Domain abc.com has a page with 2 iframes. Both of them are loaded from domain xyz.com. Will XSS security block JavaScript access/communication/interaction between those two iframes? ...
Lets say you have lots of html, css, js, img and etc files within a directory on your server. Normally, any user in internet-land could access those files by simply typing in the full URL like so: http://example.com/static-files/sub/index.html Now, what if you only want authorized users to be able to load those files? For this example, ...
Hi, Our team have built a web application using Ruby on Rails. It currently doesn't restrict users from making excessive login requests. We want to ignore a user's login requests for a while after she made several failed attempts mainly for the purpose of defending automated robots. Here are my questions: How to write a program or s...
I have a database with data that i don't want anyone to copy around. Now, how can i prevent other users to have access in the local machine, but whenever i want to work with, i am allowed. And another issue I'm thinking, how can i lock the DB so if someone copy the .mdb file and try to attach it on another machine he/she couldn't see ...
I want to implement a salt into my login system but am a bit confused on how this is supposed to work. I can't understand the logic behind it. I understand md5 is a one-way algorithm and all of the functions that I have come across seem to hash everything together. If this is the case, how does one get the password back out for compariso...
I'm writing an iPhone app that's using Facebook Connect. While testing, you normally embed your app secret directly into the code and set up Facebook with this call: session = [FBSession sessionForApplication:myApiKey secret:myAppSecret delegate:self]; However, for production code it's recommended to use a session proxy instead of em...
I wish to know from SO security experts and hackers what kind of tools would they use to find a security hole in Chrome's armor? And using what programming and testing techniques? I'm particularly interested in Open Source tools running on Linux. Google announced on the Chrome Web Browser blog that they will pay 500$US for each securi...
Hello, I am preparing myself for a lecture exam on security aspects of software development. I would like to know if it is always possible to read the value of a static char array from a binary with hexdump? If not on what factors does it depend whether I can read the value of it or not with a hexeditor?? thanks, ...
I'm trying to secure an MS Access 2003 mdb using the workgroup security. I've got most of it set up (using a new MDW etc), but I can't stop people creating new tables in the database, if they've got access to open it. Am I missing something? None of the accounts have any permissions allowed, I'm doing it all through groups. Users only ...
When I came home today I found all my php files infected on godaddy linux hosting. The following code was inserted at the beginning of all files: /**/ eval(base64_decode("aWYoZnVuY3....") According to the logs the infected code failed to run: eval()'d code line 1: gzinflate() [function.gzinflate]: data error Nevertheless, I want to p...
Is it possible to create a certificate for an Excel workbook which has some VBA macros, and distribute the certificates to a small group of users? ...
Hi, if you use Java EE 6 container managed security, you can configure security constraints for resources inside the web.xml deployment descriptor. Are there alternative ways to do this? For example the container could fetch them out of a database, like it does with the user data. Is something like this possible? I would like a way th...
I've seen a couple of conflicting articles about whether or not L2E is susceptible to SQL injection. From MSDN: Although query composition is possible in LINQ to Entities, it is performed through the object model API. Unlike Entity SQL queries, LINQ to Entities queries are not composed by using string manipulation or concatenation, ...
How can I force Ant to use my java.security file? I'm trying to build with Ant from a command line and use this file in the JVM. Is there any way to do this via Ant command line? Is setting an environment variable ANT_OPTS the solution? ...
-new- I found another use. Theres some data submitted to me via HTTPS POST data and i'd like to store it in my db (Such as mother maiden name that customer support may need to read later instead of spelling incorrectly checking if the hash matches). I only need that section encrypted and not the entire DB and using a separate DB may not ...
We would like to keep the WCF in the configuration file. At the same time we would like the code to refuse a request if the data will be sent over the net unencrypted. Something like: if the request is basichttpbinding without https, throw exception. Is there any way for the service code to know how it is being called? EDIT From the ...
At present I'm going through delay tolerant networks and what I've observed in there very less work done relatively done in the area of security in DTNs. Can anyone provide me an insight into the present work done in the area of security and problems that exist pertaining to security in delay tolerant networks. Thank you. ...
I'm curious (for purely academic purposes) how website securities can be thwarted. What, generally, is web security? Server and client side? How to tell if a site is vulnerable? How to prevent vulnerabilities? How to throw server errors? Is it possible to break/shut down a server? So, in summation I'm asking about general web-secu...
So ive got a C# program that fires off Sql Agent jobs using the SMO interfaces. It looks something like: Server ssis_server = new Server( new ServerConnection(SERVER_NAME, SERVER_USERNAME, SERVER_PASSWORD) ); var agent = ssis_server.JobServer; var ssis_job = agent.Jobs[job_name]; var current_status = ssis_job.Curren...
I am using the IBM Websphere Everyplace Micro Environment JVM on a Windows Mobile 6 device. My application uses HTTPS connections and I have everything set up appropriately to use the J9JSSE package for SSL/TLS. Some messages that are being transmitted on the HTTPS connection are getting through just fine, but others are causing an exc...