfc inside of /app so I'd like to move that entire /scheduledTasks ...
Is it practically possible for a malicious developer exploit your application by swapping a genuine .dll file for a modified one. If so are there steps that can be taken to protect an app. Are there some types of functionality that should not be placed in .dlls for example? ...
Hi guys, very simple question: I have admin site in my web project. So, how can I make it safe? What I have until now: Database handled user with userID and userlevel on the pageload of the admin master page (which includes all admin sites) there is a clause to check if userID is okay (get the user from database) and if userlevel is ...