Hello, this question can be associated to a subjective question, but this is not a really one. When you develop a website, there is several points you must know: XSS attacks, SQL injection, etc. It can be very very difficult (and take a long time to code) to secure all potential attacks. I always try to secure my application but I don...
I have a mailing list page in one of my asp.net web application... I found an online web based cron to execute the url of MailingList.aspx once a day in my application... Is it secure to use an online free web based cron? What should i watch out for when using them? EDIT: Anyone who uses web based crons for scheduling their tasks c...
I'm trying to find the security code in this php for a mailer. Please could you tell me which parts of the code I need to delete to remove this. Thanks for your help <?php $adminemail = '[email protected]'; // type your actual email address in place of [email protected] $usesecimage = ''; // the path to a WSN Links, Gallery, KB or ...
A little context: I'm trying to build and run the unit tests for the source of the Selenium IDE plugin. Everything builds correctly (through maven commands, et al) and the unit tests fire up an instance of Firefox. However, the jsUnit testRunner.html page freezes whenever a chrome://-accessed uri path is encountered. I realize there ...
Let's say you have a config.php that holds sensitive information like a DB user password. It is not recommended to store that file in the document root, right? Why is that so and is it a safer approach to store sensitive information in the index.php of the document root? ...
I have a WCF service self-hosted in a windows service environment that works fine over http; over https I am unable to get to one URL without seeing the windows login prompt when running the silverlight application (or just opening the page in IE). I am using the IPolicyRetriever interface to ensure that the ClientAccessPolicy.xml file i...
Hi, I created a webservice based on https which I am sharing with my friends. I am worried about the security of the webservice, because username and password will work if there are making the request from the server side. However, if I want to provide a widget like twitter, I am worried about having the authentication code in the html....
I am building a iPhone web based app for our execs to view sales data. The app goes over SSL with a typical login page that sets a cookie for the day. Since the info is sensitive and we have a VPN at work I was hoping as a double precaution I could send all communications with this app over our VPN. Is there a way I can route traffic ...
Years ago it used to be the case that Unix passwords were limited to 8 characters, or that if you made the password longer than 8 characters the extra wouldn't make any difference. Is that still the case on most modern Unix/Linux systems? If so, around when did longer passwords become possible on most systems? Is there an easy way to ...
I've been doing a fair bit of work with OAuth recently, and I have to say that I really like it. I like the concept, and I like how it provides a low barrier-of-entry for your users to connect up the external data to your site (or for you to provide the data apis for consumption externally). Personally, I've always balked at sites that...
I would like to secure our webserives. However I am not entirely sure how this is done. Needless to say that I am pretty new to this. Here is what I would like to have. I would like to authenticate the user against lets say database/activedirecrtory or even a third party authentication. Now if the user is authenticated, I would like to u...
Hi, I am about to start to developing an iPhone application that should login and communicate information securely between the app and a web server. I haven't done much development in this area before, so I have done some research and would be very thankful for any input on how to handle this in the best/easiest way. Currently, the peo...
I am able to disable access to a file with .htaccess, but I don't know how to disallow multiple files to be viewed (directly, not from includes) They are .php so I can't disable a file type (like the only tutorials online say..) <FILES ... ? </FILES> Or something.. For example "home.php, file.php , test.php" how do I disallow acces...
I am planning to run a java web application and solr in the same java container. I want the web application to be publicly accessible but solr to be accessible only to the other web applications in the same container. Solr should be accessible only as localhost and not from outside. Can we write some rules in the web-xml to achieve this?...
Hy, I have started in my web application a part who users needs to be autenticated to work with it. I have two tables related: Customer and Enterprise.... the first one are users who want to buy a product and the second one are "users" who want to sell products. What is better way to do that? Relation 1:1 with user_table? how can i dif...
There are tons of good papers about designing and developing for security (and even a bunch of posts on SO), but all of them seem to concentrate on what you should do. What I'm after, however, is a think-like-a-hacker checklist. A list of simple actions you should to go through once you're done with development, to make sure the soluti...
I have a Java project that uses the Bluecove Library, this library requires root privileges to do certain actions that I require in my project. I should note here that despite the project being Java based it is for Linux only. The project will have many functions that do not require root privileges, some of which will have to interact w...
I am using ASP.Net's forms authentication, but do not want the default behavior of redirecting to a login page when a restricted area is accessed. Instead I would like to invoke a javascript JQuery dialog for the login on the current page, preventing the content behind from loading. My only issue is that by default the forms authenticat...
I want to display the windows user that the application is running as on a diagnostics page on my ASP.Net MVC database check page to help the user check whether they've setup their IIS correctly. Where can I find that information? I tried System.Threading.Thread.CurrentPrincipal.Identity.Name but that appears to contain the logged in u...
My team is currently using Authlogic for user authentication, which disables a user's account after 6 failed_login_attempts. I want to re-enable such a user's account after a 15-minute time period. The problem is that we are deploying to the Rails cloud host, Heroku, which offers only a one-hour cron job and a daily cron job. I seem to n...