I need to design a system that will control access to certain information. The requirement from the user is to use access levels e.g. Level 1 - Support Level 2 - Manager Level 3 - Senior Manager Level 4 - Department Head etc. If a certain piece of information is marked as Level 1, then all roles should be able to view that piece of in...
Hi, i am using a Form where i am having a textbox which on submit i am retriving the value of the text box and sending it to a file which gets the value and using it to fetch the records.. in my javascript i gave like <script language="javascript" type="text/javascript"> function check() { var title=document.g...
Hi Peeps. I am building facial recognition software for a certain purpose, however, as a spin-off i would like to use that same software / concept, to automatically recognize me when i sit in front of the PC, and log me in. recognition is handled.. however, i need to incorporate this into windows, the same way fingerprint logins work. ...
Someone recently told my coworker that our site is relatively insecure from an FBJS standpoint. Since I wasn't there at the time, I wasn't able to ask why. What are some factors that influence the security of an FBJS implementation? Thanks very much, Michael ...
Hi, I know it's a good idea to use well implemented standard software for authorization and authentication. But this time I wrote it on my own. It is used in a intranet only application, so security requirements are low. But I, as the developer, would like to know, how secure it really is. I would please you to review the code and give ...
I'm making a security permission system for a Dynamic Data site based on the article Securing Dynamic Data Preview 4 Refresh. The system contains an additional permission kind: "deny an operation for a record/field if a record is not owned by an user". If an user can read only own objects, we need to have an always enabled filter in Lis...
Hi! I have to write an iphone application that controls a device. This device exposes a telnet based interface. The application should ideally have user access control and customizability for each user. I was thinking of writing C++ classes that would communicate with the device using sockets. This functionality can then be exposed th...
I have an intranet on the Drupal platform. I am using permission to restrict access to certain node types that have sensitive information in them. This is all working nicely. However, some of theses sensitive nodes use taxonomy as a method of categorization. The problem is, I have found certain paths, apparently created by the taxonomy ...
how would i a)include a php script that is outside the web root (would it really be just a simple ../file.php), b)post form data to a php script outside the web root. I'm led to believe this is a corner stone to php security. ...
Which is the best way do delete a file on FAT32 file system securely (i.e. make it impossible to recover the file). Is overwriting the file with garbage and then deleting it secure? Could anyone suggest a good reading on this? ...
I need to send an encrypted string from a private key to a webserver for authentication. I have Java client code that generates the encrypted string correctly (such that the webserver can decrypt it with the public key). I am trying to write C# code to perform the exact same encryption - but have not succeeded. First a keystore was ge...
I am currently working on a project where i need to create some architecture, framework or any standards by which i can "at least" increase the cracking method for a software, i.e, to add to software security. There are already different ways to activate a software which includes online activation, keys etc. I am currently studying few r...
Attempting to implement a poor man's test of whether a process is still running or not (essentially an equivalent of the trivial kill(pid, 0).) Hoped to be able to simply call OpenProcess with some minimal desired access then test for either GetLastError() == ERROR_INVALID_PARAMETER or GetExitCodeProcess(...) != STILL_ACTIVE. Nice try....
I do not require passwords to be changed on a schedule in my application for a simple reason: it makes remembering passwords harder and is thus more likely to lead people to write them down somewhere or otherwise use an unsafe memory aid. What arguments are there to the contrary? Why would forcing someone to change a password that no o...
Hello I am not a DBA and so dont really know anything about SQL 2005 security settings, etc. I am attempting to set up an empty copy of our database by generating the full database from SQL Management Studio generated scripts. Unfortunately I don't know what many of the options do and the MSFT documentation of this processes isn't great...
Hi, I got below mentioned code for adding my application to Windows Firewall Exception list. I wanted to know if this will also work for other firewalls eg: Antivirus firewalls etc. If not then please suggest a solution. Note: My application is running with Admin rights but my users are not able to understand firewall settings of quick...
We have client server based app which saves user related data into a zip file and sets the passwd to the zip file programatically. Just wondering if it could be considered as secure. Thanks N ...
Is JavaScript's window.opener property reliably available across browsers, and immune against any security settings and limitations of any sort? Both the opener and the opened window would be on the same domain. Has anybody run into troubles, bad experiences using it under certain circumstances? I'm asking because I'm planning to buil...
I have a Windows.Forms based .NET desktop application that stores privileged information in a file on disk (not using .NET configuraton files), encrypted using a symmetric cryptography algorithm such as TripleDES using MS's CryptoAPI. This file must be read/written over multiple program runs / machine power cycles, aka, use the same Key...
Iframe from domain with SSLcertificate will be embedded on other site (foo.com). Must foo.com have SSL cerificate? If foo.com has SSL certificate, will it be an security error? foo.com has SSL certificate for foo.com, but iframe domain has other SSL certificate. If foo.com hasn't got SSL certificate, will it be an security error? ...