Looking for something between simply downloading struts and bolting on vs full-fledged portal software such as Liferay or BEA Portal. Would be great if the database connectivity supported EAV models but allowed developers to think in traditional relational 3NF terms. ...
Hello, we have our site integrated as an iframe into another site that runs on a different domain. It seems that we cannot set cookies. Has anybody encountered this issue before? Any ideas? Thanks Holger ...
Is there any brief explanation for IP security? And Why do we use it? ...
Colleagues often ask me: “bobince”, they say*, “I want to learn PHP, but I know you're always ranting on about poor code which is full of errors and security holes. That's why I normally don't like talking to you really. But, I'm looking to learn PHP now and I'd like to be able to write good code. Where's a tutorial that will teach me ho...
It's been a few years since I've done web services. I remember it to be fairly simply to create and consume one. In my current position, I work in a large organization and we use a lot of DB2 stored procedures the mainframe guy write for us to get at HR data. I'm now starting on a new HR project and rather than having the same ol' data...
How many permutations of the androids dot login system are possible? I know for a fact the solution to this lies in Discrete Math, specifically Permutations Without Repetition, If your answer doesn't use permutations or combinations you are incorrect. The length of passwords is between 4 and 9 dots, There are a total of 9 dots to p...
I'm building a Flex app that will run publicly, and so I would like to protect the SWFs from reverse engineers as much as possible. I once heard of ways to deny browsers direct access to the SWF files, yet allowing it to play within the main HTML page. I would like to know any such practices (and how to employ them) that can be used to ...
Was digging through the OSCommerce files on my site and found a file in the /images folder that I don't ever remember seeing before. I haven't checked the original install package, but I suspect this isn't a part of it. The file is 27kb and called vidovic_pretty.php. It's encoded or compiled in some way, so the contents are unviewable...
On Modern Windows, the default configuration is done in such a way that if I network-login as a local user, I actually only get authenticated as a guest (more details about this behavior is explained in http://technet.microsoft.com/en-us/library/cc786449(WS.10).aspx) When my program tries to access WMI on this kind of servers via DCOM, ...
I seen this question http://stackoverflow.com/questions/287517/encrypting-hashing-plain-text-passwords-in-database and i am aware i shouldnt do md5("salt" + password); and i see an implementation in python for a solution. Is there a .NET built in function with params i can use instead of writing my own? ...
Say you want to display a menu that has many elements... Some elements are exclusive to users with "administrator" role. I know how to restrict controllers methods using [Authorize(Roles = "Administrators")] but I want to figure out a way to display a specific html thing depending on the user roles example <ul> <li>Menu Item 1</li...
Hi everyone, Our flex app talks back to its originating server over a TCP-socket connection. This requires an allowance from the server in question and thus we've set up a socket policy server at the host (source code at pastie.org/791060). This has worked fine on many permutations of Firefox, Safari, Windows and Mac OS X, but then yes...
Hi all, I just made a web service with spring 3 using MVC annotations (@Controller, @RequestMapping) and now I'm looking for a way to secure it. Does someone know how to do it? Thanks, ...
Do you know a website that has latest security issue for wireshark that need a solution. I know wireshark mailing list but is there another website than this? my teacher is asking us to report 5 problem that need to develop a plugin for wireshark. Thank you, ...
I have a .TXT file in a web-server with the permission as 777. So what are the changes that others might be able to edit the content of this file? The content is not much - just a number. Someone seems to have been tinkering with this file as the number vanished the other day! No one else except me has the FTP password. So I was wonderi...
I've been asked to develop a key generation/validation system for some software. They would also be open to a developed open source or commercial system, but would prefer a system from scratch. Online activation would have to optional, since it is likely that some installations would be on isolated servers. I know there is kind of a user...
Hi, i'm building a small Twitter web app for myself. I am using TweetSharp but I keep getting an error: Server Error in '/test' Application. Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system...
Hello, I'm experiencing my first form in php where images can be uploaded. I've seen some article on the web which explains it can be dangerous, so there is some way to block scripts on a specified folder? Something with .htaccess or php .ini instruction? ...
I am developing an API for a web application. Desktop clients will interact with the API using simple HTTP posts (REST). I will be using SSL, there is no question about that. My question is this: should I also be encrypting the data before it is sent over SSL? The information being sent may contain confidential information. Is SSL enough...
It looks like I can't make a call outside the current domain name with "AJAX". But I'm able to call the twitter API (with JSON) in JQuery... aren't both using the XMLHTTP Object? If so (or not), why am I able to call another domain name with JSON (using JQuery) but not with AJAX ? What's the difference between Ajax and JSON anyway? ...