I'd like to restrict access to my web service to registered clients. The first thing I thought of was to mimic that of AWS which, in a nutshell, issues clients a non-secret and secret key pair, and requires clients to prove knowledge of the secret key by using a cryptographic function of some of the HTTP request data and the secret key,...
I have recently been tasked with finding a suitable installShield replacement and I am leaning towards InstallBuilder over Install4J and InstallAnywhere. Has anyone come across any issues with creating installers that installBuilder has been unable to handle? For example very strict security on the client machine. *Comment added for a...
I am developing a mobile app that involves (essentially) picture messaging as a feature. I need the images to be encrypted/decrypted with a simple, plain-text password. Due to the nature of the images being captured, it is /critical/ that the encryption and decryption processes happen on the device. After sitting through a presentation ...
I have fileA.php on SERVER_A and fileB.php on SERVER_B fileB.php makes a curl request to fileA.php for it's contents How can fileA.php determine that the request is coming specifically from fileB.php? -- I was thinking about sending the $_SERVER['SCRIPT_NAME'] in fileB.php to fileA.php but since someone can go into fileB.php or any f...
I wish to have an automated process that basically deploys (copies) a asp.net web site in a CI situation. I have built the web site and I then want to copy the code to the web server. This powershell code is running on my build server. the build server is running under a defined service account and i have given that account full control ...
I'm planning on building a Django log-viewing app with powerful filters. I'd like to enable the user to finely filter the results with some custom (possibly DB-specific) SELECT queries. However, I dislike giving the user write access to the database. Is there a way to make sure a query doesn't change anything in the database? Like a 'dr...
Hello all. Note: I take care of SQL injection and output escaping elsewhere - this question is about input filtering only, thanks. I'm in the middle of refactoring my user input filtering functions. Before passing the GET/POST parameter to a type-specific filter with filter_var() I do the following: check the parameter encoding with ...
i made a apps/frontend/config/security.yml dev: default: is_secure: false prod: default: is_secure: true but it is not working, am i missing something ? ...
I need to secure communication between my application and my Web Service. I own both the application and the Web Service, and I was wondering if it is possible to use HTTPS to do so. I don't need a certificate to prove to myself who I really am (!), so I don't want to buy an SSL certificate from a Certificate Authority. I just need to m...
SQL Server 2008 supports data at rest security through TDE (Transparent data encryption), but the encryption excludes files stored on harddrive through FILESTREAM feature. How have you handled encryption of this data on file system stored through FILESTREAM? Encrypted File System seems to be an option, but would cause problem during DB...
We have a a couple of old framework 1.1 applications at my workplace, and we have run up against security exception problems. At this stage, I don't have the option of upgrading the apps to use ClickOnce security. What I am after is a CASPOL command that will just allow any .NET applications to run on the users machine, regardless of wh...
Hi, I need to send an ajax POST request to my server. I'll need to make sure that the request originated from the script itself, and not from a user writing the request him/her self. Is there any secure way to do this? Can the script sign or encode the POST request, later to be decrypted by the server's private key? and can I somehow p...
We have a scenario whereby we are hosting an ASP.NET MVC web site on behalf of someone else. The customer in this case wants us to restrict access to the web site, to those users who have logged in to their main portal. They should then only be able to get to our web site via a link from that portal. At this point I'm not yet sure what...
how to secure rss feed in asp.net mvc?? ...
Hi all, I am writing a client / server based program, Server side is with Php and Client is with Python, and I need to make sure the transfer data is safe both way. So, My question is What encryption algorithm would be best for data transfer between Python and Php? I couldn't use Https Need to decrypt/encrypt with key on both Pytho...
Hi friends, After having seriously database loosing problems, I decided to go for an autobackup system. I researched and AutoMySQLBackup looks fine. I use Bluehost, where should I locate the automysqlbackup.sh file? I just worry about security issue. Also, where should we locate the backup files? Appreciate! thanks a lot! ...
Hello guys, I am making an Ajax call within my page to a DB and pulling products that have images included. Here is the ajax call that i'm making: $.ajax({ type : "GET", url : "**https**://www.mydomain.org/getRow.php", dataType: 'html', success: function (msg) { $(".drag-desired").html(msg); $.event...
We're making an app using PHP and using some third party services that require a secret API key. We have a PHP file that contains all those keys definitions that we then import (using require_once) when needed. Is this approach safe? Should we store the keys in a different place? Thank you. ...
I am experimenting with security-trimmed action links in ASP.NET MVC, and am considering using the SecurityTrimmedActionLink helper method described here. What I would like to do is put a vertical bar between each link like this: link1 | link2 | link3 But I don't want two vertical bars to appear between links if a link has been trimm...
Hi friends, I'm in trouble with a group of hackers. they hacked my client's site few times, and my client gets more angry :( my client lost his database (which has hundreds records), and had to enter all :( now I'm following some more introductions; fixed file permissions changed ftp and host login info cleared all remote mysql acce...