Hi, We have a ciphertext with IC=0.0685. We want to find out the class descriptor (mono-alphabetical/poly-alphabetical/transposition). I have applied the 2 probabilistic tests to try and guess what class it belongs to. These tests are: Ratio of vowels to total (<25%) then more likely a substitution %ETAOS in text (<35%) then more likel...
I wonder if there is a safe template that reassemble ERB. ERB is very easy to use, but the deadly part to use that in a CMS is the over powerful access (you can just write some really nasty stuff with that in a matter of seconds...) So I wonder if there is any chance such language exist. Please I don't want radius/liquid..... writing ex...
I know it's a simple question, but in everything I've read, I've never seen this spelled out specifically. If you do a query on a page, do you need to worry about SQL injection attacks? Or is it only a problem when you ask the user for input? Thanks! ...
Ok... I have created a web application using Visual Studio 2008 using C#.. Now i need to secure this website; for that i need to add a login page. I am not using the login control of visualstudio.. i am just entering the username and password and there is an API which returns true or false after authentication... If it returns true t...
Hi, Is there a way to check if the SQL Server 2008 windows login with sysadmin previlages have other host system (windows 2003) previages on the system...? Is there a way to use TSQL to find this? or what are the other options avaliable to verify this?? ...
Hi, I've developed an application that is currently in the app store weighing in at just over 400MB. The main reason for this is that the app features lots of video which at the moment is baked into the binary. For our next release we'd like to externalise this video, allowing the user to download the videos they'd like to keep on-dema...
We have an asp.net application that allows users to upload files, the files are saved to temporary disk location and later attached to a record and saved in DB. My question pertains to security and/or virus issues. Are there any security holes in this approach? Can a virus cause harm if it is never executed (file is saved, then open...
Here is the question I have been posed: "What is the best way to handle in valid credentials when logging into a site. Do we tell the user if their username was invalid? Or likewise if their password is invalid?" I did some searching, but I'm having trouble finding a site with some best practices for this, to refer them to. My Questio...
I'm a little worried about posting information via jQuery. In particular when, in WebForms, I do a call to a WebMethod within my form I can obviously intercept the call and data. Is there any way to secure this communication or is it a case of write your services in such a manner that they can't be used against you? If it's the latter...
I need to write a file to a windows share on a computer not part of a domain from ASP.net. I've tried implementing impersonation like : http://support.microsoft.com/?id=306158 which wraps the LogonUserA api call. Something isn't working though, and I don't know why. (It doesn't seem to give any error code or reason message...) I think ...
This is just to keep honest customer honest. ...
When i restored database from one server to other server the user's are not login in database but its shown in database then i delete it and make it again through sql/server/security/login and then its work. is someone tell me how can i restore database and do not define user every time... ...
I am developing web pages which reference external links/images/stylesheets etc. I have 1 page which loads fine in HTTPS, but then when I apply different external styles, some of the external styles cause a warning "Contains unauthenticated content" Don't get me wrong, I understand WHAT this means, but I can't see any reference to any H...
Hi, I know that an affine cipher substitutes BD with SG. I need to find the encryption formula, in the form y = a x + b, where a and b are coefficients. From the information above I end up having to equations: a+b=18 and 3a+b=6 So I am working like this: a+b=18 and 3a + b = 6-> 3a+18-a=6-> 2a= 6-18 -> 2a=14 (cuz it is mod 26) b=18-a ...
I'm working on a typical CRUD application in ASP.NET MVC where there will be multiple user accounts and each will have a number of items. When a user is editing an item, they will be doing it on a URL such as /edit/5 where the number represents the ID of the row in the database. I have some concerns about one user simply changing the ...
I'm using WSS4J to add a Username token in the header of an already formed SOAP request envelope. Here is what the SOAP request looks like: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://sample03.samples.rampart.apache.org/xsd"> <soapenv:Header/> <soapenv:Body> ...
Hello. I am attempting to refine the suite of ciphers that my webapp allows. In Tomcat's server.xml I have the following connector defined: <Connector port="443" maxHttpHeaderSize="8192" maxThreads="3000" minSpareThreads="250" maxSpareThreads="500" enableLookups="false" disableUploadTimeout="true" acce...
I'm working with ASP.Net MVC as well as DynamicData and I need to add role-based security. Should I implement this via: IHttpHandler with custom actions that check if the user is authorized? Or should I be using a RoleProvider? Or perhaps some combination of the two? If the RoleProvider is a viable option, when would I ever need t...
Where is the most fitting place for security and roles authorization to fit into the model view presenter design pattern? Would it be for all pages that implement security to implement a specific interface, say IAuthorizedView that's along the lines of public interface IAuthorizedView : IView { IUser user; void AuthorizationIn...
I'm fleshing out an idea for a web service that will only allow requests from desktop applications (and desktop applications only) that have been registered with it. I can't really use a "secret key" for authentication because it would be really easy to discover and the applications that use the API would be deployed to many different ma...