I cannot receive an SSL certificate for an ODBC database connection between my local machine and my hosting service. If I know my network is secure and my hosting service's network is secure, how worried should I be about data being intercepted between our two connections? In this situation is there any other way to retrieve data secur...
How easy is it to determine whether an iPhone application is cracked and report that device ID to a server rather than block it / or turning the app into a lite version? Would patching remove these methods to the server? It is mainly a losing battle preventing an app being cracked, but i want a system not dissimilar to product keys / or...
Hi, Is it possible to access a file (read/write/delete/move...) using different credentials then the one the logged in user? ...
Hey guys. if (window.parent) { scrollTop = jQuery(window.parent).scrollTop(); } following code from iframe window throws permission denied. this direct code (not jquery) too. parent.document.body.scrollTop Is it possible to go around this problems? :) ...
hi. i have a form which allows the user to upload some files to a folder. i've edit the .htaccess file in that directory to protect this folder from allowing the unwanted visitors to download the contents manually by typing the full url ex: http://www.bkabkabka.com/a/b/c/document.pdf and this is the .htaccess data Options All -Indexe...
Hello, I am trying to secure an application to only run from a specific USB disk. I have code to get the serial number from the device, but the only way I can make this work the way I want to is to manually code the serial number into the binary. Is there a way I could make a stub application that would modify the existing binary to ins...
Hi, I'm trying to write a Flex client that interacts with a Spring-Flex java application. I would like to catch (the flex equivalent of) SecurityExceptions and Display an error page if the user was trying to do something they aren't allowed to do Pop up a login box if the user wasn't logged in According to the Spring-Flex docs, ...
I am building an ASP.NET 3.5 Web Application and I am NOT using the membership provider for security. In the application I have a role named Admin and all the files for this role are inside the Security folder in the project. Currently for all the pages inside the security folder I am checking to see if the logged in user's role is an Ad...
I have an ASP Menu object that's pulling data from a SiteMap XML file. On that menu, I have a link to my login page. When I click the link and login (which fires on a button event), the Menu does not exposed the protected links. I suspect it has to do with the security context not being updated in time for the render, but I don't know...
Here’s the simplest repro case possible. Create a brand new database. (I'm using SQL 2005.) Create a login, a SQL user, and a table in the new database (see sample code below). Launch SSMS and open Object Explorer, logging in as the newly-created user. Attempt to open the "Tables" folder in the Object Explorer. The Problem Fails wit...
The very basic issue all developers face: Whenever user submits the form, the password is sent via network and it must be protected. The site I develop for doesn't have HTTPS. Neither does the owner want to buy a SSL certificate, nor is he interested in a self-signed one. So I want to protect the password sent via HTTP using Javascript w...
Is it possible to assign different identifiers to copies of an app downloaded from the app store that is hard coded into the application? Or is their anyway of permanently storing an identifier in the application bundle such that when it is copied, the key remains within the bundle? EDIT: Ok, how about iTunes reciepts, can they be used ...
I have a PHP script with the following line: $query = "SELECT * FROM products WHERE product_id='" . filter_var($_GET[id], FILTER_SANITIZE_NUMBER_INT) . "'"; Is this safe enough? How would you improve this code? ...
We are developing an application and it demands storing data in XML coz it will be used by another application. now question is would it be possible to restrict access to that xml file. and make it readable only through our application? if yes.. how to do it? ...
"The average man does not want to be free. He simply wants to be safe." - H. L. Menken I am attempting to write very secure C. Below I list some of the technics I use and ask are they as secure as I think they are. By all means, please don't not hesitate to tear my code/preconceptions to shreds. Any answer that finds even the most t...
When Flash Player 10 thought that I was doing an "unsafe operation", it told me that to reset security settings I have to go online, somewhere around this link http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html . Well, great, except what if (hypothetically) it's difficult to get Internet connectio...
I'm working on a very small form that accepts credit card numbers, which will be cleaned out shortly thereafter. For the time they exist in the database, I'd like them to exist in a comfortable state of encryption. Unfortunately, in my many years of web-development, programming, and database-development, I've not once had the opportunity...
Hello everyone, I am using Windows Server 2008 x64. I login using administrator. I want to add a new user for read/write access for a folder under c:\windows\system32. I tried to select folder (right click), then select Property -> Security -> Edit under Security Tab, the Add button is greyed out. Why? Any programming based or other qui...
I am trying to create a java jar Applet that will run in a browser, download an image from a URL, and display it to the user. My implementation is: try { String imageURL = "http://www.google.com/intl/en_ALL/images/logo.gif"; URL url = new URL(imageURL); img = ImageIO.read(url); } catch (IOException e) { System.out...
Hey Guys, I am having one hell of a problem that I cannot figure out for the life of me. I have set up a super simple CMS for a client. Each different page of the CMS has and include file called session.php. session_start(); $username = $_SESSION['siteadmin']; if (!$_SESSION['siteadmin']){ header( 'Location: login.php?status=2' );...