Can a (||any) proxy server cache content that is requested by a client over https? As the proxy server can't see the querystring, or the http headers, I reckon they can't. I'm considering a desktop application, run by a number of people behind their companies proxy. This application may access services across the internet and I'd like t...
I have two computers, and I'm thinking about getting rid of one of them, but I want to make sure that it's clean of anything of mine before doing so. What have you used or does your company use for this purpose? ...
Hi, We need to replace the menu system in our main ASP.NET application. So naturally we're looking at the ASP.NET SiteMapProvider and Menu controls. However we also need enough security to prevent users from directly entering URLs that they shouldn't have access to. We can do this by putting entries in web.config and securing them indi...
Within Ruby on Rails applications database.yml is a plain text file that stores database credentials. When I deploy my Rails applications I have an after deploy callback in my Capistrano recipe that creates a symbolic link within the application's /config directory to the database.yml file. The file itself is stored in a separate direc...
I'm looking for a simple way to encrypt my soap communication in my C# Web-Service. I was looking into WSE 3.0 but it seems Microsoft dropped support for it, and therefore it's not straightforward to use. It seems WCF could've been an option but I prefer not to upgrade from .NET 2.0 . Any simple, straightforward encryption method? ...
Typically in a large network a computer needs to operate behind an authenticated proxy - any connections to the outside world require a username/password which is often the password a user uses to log into email, workstation etc. This means having to put the network password in the apt.conf file as well as typically the http_proxy, ftp_...
When I am accessing my site from any computer I see this warning popping up: "This web site wants to run the following add-on: 'Microsoft Data Access - Remote Data Services Dat...' from 'Microsoft Corporation'. If you trust the web site and the add-on and want to allow it to run, click here..." I am guessing this is some kind of virus...
I've just put my new server up on an IP address with a domain pointing to it. I need to be able to remote admin it. I've opened the firewall for Remote Desktop and HTTP traffic. Is this going to be secure enough? I guess I should probably rename the administrator user... ...
I'm doing some funky authentication work (and yes, I know, open id is awesome, but then again myopenid doesn't work right at this moment!). Stumbling across Windows CardSpace I was wondering if anyone has used it in a real production system. If you have, what were the pros and cons for you? ...
I'm working on a DCOM application with the server and client on two machines, both of which are running WinXP with Service Pack 2. On both machines, I'm logged in with the same username and password. When the client on one machine calls CoCreateInstanceEx, asking the other machine to start up the server application, it returns E_ACCESSD...
I have a folder in my web server used for the users to upload photos using an ASP page. Is it safe enough to give IUSR write permissions to the folder? Must I secure something else? I am afraid of hackers bypassing the ASP page and uploading content directly to the folder. I'm using ASP classic and IIS6 on Windows 2003 Server. The uplo...
Specifically this is regarding when using a client session cookie to identify a session on the server. Is the best answer to use SSL/HTTPS encryption for the entire web site, and you have the best guarantee that no man in the middle attacks will be able to sniff an existing client session cookie? And perhaps second best to use some sor...
I'm pretty green still when it comes to web programming, I've spent most of my time on client applications. So I'm curious about the common exploits I should fear/test for in my site. ...
Does anyone know how IE7 determines what Security Zone to use for a site? I see the basics for IE6 here, but I can't find the equivalent for IE7. ...
The .Net Security Policy can be changed from a script by using CasPol.exe. Say I will be distributing an application to several users on a local network. Most of those users will be unprivileged, standard accounts, so they will not have necessary permissions for the relevant command. I think I shall be looking into domain logon scripts....
One of my clients uses McAfee ScanAlert (i.e., HackerSafe). It basically hits the site with about 1500 bad requests a day looking for security holes. Since it demonstrates malicious behavior it is tempting to just block it after a couple bad requests, but maybe I should let it exercise the UI. Is it a true test if I don't let it finish...
When I try to run a .NET assembly (boo.exe) from a network share (mapped to a drive), it fails since it's only partially trusted: Unhandled Exception: System.Security.SecurityException: That assembly does not allow partially trusted callers. at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Assembly asm, PermissionSe...
I need to keep the files & folders on two Windows-based, non-domain machines synchronized across a public network. I was thinking rsync over SSH - but I was wondering if there is a simpler solution? Any possibility of using the sync framework over SFTP/SCP/SSH? Or I'm open to better ideas? ...
I know this is a broad area, but... I'm looking at Writing Secure Code, Second Edition, but I was wondering what other good books were out there on the subjects of security, hacking, and computer forensics. A quick search turns up plenty, but I'm not sure where to begin. For the record, I am a software engineering undergraduate student...
I'm looking for a "safe" eval function, to implement spreadsheet-like calculations (using numpy/scipy). The functionality to do this (the rexec module) has been removed from Python since 2.3 due to apparently unfixable security problems. There are several third-party hacks out there that purport to do this - the most thought-out solutio...