Detect someone hooking onto a window handle
Can you detect if someone is trying to hook into a window handle of your application (or a part thereof) in .NET? ...
security
Security features of WebBrowser Control
Does the WebBrowser control have any securtiy features included in it? I mean, if i use the WebBrowser control in an application then would using this browser be any more vulnerable than any normal browser, say IE, to securtiy attacks. Does the WebBrowser control share or use security features of IE? ...
How to implement Administrator rights in Java Application?
I am developing a Data Modeling Software that is implemented in Java. This application converts the textual data (stored in a database) to graphical form so that users can interpret the data in a more efficient form. Now, this application will be accessed by 3 kinds of persons: 1. Managers (who can fill the database with data and they c...
Ruby equivalent for php function openssl_pkey_get_public
Hello all I have the php script where the password encoding done using the openssl: $key = openssl_get_publickey($certificate); openssl_public_encrypt($pass,$userPassCrypted,$key,OPENSSL_PKCS1_PADDING); openssl_free_key($key); Now I trying to make the same with ruby require 'openssl' cert = OpenSSL::X509::Certificate.new(certi...
Protect assembly?
I have a .NET DLL (C#/VB) with custom controls, extension and other stuff. I want that it should be available for me only. Is there any way to restrict unauthorized access to a DLL? ...
Turn off option to open xls file in internet explorer from the site?
Hi, BACKGROUND: I have built a web application for a client which allows them to save excel files to the server. When I first built the application I stored these files in an uploads folder and linked to them directly from pages within the application (eg File). On reflection this wasn't very secure so I changed the uploader file to...
How can I encrypt a user's password in Silverlight?
I have a Silverlight 3 app which connects to a server to perform various actions. My users log in using Forms Authentication but the actions they request are run on the server using the AppPool account so when they go in the audit logs they're recorded against the AppPool account. PCI DSS regulations now require that the user's own ID ...
Where do programs save their secret license?
where do programs save their secret license or install related information? I notice that often times when you uninstall a program, clear out appdata references, check registries to make sure there is no residue of any relevant information. If you reinstall the trial program again, it seems to know it was installed before. I'm not looki...
pyserial- sending in parameters at runtime- input vs. raw_input - security flaw?
Hello, I am writing a program that opens and records data sent through a serial port into a text file. I am currently adding functionality to allow reconfiguring the serial port during run-time. I prompt the user to choose which variable to change one at a time, so as to keep it simple for myself (i would appreciate elegant solutions as...
Heroku and ip mask
Hi, I'm building a shopping site which uses a service which allows credit card payments (tranzilla), the service is requiring an IP or IP mask from which it will allow requests (by sockets). The problem is that I'm using heroku as hosting, which is decentralized... Is there any way to do this? (except buying the custom ssl add-on, which ...
Error connecting to all of my SQL servers
I suddenly started getting this error when trying to connect to any of my sql servers (25+) from SSMS on Windows XP. When I left work yesterday everything was working fine, came in this morning, and I started getting this. Tried rebooting my pc but that obviously didn't fix it. My co-workers can all connect just fine. Searched for a solu...
How do I create a Login page using ASP.NET?
I would like to create a login page using ASP.NET. I don't want to use the ASP.NET login control. How do I do this? ...
Identifying HTTP clients
Hi, my software-house is developing a component for advertisement in some of ours portals. The advertisement is click based, thus the source portal that more originates click's is the winner. My preucupation is about "fake clicks", malicious HTTP clients raising requests. It's possible for a attacker to falsify the IP source address of a...
Manual password encryption
There are several ways to secure passwords with an automated encryption algorithm, but sometimes it's best to write it down on paper and keep the paper itself secured. Hackers can't easily get to paper. However, if someone finds that paper, they can see the passwords plainly. What's a non-automated method of securing information on a ...
caspol.exe doesn't grant Full trust to the Intranet share on fw2.0 machines
I have few pre .net 3.5 Sp1 machines where i need to run an exe from a local intranet share. Here is the sample CAS commnad I am using to grant full trust to the local intranet share. CasPol.exe -m -ag 1.2 -url file://\\Server/Sahare/folder1/folder2/AppFolder/* FullTrust It alters the local intranet policy and grants Full trust to 1.2...
When should AccessController.doPrivileged() be used?
If I understand http://stackoverflow.com/questions/852453/accesscontroller-doprivileged correctly, it is saying that untrusted code should be able to invoke methods requiring permissions (such as System.getProperty()) through an intermediate method that does have permissions. That brings up the question: when should AccessController.doP...
Is it possible to reverse a sha1?
Hi Is it possible to reverse a sha1? I'm thinking about using a sha1 to create a simple lightweight system to authenticate a small embedded system that communicates over a unencrypted connection. Let's say that I create a sha1 like this with input from a "secret key" and spice it with a timestamp so that the sha will change all the t...
WCF - how to create programatically custom binding with binary encoding over HTTP(S)
I'd like to convert my current HTTP/HTTPS WCF binding settings to use binary message encoding and I need to do it in code - not in XML configuration. AFAIK it's necessary to create CustomBinding object and set proper BindingElements, but I'm not able to figure out what elements should I use in my scenario. Main points in my WCF configu...
Does signing an assembly or an exe with a digital certificate makes it secure against tampering attacks?
I tried creating a temporary certificate using makecert and creating a spc from the certificate using cert2spc. I signed some exe with the generated spc. I then use the binary editor in VS 2008 to flip some bits (tampered it) in the exe. To my surprise I was able to execute the application. I was expecting that the system will detect th...
Secure password list in PHP
Hello, I'm thinking about storing list of passwords for users (eventually more info about them) of small-scale (max. 20 users) app in PHP file in directory like public_html_root/system/config/ <?php if($calledByApp !== true) die(); $pwds['username1'] = 'hispassword'; $pwds['username2'] = 'herpassword'; $pwds['username3'] = 'anothe...