Our company develops a web application that other companies can license. Typically, our application runs on: www.company.example And a client's version of the application is run on: client.company.example Usually, a client runs their own site at: www.client.example Sometimes, clients request to have their version of the application...
I considered using tmpnam to set the output file name of a QPrinter. But the Python documentation recommends against using it. os.tmpnam() Return a unique path name that is reasonable for creating a temporary file. ... Applications are responsible for properly creating and managing files created using paths returned by t...
The following code is in a file called run.rb, the idea is to run ruby as a different user so I can do some testing. require 'rubygems' require 'win32/process' domain = 'WORLDWIDE' user_name = 'user' password = 'password' rubyScript = 'ruby test.rb' Process.create(:command_line => rubyScript, :domain => domain, :with_logon => user_name...
We have a system where the users access a web server, the web server then calls a WCF service. We would like the call to the WCF service to be made in the security context of the windows identity of the application pool on the web server. What is the best way to do this? Can it be done purely through configuration in the web.config fil...
I am looking for a security framework for Java web application with Object granularity. What it means is that I don't just want to filter by urls or by roles, but by specific user ownership of domain objects inside the system. For example, if there is a Message object that has a Sender user and a Receiver user I would like to be able ...
I have defined a custom IPrincipal and custom IIdentity based on a website that defines both valid identities and their permissions. Both these classes are for use in a assembly used in a windows forms application. The question is, when using the declarative PrincipalPermission attribute on top of my assembly classes, how to enforce tha...
how can java applets read data file from any device which is in same network with client computer is it possible with signed applets or with any security policy ? ...
My WFC service uses wsHttpBinding configured with: <security mode="TransportWithMessageCredential"> <message establishSecurityContext="True" clientCredentialType="UserName"/> <transport clientCredentialType="None" proxyCredentialType="None"/> </security> One of our partner is trying to invoke our services using the java the Me...
I'm in the process of improving the security of an ASP.NET app and have modified HTTP response headers to clear the cache, disallow storage of the cache, and expire the page immediately on many secured pages. Since modern day browsers support Auto-Complete functionality, I am tackling this piece of the puzzle that allows users to view p...
Scenario: An intranet ASP.Net application using Integrated Windows Authentication and a SqlRoleProvider for authorization. The application is used by a small subset of users within the domain. If there are only a few users within the domain that should be able to access the application, can IWA be narrowed to allow authentication for ...
I'm building a site that offers functionality to users without requiring them to register. The idea is to send an email to the specified address containing a link with a token. That way the user would could this link anytime they want to make changes to the functionality. While I realize that there is no way to truly secure such a conce...
Note: This is NOT an ASP.NET MVC question related to the [RequireSSL] attribute. Thats completely different - just has the same name. ASP.NET Forms authentication has the RequireSSL property which requires that the auth cookie for ASP.NET membership is only ever sent over SSL. This is to prevent someone from stealing the cookie (such ...
Hi I found this questions http://stackoverflow.com/questions/1019204/how-to-manipulate-wpf-gui-based-on-user-roles/1020303#1020303 and apply his answer to my project. I'm implementing the same behavior. but the thing is the property binding doesn't work. I create the RoleToVisibilityConverter class and make some test, calling the co...
I've been stuck trying to arrive at a best solution for this for a while. I know that an initialization vector has to be unique for each item being encrypted. So if I'm encrypting an address and I have it stored all in a single field, I need a single iv for this. But if I have the address spread over multiple fields, I need several ivs, ...
I am looking for some input on something I have been thinking about for a long time. It is a very general problem, maybe there are solutions out there I haven't thought of yet. I have a PHP-based CMS. For each page created in the CMS, the user can upload assets (Files to download, Images, etc.) Those assets are stored in a directory, ...
Hello there, I need help on securing my WCF Service so that only authorized users can make a call to service methods. The WCF Service is configured with wsHttpBinding and is hosted under Windows Service. The client application is an asp.net website. Also, the users making call to WCF service are already authorized by client applicati...
I want to make a multi-user client-server solution with Java Swing thick client as a front-end and Google AppEngine (Java one) as a back-end. The problem is that GAE provides only web-based forms for logging in and out, so there's no trivial way to employ Google Accounts features in a thick client. Can you give some advices/hints/ideas...
I'd like to generate a certificate for development purpose but, I don't want to install the certificate in the store. makecert with the switch -pe doesn't create the private key if you specify an output file an output file. I tried to create a .pfx file by exporting the certificate created with makecert, it asks me a password to protect...
I'm writing an aggregation application which scrapes data from a couple of web sources and displays that data with a novel interface. The sites from which I'm scraping update every couple of minutes, and I want to make sure the data on my aggregator is up-to-date. What's the best way to periodically submit fresh data to my App Engine ap...
Hey folks, I'm trying to hit the Twitter API in my Flash application. It works in the local Flash IDE, but doesn't work when I upload it to my server. I'm getting this error: Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http//alpha.{oursite}.com/flash/twitterticker.swf cannot load data from htt...