Suppose a website offers the following resources for premium users: PDF Files Video Files Presentations (e.g. .ppt files) Which protection techniques are available to prevent (slow down) the user to copy and re-distribute these resources? ...
I've found this technique to be interesting to short some coding time. Not having to re-create database related statements along with a form binder for webcontrols is indeed interesting in my opinion. But I was wondering if it should be considered a major security risk for non intranet projects because it shows the database structure to ...
I added the AuthorizeAttribute to secure my ActionResult. [Authorize(Roles = "MyUser, Admin")] public ActionResult Index() { var allData = myDataRepository.FindAllData(); return View(allData); } The Index view displays a list of data from my table. I want to show 1 row is the user Role is MyUser and all row...
Hey. I would like to save sensitive user data to my apps sandbox but I know that if the phone is then stolen someone can "rip" (if thats the correct term) data off the device quite easily. So I need to use encryption. But I can't use standard private-public keys without either storing them in the code. (not good im assuming as if the b...
Friend of mine wanted introduce in his company emails PGP encryption for exchange mails with clients. He asked me to write easy app supporting that. I found useful dll wrapper - so it seems to be not very big deal to write app. What puzzles me is security aspect. (I dont want to push him on the mine) I know PGP uses private/public keys ...
When I tried to set Physical Path Credentials in the Advanced Settings, I've got an error message as follows: Internet Information Services (IIS) Manager Bad Data. (Exception from HRESULT: 0x80090005) And it prevents me to set specific user to access network shared folder. Strangely, I have another server with same configuration, it ...
I'd really like to start including shopping cart functionality in my projects. At first im content relying on paypal links, but I really want to be learning about specific security threats and how to combat them. Eventually I want to feel comfortable receiving and sending customer credit card details for ecommerce. Obviously this is a ...
All the security stuff I have worked with in the past in ASP.Net for the most part has been role based. This is easy enough to implement and ASP.Net is geared for this type of security model. However, I am looking for something a little more fine grained than simple role based security. Essentially I want to be able to write code like t...
I have few images on a web page which are fetched from http server while whole web page is on https. So in internet explorer 7 & 8 , I get this pop up of "This page contains both secure and non-secure items" . Majority of users use internet explorer. Somehow they are getting worried about this pop-up. Even though I told some of the users...
I am looking into encrypting some sensitive data in SQL Server, such as bank account numbers and social security numbers in order to comply with new state laws. I am using SQL Server 2008 as my database with .NET code. I have used .NET to encrypt passwords, but for this I'm thinking of using Microsoft's built in encryption by just encryp...
I take some days and still can not find any way to do X.509 Certificate creation in .net. Is there anyone who can give me an answer or some hints? Thanks. ...
The script below, test.php, is intended to be placed in a specific directory of all my wordpress sites. Its purpose is to grab the file at the $source address below and extract it to the directory in which it resides. That's all its intended to do. For example, I will have a dashboard interface on my central server that lists all my sit...
I'd like to test an application on the iphone simulator which connects to a service using a certificate which is signed by our own CA. I can do this on the actual device by adding a provisioning profile which has the CA certificate. I had thought that having the CA certificate in the standard OSX keychain would work, but it doesn't. So ...
I am trying to create a custom authentication scheme in ASP.NET MVC using form authentication. The idea that I might have different areas on the site that will be managed - approver are and general user area, and these will use different login pages, and so forth. So this is what I want to happen. User access restricted page (right now...
As many will know, one-way encryption is a handy way to encrypt user passwords in databases. That way, even the administrator of the database cannot know a user's password, but will have to take a password guess, encrypt that with the same algorithm and then compare the result with the encrypted password in the database. This means that ...
Is it possible to use C# to encode a string of text using a .PEM file and decode it using the same .PEM file? ...
Two goals: Minimize barriers to writing comments. Obvious design conclusion: don't make your users create a new account or login with a password. Allow users to accumulate karma/points for comments. Obvious design conclusion: have users create unique accounts so you can reward their activity. How have other people resolved this? D...
In my previous question on this topic, what would the implications be if I removed the dynamic variable and instead replaced it with a static one like you see below... $source = 'http://mycentralserver.com/protected/myupdater.zip'; I've included the code below for convenience... <?php // TEST.PHP $source = 'http://mycentralserve...
I am using SQL Server 2008 developer edition. I was trying to attach the AdventureWorks2008 database. When I tried to attach, I received an "access is denied" error. According to the event log, it came from the O/S: Open failed: Could not open file D:\ProjectData\AdventureWorks\AdventureWorksLT2008_Data.mdf for file number 0. OS ...
Hi folks, I have a PHP contact form mailer on my website. The contents don't store in a database, but are emailed directly to me. I have received a couple strange contacts in the last few days. The user has to fill in name, email, confirm email subject and message. I have a javascript security in place that verifies an email is type...