I need to know if there is any way of writing additional code to JavaScript files already deployed on the server. I am facing a problem with an ASP.NET 2.0 website and it is related to the JavaScript files which I have on some of the pages. The problem is that when I upload the JavaScript files along with other files it works fine, but...
Trying to use SecurityAction.RequestOptional (recommended as a best practice in a study guide for exam 70-536), and running into problems. My understanding of RequestOptional is that if you use it, you must explicitly declare all other permissions your app will use. From the MSDN: The RequestOptional flag enables you to request a se...
After reading http://stackoverflow.com/questions/1217926/jsonp-callback-doesnt-execute-when-running-at-localhost and googling a lot, I am still unclear if there is a potential XSS security threat. Is this "hole" covered in popular browsers nowadays? (notice the dot in the URI) ...
Requiring authentication in GET and POST parameters, not only cookies; Checking the HTTP Referer header; saw this post on wikipedia and was wondering how I can apply them ok...I am using the Kohana PHP framework and I have the facility to determine the referrer header, but what exactly do I check in the referrer header? the framework...
When I attempt to use SecPKCS12Import() from the Security framework as provided by Mac OS X 10.6, the result code is always errSecUnimplemented, regardless of the arguments provided. Furthermore, the linker is unable to find symbols for the constants relevant to this function declared in SecImportExport.h (i.e. kSecImportExportPassphra...
Dear web developers, we know that each executable file can be reverse engineered (disassembled, decompiled). No mater how strong security you will implement, anyway if crackers want to, they do crack!!! Just that is a question of time. What about websites? May we say that website can be completely safe from attacks of hackers (we assum...
Since Vista & windows 7 came out some of my .NET application has started throwing security exceptions. I've noticed that some applications (i.e. my antivirus, control panel) have a small shield and when I run these applications administrator privileges are automatically requested from me by windows. I know that as a user I can set the...
Imagine I want to create game "Rock-paper-scissors" for Google Waves. I am thinking to implement it as a Wave Gadget. The idea is simple: all participants send their decisions to my cloud app (it is an Appengine Java Application), my server part collects this data and does not share to anybody until all participants complete their selec...
Short question: how can I test whether or not a directory in my website is in practice writable for the rest of the world (even outside my own machine)? Context: I run this website where the hosting provider has implemented an odd security system. To let PHP write files to disk on the (linux) server, the target dir should have write pe...
Ok so me and a friend are doing a mini presentation on PHP security (I'm not really into PHP though) and he asked me to find some examples of vulnerable PHP code (one that is prone to SQL injections and all other types of attacks). I was wondering are there any websites with both good and bad pieces of code showing how you should and sho...
I have a user object which contains information about the user (username, ip, country, name, email... but NOT password). Should I store just the username in the cookie and then retrieve all info from DB upon loading the page, or just store the entire User object in the cookie? ...
I've written some PHP scripts to do some server-side work on a headless linux server machine on a LAN. For example, I have http://ipadress/php/operations.php?operation=registerUser&uName=X&uAlias=Y. Now, I want to secure my operations script so that; not everyone on LAN can call it and/or run it but; only the ones that ... have a...
I am very new to using WCF services. Right now I have a WCF service that I call using jQuery. I'm concerned about users making unauthorized calls to the service. What would be the best way to secure my service? ...
The HttpForbiddenHandler Class is sealed however I'd like to create a class that behaves like it. Something like this: public class ForbiddenHandler : IHttpHandler { public void ProcessRequest(HttpContext context) { // do the 403 here somehow } public bool IsReusable { get { return true; } } } ...
I was readin this month edition of SQL Server Magazine and in an article about securing Sql Server environment , the author mentioned that developer should try to have the website and the databases run in separate servers for security. I have a shared hosting account and was wondering if it makes sense to buy a second account to move all...
I'm looking at using ASP.NET MVC for a current project but I have some concerns regarding security. The site is public-facing through HTTPS and is required to be very secure. Are there any legitimate reasons why I should avoid ASP.NET MVC? Is there anything I need to be aware of if I go down this path? ...
It's possible to use the same strong name key for multiple related projects/assemblies. I'm interested to know whether there are any drawbacks to using this approach. SPecifically, can it lead to a lack of security? One area I'm thinking about this is in the use of the friend assemblies. ...
Hi I would like to know what we can mean by saying a optimized security system(physical or logical security system). Does it mean something like a system which can monitor performance of services, SQL, DB maintenance, logs etc. Thanks ...
hi i want to change Local Security Policy "Interactive logon: do not require ctlr+alt+del" in c# how can i do this Regards Ehtsham ...
Hi, We have some tables where we store some sensitive information. These tables have one extra column "ModifiedBy". Currently we insert the value for this column programmatically. I am wondering if we have some way to get the current unix user into SQL Server. The idea is to auto-populate the user name/id into that column with the use ...