Hi all, I am trying to secure communications via SSL/TLS for one of our Web Service using CXF 2.2.5. I am wondering how to update client and server Spring configuration file to activate this feature. I found some information on CXF's website (CXF Wiki) for the client configuration, here is the given example: <http:conduit name="{http:...
Many of my users have requested a password protection for various data elements in my database. Unfortunately, one of my existing features is backing up the database to a public location (SD Card) for data redundancy, so my database isn't secure. So my question is two-fold. How can I encrypt or secure a database on android? How can...
I have a web based (perl/MySQL) CRM system, and I need a section for HR to add details about disciplinary actions and salary. All this information that we store in the database needs to be encrypted so that we developers can't see it. I was thinking about using AES encryption, but what do I use as the key? If I use the HR Manager's pas...
I am currently building a blog type website for myself. I have used wordpress in the past and really enjoy it, but when it comes to building more than just a blog I usually get bogged down in writing hacks for it. The site I'm building is going to pretty much be a blog, but with a 'question and answer' side to it (NOT A FORUM - purely Q...
While architecting any n-tier intranet applications, do I have to consider anything about firewalls in the organization? Are there any special considerations which needs to be proactively addressed or it could be an afterthought. ...
I'm back with another Flex/Flash security question. I've already received some help from the community on this topic, but I'm still not quite sure this is the best way to do. Here's the thing. A flex web app, a lot of users (1000+), custom configuration of the application depending of the user group. Can I make this thing safe... or saf...
In my Asp.net MVC 1.0 application I want to use CKEditor as my Rich Text Editor. But if I want to use this editor i have to Disable Request Validation . After doing this if I want to display the whole html content directly I can't use HTML.Encode() becuase I want to render the real html content generated from Editor. So how can we prev...
Curious as to how to compare a text box string to the password the user used to authenticate themselves when they started the Microsoft Access database. Microsoft Access version is 2003. Users authenticate themselves using Microsoft Access Jet security. UPDATE: Per CesarGon (thank you), this is really a question of comparing hashed val...
Hi, I'm looking to prevent session hijacking in my ASP.NET application and came across this great post by Jeff Prosise. However, it's from 2004 and I was wondering if there have been any updates that either perform the same thing, or result in any complications? Also, has anyone used this on a production server and, if so, have there ...
Usually we define iis web sites which allow anonymous authentication to run under the IUSR_ComputerName account which has very limited privileges. For example we may decide it cannot access the file system. How does that make our web site any more secured? The user cannot run code on it anyway - only our website code runs and we make sur...
i've just read a few posts on hiding Silverlight code in some way. Main conclusion was that you can obfuscate it, but you can't realy hide it, so secure things must be done at the server. But then, anyone can see via Fiddler what kind of data is posted to a particular webservice. For instance, they can see that i'm calling UpdateCustomer...
Hi! I'm using Windows XP Pro SP3. I want to use SSPI functions in my code. I compiled my code, no error. I set the security package to be used to Negotiate, which is recommended. When I start my program, Negotiate cannot be used because it can't be found. So, I tried "Kerberos" instead, and same error: the security package cannot be f...
I'm looking at scripting parts of my workflow, which involves interacting with some web-services via SOAP and XML-RPC queries. I'm scripting using bash and python. I need to authenticate against these web services, and I'd ideally like to do so without having to type in my password for every request (typing it once per login would be...
I'm an android developer trying to use the javax.crypto package to encrypt/decrypt my SQLite database backups when I put them on the SD Card. That way, they can't be read while they're in the publicly accessible file system. I can encrypt/decrypt the file just fine, but I have no idea how to tell if the user input the right key or the ...
Cross Site Request Forgery (CSRF) is typically prevent with one of the following methods: Check referer - RESTful but unreliable insert token into form and store the token in the server session - not really RESTful cryptic one time URIs - not RESTful for the same reason as tokens send password manually for this request (not the cached ...
I've just started to play with CodeIgniter 1.7.2 and imendialtly noticed that there is not a built-in library for user authentication. I don't need anything fancy. It's only to authenticate users in to my back office system. I don't need users and groups, or permissions etc. I just need a script to allow users to login. If a user tries ...
Hey guys and gals running into a little issue here.. I'm trying to use MySql Connector 6.2.2.0 for membership and role providers.. The issue I'm having is: Unable to initialize provider. Missing or incorrect schema. <authentication mode="Forms"/> <roleManager defaultProvider="MySqlRoleProvider" enabled="true" cacheRolesInCook...
I'm very new to EJB security and GlassFish authentication, authorization mechanism. I have a jdbc realm and configured sun-web.xml and web.xml to map the roles and restrict access to a page. However, my problem is that when I restrict access to all the pages, it works and triggers the login pop up before loading the welcome page (using ...
I just read this article about piggy backing in PHP. I googled it but not so much information there. Can anyone tell me more details how to prevent this kind of attack, what kind of code practices are vulnable and what we should do? Thanks in advance. ...
Is there any known attack on this modified version of Yahalom? Cannot find anything... ...