Background I have a post-build event which I use to generate some batch files which contain the current version number of our application. The event calls a batch file, which calls a managed app which loads the assembly and uses reflection to find its version information. Problem When the post-build event runs locally, every is fine. ...
I've got an ASP.Net web app that needs to run processing tasks from time to time, based on the actions of an admin user. One of the tasks I'm looking at will require shelling out to run an a command-line app, to securely transfer a file. I have no choice but to use the command-line app I've been provided. The ASP.Net page in question ...
Im developing a GWT application to control an X10 home automation controller(USB Device). It uses the java Comm APi to communicate witht the controller. But im getting this exception when trying to call the comm api remotly. Initializing AppEngine server The server is running at http://localhost:8888/ javax.comm: Error loading javax.co...
I want to design a mobile application/tool for recovering deleted messages/pictures/files from the phone. I have the choice to do that using Android or Symbian. what do you think is more easier provided that I have to use some operating system concepts to solve the problem and recover deleted messages. Also what are the concepts that I c...
Is there a way where I can set the .NET ApplicationServices connection string in the code behind? Instead of having plain text in my web.config? Or can I just put the encrypted value there and then decrypt and pass it again? Thanks! ...
Hi, I'm planning on making some dynamic PHP websites and I need a free Authentication system that allows me to create control panel for these sites' admins. It should contain : Remember password Lost password Maximum login attempts per specific interval users Management Thanks. ...
So, I have an web-based application that is using the Wicket 1.4 framework, and it uses Spring beans, the Java Persistence API (JPA), and the OpenSessionInView pattern. I'm hoping to find a security model that is declarative, but doesn't require gobs of XML configuration -- I'd prefer annotations. Here are the options so far: Spring S...
We have a third party library referenced in our project, but without access to the source I don't really know what it's doing under the hood and there's too much code to check it out with Reflector. Is there any easy way to completely sandbox it so it can't access the file system, network, registry etc.? I'm trying to get up to speed w...
Got a simple WCF demo app that has two console projects--host and client. Both are running on my machine (win 7 box). I'm using the netTcpBinding, which uses windows authentication. The issue is that authentication is downgrading to NTLM from kerberos, and I can't figure out why. If I use <clientCredentials> <windows all...
Is it safe to let users make their own Django templates with a set of pre-defined variables, and then render this template on the server? I would only pass a very limited set of parameters to render, all of which are strings. Templates would be something like: hey, my name is {{name}}. So, the question is, are there any django templat...
I am currently in a project with php frontend. We're pretty concerned about security, because we'll have quite a lot of users and are an attractive target for hackers. Our users are able to submit html formatted content that is visible to other users later. This is a big problem because we're vulnerable for the whole set of XSS attacks. ...
I'm a relative newbie to web and mobile development and especially to security so obvious answers are still appreciated. I want my android app to be able to log in to a simple web service with a username and password. What's the best way to send this information securely and keep the user logged in for an entire session? ...
Where would you store files that are meant for sale on an e-commerce website? ...
We're using JQuery and I've come across the following JQuery vulnerability in the National Vulnerability Database: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2379 Has this been fixed in more recent versions of JQuery? The original release date on the vulnerability is 4/30/2007. I'm trying to ensure that the little JQuer...
I am using the Authorize attribute like this: [Authorize (Roles="Admin, User")] Public ActionResult Index(int id) { // blah } When a user is not in the specified roles, I get an error page (resource not found). So I put the HandleError attribute in also. [Authorize (Roles="Admin, User"), HandleError] Public ActionResult Index(in...
I'm looking for links, or an answer here, on to how to properly configure the database permissions to secure a Django app? To be clear, I'm looking specifically for material dealing with grants on the database, not permissions within the Django framework itself. ...
It's not that I don't have access to javascript, of course. In most of my CS Web Development courses, we are taught a little bit about server-side validation, and then as soon as javascript is introduced, server-side validation is thrown out the window. I choose not to just rely on javascript, as the client-side is never a secure place....
I have an online registry of professionals with about 300 members. These are smart people, but non technical. Currently, if somebody forgets their email address, the system resends it to the email address they registered with. The problem is that people change their email addresses over time, then forget their password, and can't receiv...
Hi, after trying to merge changes to an svn trunk back to the branch with the following command: ../branches/myBranch$ svn merge -r 94:171 https://.../trunk --dry-run I get the following error from SVN: svn: REPORT of '/svnroot/simspark/!svn/vcc/default': Could not read chunk size: Secure connection truncated (https://simspark...
I've just seen Doctype's episode on CSRF. In it they say that the best prevention for CSRF is to create a token from some user unique data (e.g. hash a session ID) and then POST that along with your request. Would it be less secure to generate a difficult to guess value (e.g. GUID) and store that as a session variable and put it into t...