I've been using authlogic and it works really well. One thing I've noticed is that as a hacker I could easily type in this address: localhost::3000/users/a_user_that_is_not_me/edit Since the form in the edit form is for @user which is set to current_user and requires an authenticity token, even if I tried to put in details for the othe...
Hi, I've seen various questions regarding this issue, but there are a couple of questions that haven't been asked. If the user forgets their password, I would like them to be able to reset it with only their email address (i.e. there's no security question/answer). The password is stored as a salted hash, so there's no recovery possib...
I am programming a system using C#. My program generates a small message (a hash digest for a file) that I want to store on the hard disk - but I don't want the user to be able to read it. I was going to encrypt this message, but someone has suggested this is A BAD IDEA. So I'm looking for alternatives - how do you protect a piece of s...
Hello, I've made a voting on comments like the one this website has(something similar), and I'm slightly concerned about possible http request misuse. You'll know what I mean after I show you the questionable code: $.ajax({ type: 'POST', url: 'http://localhost/comments/vote_down/' + post_id }); Now its still on localhost but it wi...
Hi, we have a Java application and would like to run untrusted code using the built in Javascript interpreter (javax.script.*) However by default the interpreter allows access to any java class. For example "java.lang.System.exit(0)" in the script will shutdown the JVM. I believe this is called "Live Connect", see Sun's "Java Scripting ...
I have a (planned) commercial program that is writing out a usage log. As part of their license, users will be required to submit the log back to the company every few weeks. How can I ensure the file has not been tampered with? System is being written in C# and Winforms or WPF. Update: Hmmm... quite surprised that How to make a file t...
I am looking for a very insecure ASP.NET application. Ideally i'm looking for an application that was written by a noob who has made a lot of security mistakes. If the app has a MS-SQL back-end that would be a bonus. I know of two cool projects for PHP and J2EE which fill my needs. Do you know anything like this for ASP.NET? ...
I've got a website model that requires a user to verify ownership of the website. Thanks to stack overflow, I was able to find the solution for user ownership verification here: http://stackoverflow.com/questions/1842416/validate-website-ownership-in-rails After the model passes the verification test there is a verified attribute that ...
I've developed a .NET based Windows service that uses part managed (C#) and unmanaged code (C/C++ libraries). In some domain environments (e.g. Win 2k3 32bit server inside domain abc.com) sometimes the service takes more than 30 seconds to start (especially on OS restart), thus failing to start the service. I suspect that it has somethi...
Im currently in the mist of developing a website using PHP and MYSQL. Its a private website therefore registrations must allowed using emails. In simple tearms if a new user has to be registered. The administrator has to go into the system and add an email address to be registered. What i want to create is a token or a pass value when t...
While reading the Traning Guide for the 70-536 exam written by Tony Northup and friends, I came across the following: CAUTION - Avoid EventLog objects in partial trust environments Use of EventLog objects in a partial trust environment can cause serious security holes and should be avoided if at all possible He basically indi...
What vulnerabilities are possible in ruby with $SAFE = 4? Right off the bat I know that XSRF is possible because the attack has nothing to do with "tainted variables" but rather where http request originates from. I know that using weak cryptographic algorithms like md5() won't be picked up. Do you know of any others? Code examples a...
I'm looking to secure different areas of my MVC application to prevent standard user's from accessing admin type views. Currently, if any user is logged in and they attempt to view the About page (out of the box template in visual studio), it will simply redirect them to the login page. I'd prefer the user is informed that they do not ...
I've been reading up on rails security concerns and the one that makes me the most concerned is mass assignment. My application is making use of attr_accessible, however I'm not sure if I quite know what the best way to handle the exposed relationships is. Let's assume that we have a basic content creation/ownership website. A user ca...
My (Perl-based) application needs to let users input regular expressions, to match various strings behind the scenes. My plan so far has been to take the string and wrap it in something like $regex = eval { qr/$text/ }; if (my $error = $@) { # mangle $error to extract user-facing message ($text having been stripped of newlines ahe...
to prevent CSRF attacks, a random CSRF secret has been generated. The above is from symfony: http://www.symfony-project.org/getting-started/1_4/en/04-Project-Setup Since it's finally operated by users,which is so called deputy attack.how can it work by setting that secret? ...
Hello, I was trying to do subscription system which is only for registered user. Till registration stage, I am okie. But I don't want user to share their username and password with others because of the paid content. How can i prevent ? Check with IP, but what if they are on dynamic IP ? Using proxy ? Store cookies can change ? Can ...
I've written some fancy Flex app, which doesn't really require any server side integration. Now if someone took that SWF and put it in their server then it will very well run. What code can recognize that the SWF is not under my domain and stop from execution during startup? I don't mind making some server side calls just to do a che...
Hello, I've got a simple pojo named "Parent" which contains a collection of object "Child". In hibernate/jpa, it's simply a one-to-many association, children do not know their parent: these Child objects can have different type of Parent so it easier to not know the parent (think of Child which represents Tags and parents can be differ...
I'm building a Flex client against a Struts backend and I have to find a way to transmit the session token without relying on cookies, because I can't use cookies in a Flash movie. I'm looking at putting the token in either the message body or the URL. Putting it in the URL has somewhat of a bad reputation, security-wise. However, I jus...