I am at a loss. I submit a form via Ajax using submitForm: function(element) { $.post( webroot + 'users/settings', $('#AJAXform').serialize(), function() { var option = $('#AJAXform').find('select option:selected'); $j.current.v.updateField(element, option.text()); $j.curre...
I have some webserver resources protected with Form based Authentication. The requirement is to have some highly secure resources access result in forced authentication of the user even if he/she is authenticated earlier and have a valid cookie (authentication). The authentication in a session is maintained by a particular cookie. The f...
I have a web service on an insecure network that needs authorization. I wish to implement it over HTTP, instead of HTTPS, at the same time evading man-in-the-middle and sniffing attacks. I need only one key for the client and the server. The client calls a server function, and the server can authenticate whether this client is right, ...
I'm working with a listview control which saves the data using AES encryption to a file. I need to keep the data of every item in listview in std::list class of std::string. should I just keep the data encrypted in std::list and decrypt to a local variable when its needed? or is it enough to keep it encrypted in file only? ...
What are some best pratices associated with use of IRIs to prevent character missrepresentation, spoofing, or character injection? ...
Hey, I've got a DropDownList and I'm trying to prevent it from being used as an attack vector. Can I assume that the user is unable to actually change the values of the DDL and postback to the server? At the moment, I get this ASP.NET error message thrown if I try and change the packet after submission: For security purposes, this fea...
The page I'm building depends heavily on AJAX. Basically, there is just one "page" and every data transfer is handled via AJAX. Since overoptimistic caching on the browser side leads to strange problems (data not reloaded), I have to perform all requests (also reads) using POST - that forces a reload. Now I want to prevent the page agai...
Sorry, that it isn't exactly programming question, but it is also interest. So my question is: where from user private key comes? Whether it comes in key-pair together with public key in certificate that is generated in CA, or it is generated in client OS, when only thumb-print, public key and so on comes from CA? Thank you for ahead. ...
I Want Implement a Licensing System for my Application. I Use .Net Reactor Software for this And this Software can be Create a License File For My Application.But I Want a powerful Software for Implement Licensing System with Activation Code. ...
While reading the OWASP site, I stumbled upon pages www.owasp.org/index.php/Category:Countermeasure and www.owasp.org/index.php/Category:Control. My question is simple: what's the difference between the two? I'm sure I could see it if there was more information, but right now they both seem to state that they are something that are ...
Hi y'all I'm developing a web application. Like, a proper one, I've used things like Joomla in the past to make awesome stuff but have now finally got my hands dirty with PHP, MySQL and CodeIgniter. When you're making serious web apps that'll handle large amounts of data, what precautions should I take against my data inputs to fully s...
So I'm tring to create a secure form ( username & password ) with the usernames and passwords stored stored in a Json fil. So I have some questions. How can I secure that json file will not be accessible by something coming via cross-domain request? Or How can I ensure it will not. How do I actually use the .post() the function with js...
Is mysql_real_escape_string sufficient for cleaning user input in most situations? ::EDIT:: I'm thinking mostly in terms of preventing SQL injection but I ultimately want to know if I can trust user data after I apply mysql_real_escape_string or if I should take extra measures to clean the data before I pass it around the application a...
I am aware of the difference between a process running in user mode and one running in kernel mode (based on access restrictions, access to hardware etc.). But just out of curiosity, what is the difference between a process running in kernel mode and one running as root? ...
Hi. My application is not supposed to perform any administrative tasks, so I want a normal User account to be able to run it. Only thing is, my application reads from and writes to a database file; if the user running Windows 7 (Or Vista) installs my app in drive C, the drive's default permission set configuration doesn't allow my app t...
Hi I'm building a Twitter search application in Flash and have encountered a security error when retrieving a user's information using the following... http://api.twitter.com/1/users/show.xml?screen_name= I noticed a crossdomain.xml file returned with the above. This works http://search.twitter.com/search.atom? Can anyone suggest a ...
I have a WPF application which uses LINQ-to-SQL to access an .MDF file within its local directory structure. This works fine. However, when I create a second .MDF file in the same directory as the first, and try to create a model with Entity Framework, it gives me this error: Request for the permission of type 'System.Web.AspNetHo...
My UI prototype requires me to show the sites login info all the time. Either I should show the usual username and password textbox or "you are logged in as". The last bit don't have to be secure, as it's only info to the user, nothing I will use server side. But the first part should send secure to the server. It seems that I would hav...
I've got the design habit to have a SqlConnection object populated by a child form, showing the child form, establishing the SqlConnection object and having the populated object passed back to the parent form where execution continues. .NET 2.0 and up 0 as follows: Parent form: public SqlConnection sqlcon; //should be property but mad...
Is there a way to authenticate users in symfony apps using Active Directory? Can you please point out some documentation? edit What i need is to have a transparent login in my application. The user authenticates once at windows logon, then all applications should be accessed with the same credentials without being asked for the domain\...