Hi Folks, I am using the ServiceController class to remotely shutdown IIS from a C# Assembly. I was wondering what is the least level of privlidges I need to do this over the network, in my current testing I am using Administrator and it works fine, but when I migrate thru to Production I will be using an AD group and need to give it th...
I have a WCF entrance that communicates with an internal java WS for our client. Now have to expand this WCF to be multi app and pass to the java WS the proper certificates. Currently the one was part of the bizObj class in my WCF. I have multiple .cer files that I will have to maintain in my WCF and pass in by caller app. Of cour...
I have set up an Amazon EC2 instance and am able to SSH into it. Can anyone please tell me how I could allow additional users to SSH into this instance from a different location? Max. ...
I'm searching for a not so expensive .Net obfuscator and I'm not too smart in this field. A collegue suggest me to look for .Net Reactor. It has a good price but I'm not so sure about it. In your experience and opinion ¿Which one is the best in terms of quality/price relation? Thanks in advance. ...
Hi All, I am creating a j2me application for mcommerce, which uses mobile internet(gprs). I wanted make it more secured by binding the application to the SIM card and the device. That is a user should be able to login to the system, only using his/her SIM card or from the registered mobile number. To achieve this I need to fetch the m...
I was going through honeybots and found out something which took me by surprise.. "Honeypot fields are invisible fields on the form. Invisible is different than hidden. Hidden is a type of field that is not displayed for editing. Bots understand hidden fields, because hidden fields often carry identifying information that has to be retu...
Hi All, I recently transitioned my companies website over to our in-house servers (Apache) from a hosting companies (IIS). The group that originally built the site did a piss poor job and the entire thing was a mess to migrate. While the move went fairly smoothly, looking at the error_log there are still some missing pages. Rather ...
I had an authentication problem in cakephp, when positing credentials from an external site the authentication would work, and then get immediately lost, with the site prompting for login information again. This guy determined that the cakephp session cookie was changing. His solution was to set security to low. Seems like in mediu...
Hello - I would like to disable auto text capture by OS, if you type in UITextField/UITextView OS capture this text ( If not found in it's dictionary ) in your application, it will be stored as plain text in dynamic-text.dat file in /root/Library/Keyboard Now if you open and read this file, you can easily read what you typed in your app...
How does one "parameterize" variable input into a Regex in Ruby? For example, I'm doing the following: q = params[:q] all_values.collect { | col | [col.name] if col.name =~ /(\W|^)#{q}/i }.compact Since it (#{q}) is a variable from an untrusted source (the query string), I have to assume it could be an attack vector. Any best practice...
How can I secure jetty to only allow connections from localhost? This means a connection to server A from Client/Server B has to fail. I know I can do this by configuring my firewall (so please no answers about this). I just want jetty to not listen on localhost. I used google with for example "jetty localhost" but it did not return any ...
Looking at this question the OWASP WebGoat project looks like a great way to learn about web security. Although the principles will equally to .NET applications I would prefer to use .NET based application. Does anybody know of a suitable .NET alternative? ...
I'm getting the following error after a migration to shared hosting on godaddy.com [SecurityException: Request failed.] System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Assembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed...
There appears to be support for fine-grained capabilities in Linux kernel, which allows granting privileges to a process to do things like, for example, opening raw sockets or raising thread priority without granting the process root privileges. However what I'd like to know if there is a way to grant per-user capabilities. That is, all...
I am trying to send an outlook appointment from my asp.net page and it works fine when i am running in my VS2008 IDE.But when i published this and configured as a virtual directory, While trying to execute the same, i am getting the below error. Retrieving the COM class factory for component with CLSID {0006F03A-0000-0000-C000-00000000...
I am on a project that involves processing financial information, and so I need to write secure asp.net pages using C# 2008 (https etc) Can anyone recomment any tutorials then can help me understand more about writing secure asp.net apps? Thanks ...
I have a java applet, I want to make sure that nobody use it outside a specific url. How can I achieve that? The applet connects to a Java server for data exchange. I want to check on the server side the page url that contains the applet. Is that possible? ...
I have a class that stores a users user data (user ID & password) from the login window in my application. Currently I'm using SecureString to store the password, but in certain places I need the original password to verify things. (it has to be plain text at that moment) Does anyone know a secure way to store it in memory where it can...
Can anyone think of an easy way to tell in win32 or .NET if hostname (string) resolves to a local computer? Such as: "myhostname" "myhostname.mydomain.local" "192.168.1.1" "localhost" The goal of this exercise is to produce a test which will tell if Windows security layer will treat access to machine as local or network ...
i've written a plugin manager for my app , it utilizes codedom to compile c# code into a class library and instanciate its types. it works perfectly , and now i wish to restrict the permissions on the compiled assembly.unfortunatly i dont know how to do so. as far as i understand i should use CompilerParameters.Evidence in some way, but ...