I'm trying to interact with a WCF web services using certificate based security and both message signature and encryption but with no luck. I had successfully implemented signature only communications, but when I create the elements I get an error verifying the message. Has anyone have any hints on how to implement this? Thanks!!! ...
hi I am implementing a service which uses a URLClassloader to load classes dynamically. In the interest of security I would like to restrict the access of loaded classes. eg no network, file or db access etc. Anybody got any good resources or tutorials on the web for this kind of thing? cheers hoax ...
Hello there I have got a particular requirement where some critical algorithms have to be handled in the client-side script and it got to be secured. Using javascript will just expose the algorithm. I am currently evaluating ways to secure the algorithm on the client script. Appreciate any suggestions and alternative approaches. One op...
Hi We're creating one of those apps which is trend-of-the-day-compliant, letting users select their own subdomain. xxx.company.com As this is becoming common, it would be good to compile a list of subdomains which should be prevented from allowing users to select either for technical/security reasons (eg :www) or etiquette (eg: sex)....
Hi, Is it possible to configure unit tests in Team System Test to run under a specific identity (similar to runas)? Thanks much, Jon ...
Assuming we have a server S and a few Clients (C) and whenever a client update a server, an internal database on the server is updated and replicated to the other clients. This is all done using sockets in an intranet environment. I believe that an attacker can fairly easily sniff this plain text traffic. My colleagues believe I am over...
I'm looking for a very easy and quick way to generate some SAML assertions. This is only going to be used for testing (using SOAP UI). So I just need something that can generate a valid assertion, signed or unsigned, that I can then drop into SOAPUI and send off to my Web Service. I know how to add the assertion to the SOAP message and a...
Following up on a prior question, I'm trying to figure out how to set up container-based authentication for a J2EE application. Specifically, I need to be able to apply a password digest algorithm other than the ones supported by the java.security.MessageDigest (which are SHA, MD2, or MD5 - here's where I think that limitation is documen...
I've built a Single-Sign-On system for our web network. It works like this: User clicks a login link on the site he wants to log in to (the "Unsafe Site"). The unsafe site's ID is passed in the URL. He ends up on the system's (called "RAS") login page. This is on it's own domain, and may in the future get HTTPS, so the user can see his...
Hi, We installed SQL Server 2005 Enterprise Edition in Windows 2003 with all altest SP for both SQL Server & Windows. SQL Server is running perfectly without any problem for sometime. Suddenly it crashed. when look into EventViewer there per second 5 to 10 entries saying that Login failed for user 'sa'. [CLINET: XXX:XXX:XXX:XX...
Hello All, Yesterday i received an email from a guy that our site is vulnerable to SQL injection. The email said: I tried some classic SQL injection on your server. This URL contains the result: http://www.mysite.com/ppreview.php?id=611111161%20and%201=0%20UNION%20all%20SELECT%201,2,3,4,password,6,7,8,9,10,11,12,13,14,15,16...
I have created a folder lock in C#.NET which is working good on NTFS file system But its not working on FAT file system. please tell which dll/class/namespace should i use to get Lock files and folder on FAT file system through C#.NET sample code which is working with NTFS (below code is to unlock file/folder) FileInfo info = new FileI...
when studying about xml vulnerabilities , i came accross coercive parsing attack. can anybody say what exactly is Coercive parsing attack(in SOA applications). How does the attack take place? How can one implement this attack using xml parser in java? ...
I want to have a page on a remote site that selects a local CSV file as a data source which outputs to a GridView. What is the format of the source data and how is it transferred to the server in this instance? Could it be retrieved in some way from a cache or the IIS logs? The data is mildly sensitive and I'd like to know the potenti...
I'm porting an existing class library to Silverlight. I used lambda expression compilation a lot and now I'm experiencing security problems because of it. In particular, if an anonymous class from a client SL app is participating in a lambda expression, I cannot compile it: I get a MethodAccessException with the following stack trace: ...
I'm asking this because I feel that it's making my life overly complicated when I start communicating with rails using ajax or flash. I know it's nice to protect against CSRF, but couldn't I just check the referer or something instead? ...
Context: IIS 6 on Windows 2003 Server ASP.NET 3.5 sp1 C# Web Application running from a virtual directory There are a few files that I would like not to serve. For example, there's a hibernate.cfg.xml in the root directory that should not be accessible. There are also log files in a logs directory. On the local development server (Vi...
I have an application consisting of several OSGi bundles. I would like to enforce that some of them only provide other bundles access to their services if a valid token (e. g. a license key) has been presented. Here's why I would want to restrict access to those bundles: Security: They don't have their own access policies because thes...
When validating URLs, I was wondering if the root could be setup like this: http://my.great.web.site.I.rule.com/ I guess the real question is, if someone wanted to buy a .com with the name "some.site", would the above example be possible? I was thinking something like that was out of the ordinary, and that the maximum would be someth...
How do I clean this so users can't pull pages outside of the local domain? <?php if(!empty($_GET['page'])) { include($_GET['page']); } else { include('home.php'); } ?> ...