I'm working locally on an ASP.NET website under Windows 7, and I experience stange behaviours sometimes ... I've been working several days with several Visual Studio opened, working on the website, then I switched to compiling and deploying some others apps until yesterday, and today, I had to get back working on the website. So I laun...
How can msn messenger and others provide a way to remember password on disk and then send it to the server for authentication later? I searched for this topic and found a couple solutions such as BCrypt. However it stores hashed value and i can't send it to the server to authenticate. Others suggested do not save but that is not very pr...
Hi, How to install source rpm(src.rpm) in fedora? When i try to rebuild spec file after install package(for example openssh) with sample command : rpmbuild -ba openssh.spec I get folow message and not complet build Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.QkUOot + umask 022 + cd /root/rpmbuild/BUILD + LANG=C + export LANG + un...
Does anyone know of any resources that describes some techniques for improving security on the client side of an application? I do not expect to make anything completely "hack-proof", as I understand that's a completely futile exercise - I merely want to give people a bit of a hard time trying to mess with the program contents, to dissua...
There is a website with a server database. I'm building a desktop application which uses data from one of the tables. Hacker can just take password from assembly. How can I protect the database? ...
... the message contains an invalid expired security context token or because there is a mismatch between bindings... The problem is, the client and the server times are a few seconds off. The web services all work fine, unless the call is made in between the few seconds that the client/server are off. So, if the call is made, and the c...
Is there a secure Python intepreter? Imagine a Python VM you can run on your machine, that restricts the operations. No files can be opened, no system calls, etc. It just transforms stdin to stdout, maybe with text processing + math etc. Does such a secure Python VM exist? ...
What is most efficient method to making sure that get/post parameters won't provide any security vulnerability. I am familior of htmlentities for javascript code injection prevention and addslashes to prevent sql injection. so.. for now i'm using them both on each get/post parameter. are there any other functions i can use to prevent...
I'd like to have sessions data encrypted like they are in suhosin, is there any library out there providing that? ...
Hello, there's this interesting problem i can not solve myself. I will be very glad, if you help me. Here's it: there are many client applications that send data records to one MySQL server. Few data records are not very important, but the whole database is. (You can imagine it is facebook DB :) ) Is there any way to ensure that data f...
I have the following code: [AcceptVerbs(HttpVerbs.Post), Authorize(Roles = RoleKeys.Administrators)] public ActionResult Edit(int id, FormCollection collection) { User user = userRepository.GetUser(id); try { this.UpdateModel(user); userRepository.Save(); return ...
We have a system that uses password authentication to access a database, the usernames and encrypted passwords are stored in the database. when a user forgets their password, (or the administrator leaves for greener pastures) we want to be able to generate a new password for the current administrator or generate a new administrator. We ...
I have a form text field that accepts a url. When the form is submitted, I insert this field into the database with proper anti-sql-injection. My question though is about xss. This input field is a url and I need to display it again on the page. How do I protect it from xss on the way into the database (I think nothing is needed since ...
Hi , Not sure if this is really a programming question. I am looking to do a course based in the UK on cyber security does any one know of any part time courses I can do in my spare time like the open university? Also if you could provide me with some tutorials online that would be great. Thanks very much ...
[Update] - I attach also full config files, for service, and for client (outside of here, not to flood the topic) I'm having situation pretty much identical to the one outlined in this question, however my question is somewhat different. I'm using NetTcpBinding with security set to TransportWithMessageCredential I'm using Password/Use...
Hello, I've read quite a few online AJAX tutorials, where they show you how to set it up, then send a request to a server side script via either GET or PUT...My question is how do I stop unwanted people/applications from accessing that same script? For Example, Say i had a server side script that added some type of object (say a music ...
I need to isolate user-written code snippets from each other in javascript. For now the funniest thing i can think of is closures: function executor() { window.alert('Hello!'); size0 = document.getElementById("load").innerHTML; window.alert('zero:' + size0); (function(document){ // document = {"innerHTML":"empty"}; wind...
Three SHA512Managed related questions: Is SHA512Managed considered the best one-way hash available in .NET 3.5 for security? What Salt size should be used with SHA512Managed? The application is for strong passwords with at least 8 characters. Is 512 overkill compared to 256 for small strings? ...
I am in the process of building an application where clients (WPF) will be calling a web service to send data. These clients will have different roles: Employees, Managers, etc. and each client needs to send their username/password when calling the web service for authentication. Can I use the ASP.NET membership provider for authenticat...
I'm working on an app that would allow people to enter arbitrary URL's that would be included in <a href="ARBITRARY URL"> and <img src="ARBITRARY URL" /> tags. What type of security risks am I looking at? The app is coded in PHP, and the only security countermeasure I currently perform is using PHP's htmlentities() function against the...