i have asp.net application , in one page it is showing one model image if u do right click on image and view image it shows of path where it is stored using image id,so people can see other image also how to avoid this. ...
As far as I can see the offerings fall into two categories – scanning services such as McAfee, Comodo, etc. and tools such as Burp Proxy, HP’s WebInspect,CodeScan, etc. In an ideal world, I’d use something that actively scanned a certain URL (the target being a LAMP stack) on a daily basis (or as required if it’s a standalone tool), bu...
Recently with the Google webmaster tools, i discovered the following (not found) Crawl errors http://mydomain.com/warning_this_is_english_domain_to_solve_this_problem_submit_site_in_atoall.com.html After Googling i found that this one might be a new way of spam. But wait a second, from programmer's prespecive, what is going on with m...
Hi, I'm generating a custom Word documents in my web application using the .mhtml format. Previously this was working fine. I assemble the document and write it to a directory then give a link to the file (with a .doc extension). Recently my template has changed to include embedded images. Now when I attempt to save and open a file fr...
This might be a non-programming question. Exposition: 1) I am using Linux. 2) I have two C++ programs, "client" and "server"; they run on different machines, they currently talk over tcpip. I have the source code to both programs. 3) Neither program does buffer over flow checking / defense against man in the middle atacks / mac / enc...
Yes, I'm a beginner. I wonder to know which are the main problems of security on a web site under PHP framework. Can someone give some link and/or some issue list? I would be very grateful, because I write php by some month but I have no idea about that! ...
I'm going to give a seminar on "Recent Trends in Virus & Anti-virus Strategies" as a part of my course work in my Post Graduation. I got two months of time. So, I want to fully utilize this period. I myself chosen this topic because I want to master this area. I previously asked http://stackoverflow.com/questions/1796007/please-help-me-...
I am playing with a simple webserver in autohotkey: sparrow. It is immune to path traversal attacks. As long as I don't run any unsanitized code from the client side, is there any other basic attack to watch out for, like the path traversal attack ? ...
How can i prevent users from getting the list of files that exist in my website? For example when users type on the address bar the WebsiteAddress+/DirectoryToSearch/ they get the list of files in that directory, without getting any permission denied error Is there any setting in asp.net that am i missing? ...
At the moment i'm busy to implement a website, database and software which will fill this database. The website is placed at an external hosting company, the software is running at out local netwerk. The website needs to read the information in the database, the local software will put its results (these data) in the database. Question:...
Hi there, I'm using .netCHARGE (http://www.dotnetcharge.com/) to process credit cards and I'm getting the error: "TrustFailure: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel." everytime I try to process a payment. I read through previous SO posts that match this error and ha...
Hello programmers, I am currently working with an enterprise application in a .NET environment (n-layered) and I would like to know the best way to manage authentication / authorization + data filtering in my BussinessLayer (BL). We will use that BL from several interfaces (ASP.NET applications and WebServices) and I think that my Servi...
How can .NET web services be made more secure? Something like HTTPS? ...
We have an application, consisting of an MS Access frontend (2007, mdb format), a few .net libraries and an SQL Server (2008) backend. I am working on an installer, which automatically installs the MS Access Runtime, our application, our libraries, SQL Server Express and configures everything. Clearly, the MS Access application and the ...
We have written a Ruby on Rails application that allows a visitor to fill out a form with personal information (name, address & other confidential details), which is stored in a database until the information can be collected by a batch process running inside institution's firewall. To prevent attackers from getting this confidential in...
I am working on a website (developed in ASP.NET with C#) that was passed on to me. As I'm working through the site, I notice much of the site has this type of code in it: EmailLabel.Visible = false; WhateverButton.Visible = false; AnotherControl.Visible = false; ... This is all typically done in the code-behind of the site (in the Pa...
I have a written a Python module which due to its specifics needs to have a MySQL database connection. Right now, details of this connection (host, database, username and password to connect with) are stored in /etc/mymodule.conf in plaintext, which is obviously not a good idea. Supposedly, the /etc/mymodule.conf file is edited by the r...
Is there a SSL enabled client for C++ that can interact with HornetQ? The only client I could find is ActiveMQ-CMS from the Apache ActiveMQ project, which can use Stomp. But this client up to now does not seam to support SSL or any other form of security/authentication. ...
I have a typical web application that communicates in the following way: SWF file makes service calls to Java services (Remote object, over BlazeDS on Tomcat), which in turn communicates to database. How do I implement a status check service (hosted on another domain) that will check if the ENTIRE app is up and running? Ideally, I'd m...
Asp.net stores the session in a cookie, thus not having to worry about sessions on the server side (traditionally sessions are stored in a database, and lookups are done via a session ID, which is usually a Guid like string). In my previous question, I was asking about how a spring application stores/creates sessions etc: http://stackov...