I'm seeing some strange behavior with respect to interactions between my preloader and main application classes (all AS3 / Flash CS4). Roughly speaking, here's the flow of events: Preloader.swf loads two things: main.swf, which is the main app, and assets for a custom object consisting of text and images, which are assembled into the ...
I have an application built with Spring and JPA/Hibernate that is working very well, but I now have a requirement to add Oracle Label Security. This will require the creation of a proxy user assigned with certain roles in addition to the actual user. I am unclear what goes into persistence.xml and what goes in code. Also, if we want to g...
OK I have 4 dynamic ips, in order to get those IP's I need run a gethostbyname('domain_name.com'); on 4 domain names I have that alwasy resolve to the only 4 IP's that are allowed to access this directory. This is very easy for me to do on a PHP script on a page, but I am confused as how I can do it to a directory? Thanks!! ...
I'm using CredUIConfirmCredentials in combination with CredUIPromptForCredentials. I set the EXPECT_CONFIRMATION, and when the credentials are first provided by the user the call to CredUIConfirmCredentials returns NO_ERROR as expected. However, on all subsequent calls to CredUIConfirmCredentials, with the same credentials, ERROR_I...
I'm developing a JavaScript application that's meant to be run either from a web server (over http) or from the file system (on a file:// URL). As part of this code, I need to use XMLHttpRequest to load files in the same directory as the page and in subdirectories of the page. This code works fine ("PASS") when executed on a web server...
I have a smartcard that stores my digital certificate. When I plug it into my PC, the certificate shows up at the Windows certificate store, under IE > Tools > Internet Options > Content > Certificates. So... How can I use such certificate to sign a PDF file in .NET? ...
Hi, I'm using the Acegi plugin in my Grails app. After a user registers, he is redirected to an action that is protected. Therefore, he is shown the login form. However, I would prefer if the user was automatically logged in as soon as he completes registration. It seems like I could achieve this by redirecting to the action that the l...
I am writing a bash script that I plan to execute via cron. In this script, I want to execute a command against a MySQL database, something like this: $ mysql -u username -ppassword -e 'show databases;' For clarity and those not familiar with mysql, the "-u" switch accepts the username for accessing the database and the "-p" is for p...
My web application uses UserId almost throughout the entire application.. what is the most efficient way to secure a session variable in php? Is session vulnerable to attacks? Should i keep my encrypted value of UserId in session? Any suggestion... ...
Im using asp.net mvc built in authorize filter. My only problem with it is that I dont want it to redirect my user to a login page when they dont have permission to perform a certain action... It always takes them to the login page even though ther are already logged on (but not with admin role).. I would like to be able to decide where ...
Here are some the commonly known practices for securing an MVC application: Encode your output Parameterize your SQL Test your search backwards and forward 1 way hash passwords Lock out accounts or limit login attempts Use code based impersonation when accessing the file system Access SQL with a locked down username Use Honey-pots or c...
Hello SO, The nature of our business often has 2-3 remote developers working on a single project (mostly Rails), and each one currently has carte blanche access to source so they can checkout, run, and develop locally. The problem is any one of them could ship the whole base out the back door. Overseas legal action seems futile. I'm ...
Assume a Linux binary foobar which has two different modes of operation: Mode A: A well-behaved mode in which syscalls a, b and c are used. Mode B: A things-gone-wrong mode in which syscalls a, b, c and d are used. Syscalls a, b and c are harmless, whereas syscall d is potentially dangerous and could cause instability to the machine....
Hi all, I am running a Simple Service on my Server with WCF; the service is hosted in WebDev.WebServer.exe (local). When I call the Service local I get the following exception: Unhandled Exception: System.ServiceModel.Security.SecurityNegotiationException: Secure channel cannot be opene d because security negotiation with the remote ...
I have made a demo small program that I want to deliver to my client so that he can run it for 5 times to check its functionality. It is not a big software for which I implement some serial-key functionality and make a trial software. I want a simple solution which can restrict the use of the program more than 5 times or which can delet...
I am writing a simple applet (my first) to retrieve the most recent status from a twitter account. This works fine when running from javaw.exe launched from within eclipse. However, when run from a browser I get the error: java.security.AccessControlException: access denied (java.net.SocketPermission twitter.com:80 connect, resolve) ...
What are the important Validations/Processing which can be done during the http request/response to protect web application from vulnerablities like cross site scripting cross site request forgery and any other security attacks? ...
Hi, I have a small php system i created for myself. This system contains a few .doc and .docx file documents. I want to be able to open them directly from the browser and not downloading them. I created a link: <a href="file:///c:/mysite/myfile.docx">myfile</a> But FireFox does not open the link. While href="http://localhost/myfile....
My first inclination is to say yes, since it's essentially a corporation's SSN which I would encrypt. However, I'm not sure whether SOX or and Federal guidelines actually require it to be encrypted. Anyone know for sure? ...
I was trying out the FileIOPermission in Windows 7 in .NET 3.5. I have been a Windows XP user and was granted this permission as I was an administrator I wrote the following code, testing to see if I could write to C:\Program Files\Outlook...... static void Main(string[] args) { Console.WriteLine("Am I an administrator? " + new Win...