I'm interested in writing a small piece of sample code that communications via standard TCP/IP means to an application server. The idea here is that the client can speak to the application server and be authenticated by simply speaking in a specific text based protocol. The traffic will be encrypted, no username/password. If another app ...
Let's say I have an ASP.NET web application. I create an aspx page that shows a table containing users and email addresses. The user data is stored in a database, and when the page is requested by a logged-in user, html is generated to display the data. If the users requesting the page are not logged in, they are redirected to a sign-in ...
How secure is it to connect to an ftp server in an iPhone application? I want to connect to my ftp server in my app but am worried that the username and password can be revealed. ...
I'm creating an application where I have to use RSA to encrypt some stuff using a public key. I want this encryption to be really fast. Initially, I tried a 2048 bit key with F4 (=65537) as the exponent but it is not fast enough. So now I'm considering the following 2 options: 2048 bit modulus, e=3 1024 bit modulus, e=65537 Both sati...
Hi, I'm currently trying out the JDBCRealm in Glasshfish v3: I have 2 roles USER and ADMIN. I have a LoginServlet that redirects to a url (say /admin or /user) based on the request.isUserInRole("ADMIN") method. Problem is when a ADMIN is logged in it returns true, so gets redirected to /admin but he can also access the /user. When a U...
I'm just wondering, is there a reason why some libraries (be it any language) use iterative hashing such that the hashed data is encoded in hex and rehashed again instead of rehashing the actual binary output? ...
Background Terminals are a compination of hardware and software. Terminal's main responsibility is to - collect data (with it's sensors) - process and transmit collected data to data server over the Internet. The terminal has Internet access either via WLAN or GPRS. Terminal are running embedded Linux. Things to consider, security pe...
I have a ruby on rails app that has a signup page. Different pages redirect to the signup page and need to set another page to redirect to after the sign up is complete. What is the best way to do this? I'm currently doing this: link_to '/signup?redirect=/blah/page6 ...and getting the redirect variable in the signup controller and u...
Whe I try to run my site locally I get this error: Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: S...
How can a buffer overflow effect the OSI model? How many layers of the OSI model can be affected by an buffer overflow vulnerability. ...
I wanted to create J2ME application, in which the application should work only with the SIM card that was used during installation. On SIM card (GSM) change the application should now work. For achieving this, i thought of taking an signature of the simcard and save it in a persistent storage. On every start of the application the signa...
I have a WCF service that I expose using different endpoints, one of which uses NetNamedPipeBinding. The other endpoints use a custom username/password validator to authenticate users, but as far as I can tell, this is not supported by NetNamedPipeBinding. How can I add a custom username/password authentication mechanism to a NetNamedP...
I have an id in the url. So normally it will be an auto number and so it will be 1,2,3,4,5,..... I don't want visitors to figure out the sequence and so i want to let the number be kinda of random. So i want 1 to be converted to 174891 and 2 to 817482 and so on. But i want this to be in a specique range like 1 to 1,000,000. I f...
I am evaluating a requirement for a consumer blackberry application that places high premium on security of user's data. Seems like it is an insurance company. Here are my ideas on how I could go about it. I am sure this would be useful for others who are looking for similar stuff Force the user to use device password. (I am guessing t...
I am working on a site that multiple projects will be using to enter confidential subject information for various research projects. Project data access will be limited to specific users and tools. But certain core data will be referenced in and joined to the project tables (username, project meta-data, etc). The current plan is that ...
Our web application has an activex dll that runs in IE. It is given a strong name and a custom permission set based on that strong name. The assembly is decorated like this: [assembly: AllowPartiallyTrustedCallers] and the class of the activex control needs this to run in the browser: [PrintingPermission(SecurityAction.Assert, Unr...
I'm working on a project aimed at system administration for a linux installation. I need to perform some tasks like change the user password... I was planning to use the subprocess module for this. I'm concerned about security so, what are the 'best practices' when doing this via python? is subprocess sufficient, or is there something...
want to implement poor man's ssl only to encrypt certain fields of only one form using RSA. Is JS better or should I go for Applet ? ...
Hi experts,,, the two ways that I know to get the page url are: 1.through the applet class: Applet.getDocumentBase() 2.through the netscape javascript library: JSObject.getWindow(this).eval("location.href") First, what are the differences between those two methods and advantages of each, Secondly, can users trick the url of those met...
Hello all, I have a doubt concerning how to store a password for usage in my application. I need to encrypt/decrypt data on the fly, so the password will need to be somewhere. Options would be to have it hard-coded in my app or load it from a file. I want to encrypt a license file for an application and one of the security steps invol...