Is there an implementation (Java/C++/Ruby) of a blowfish algorithm that supports 48-bit data blocks? I have an encryption problem where the input and output channels are exactly 48-bits. All implementations on the net are for 64-bit blocks. Thanks, Tom ...
I'm looking for a good overview of security best practices for web sites. In particular handling storing customer payment details for credit/debit cards. What are the best books/blogs? Specifically I'm looking to store payment details for users' so that when they make their next purchase they don't need to enter them again. ...
I have a situation where I have web apps on two different servers, where App1 contains App2 in an IFrame. Any links in App2 can have target="_parent" attribute, which allow those links to open in the top window. However, I can't find any way to get the same behavior in Javascript. I found this page, which claims that the child frame c...
hi i wanted to install httprint on ubuntu, i write apt-get install httprint. it says that it cannot find package httprint. how can i get httprint? thanks ...
I am seeking the strongest security measure for people changing the IDs in the URL for comments, blogs, inbox etc... Any suggestions? ...
We are planning to build a new integration component that can provide us access to user's machine installed apps from our web site. The first word that came to me was ActiveX, but our expertise with the technology was not the best in the past. Thinkink a lit bit more, the work Silverlight also came to my head, but the full trust thing ...
I'm attempting to enable SSL communication from a web service client (Axis2) using the certificate on the user's CAC card. Works like a charm....UNTIL the web server is CAC enabled. At that point the SSL connection is rejected with the error message that the other certificates in the chain were not included. I have ensured that the pr...
I'm creating a web applications with Yaws. In the past I've worked with tomcat and IIS. Do web servers typically suffer from the same types of vulnerabilities? Do good web security practices generally apply across the board or are most vulnerabilities inherent to the web application themselves? ...
I have a payment gateway api for BluePay. My application is in PHP. I am able to process a transaction with code similar to this: bp->process(1111111111111111,.....) with 111111111111111 being the card number. the process function posts the card number to bluepay's site using PHP's CURL wrappers. How can I safely get a card number f...
I need to preface I'm not a .NET coder at all, but to get partial functionality, I modified a technet chunkedfilefetch.aspx script that uses chunked Data Reading and writing Streamed method of doing file transfer, to get me half-way. iStream = New System.IO.FileStream(path, System.IO.FileMode.Open, _ IO.FileAccess.Read, IO.FileShar...
Hello All, How can I disable the dangerous eval function? Can that be done using ini_set function? Also how to disable following functions? Can we disable them using ini_set function? allow_url_fopen allow_url_include exec shell_exec system passthru popen stream_select eval is one of the most dangerous function that bad guys can u...
Has anyone got a tutorial up on getting your own smartcard and getting pkcs#11 working on it? In Linux? (Windows would be fine too). Most of the vendors seem to assume you'll be wanting enough for your whole company, not one or two. ...
I'm looking for the easiest way to view what users are logging into my database. We have some old user accounts that might not be getting used anymore. Instead of just turning them off and seeing who complains, I thought there might be some way to monitor who logs in and runs some type of query over the next month or so. What would be th...
I would like to develop an external website using Facebook Connect instead of an own login and registration process. On the first page (index.php) I have the following code for the login button: <fb:login-button v="2" size="large" autologoutlink="false" onlogin="window.location='/index.php'">Connect with Facebook</fb:login-button> Fo...
Here's the scenario: You have two seperate websites that exist in different environments (I.E. different databases, different web servers/domains) You have full control over the code for both sites, but from the above point, they can not directly communicate with each other's database You must transfer user from site A to site B secure...
FileHelpers.dll (2.0) are referenced within 2 class libraryies (Dto and Services) in my solution My webapp (asp.net mvc) is on IIS7 (Full Trust) Windows 7 PRO 64 and I sometimes get this exception when starting my app from VS2008: (to get rid of it I delete the FileHelpers.dll from bin, run, close browser, rebuild the solution and run ag...
I need to encrypt a string on the iPhone and send it to a .Net for decryption using Triple DES. I am able to encrypt/decrypt on the iPhone and with .Net, but I get different results in both platforms. I use the very same code as the encryption/decryption with AES between .Net and iPhone in here The only thing that I changed .net is t...
Why is it a good practice to remove PHP files from the htdocs/public directory? They are being parsed anyway, right? ...
Hi, What is the best approach to secure winform data? In other words how to secure the data from hacking for winforms c# projects? There is a winform project with 25-30 forms. It stores data to the access DB. If i start writing encryption/decryption logic to all the forms its going to take much time. Is there any .NET dll/technique wh...
Hi, I need to set up a system which will allow developers to request an emergency ID for a database. They will be assigned to a role called 'analyst' which will provide them a drop down box with the databases they can gain access to. They will submit the request and a temporary SQL Login will be generated and displayed on screen. The ...