We have a Lotus Notes web service that generates an XML response. In our development environment on Visual Studio we can access the data source and run the report without issue. When we run the report from SQL Server we get the following error: An error has occurred during report processing. Query execution failed for data set ...
In PHP, I know that using parameterized queries is the best way to prevent SQL injection. But what about sanitizing user input that will be used for other purposes, such as: Displaying back to a user (potential cross-site scripting vector) Addressing an email or filling in the message body Is htmlentities() the best way to sanitize ...
I am building a application in silverlight which will enable users read information about their payment. Their login and password will be save in table in db. It is possibility to improve security in my app by limiting what data a query has access to? For instance i want to prevent a user from selecting data they do not own. A limitati...
I have an Open ID based authentication system on my site. Occasionally users will have an account registered under [email protected] and they will attempt to login using the google open id provider https://www.google.com/accounts/o8/id, in this case I would like to automatically associate the account and log them in. When the process is ...
Is there any javascript function that can encrypt data: For example i want to use encrypted data in my URL passed by ajax GET request, http://sample.com/mypage/TDjsavbuydksabjcbhgy where TDjsavbuydksabjcbhgy an encrypted data equivalent to 12345. Now i want to retrieve that data in PHP by decrypting it, so that i can use the 12345. I...
How can i secure the Rss feed for private viewing? ...
Sometimes so happens that mysql_query() fails to INSERT data and I am unaware of it. So, the question is how do I know when it happens? ...
A)I want to be able to support password protection of my RSS feeds through the following authentication methods: HTTP Basic Integrated Windows (NTLM/Kerberos) Digest 1)How can i do that in asp.net mvc B) Reading over the RSS 2.0 specification, I saw nothing related to security, so I assume that security implemented for the RSS feed is...
I'm new to PHP and trying to get my head around security. I have an admin page that gives access to certain administrative tasks. Right now, it lets you repopulate database tables with some seed data. To access the admin page, you first need to login. Currently the login is not over https (it will be soon). If you authenticate, a tok...
I've heard it claimed that the simplest solution to preventing SQL injection attacks is to html encode all text before inserting into the database. Then, obviously, decode all text when extracting it. The idea being that if the text only contains ampersands, semi-colons and alphanumerics then you can't do anything malicious. While I s...
Hi I wanted to do secure communication between Oracle client and Oracle server. Oracle version: 11g Whether anyone know how to configure secure communication with Oracle server and client? What are the configuration need to be done? Thanks Santhosh ...
It's a common problem, solved many times, but for some reason i cannot find the right information. Some constraints and requirements: Technique for LAMP stack. Fine-grained control of which files are accessible. No basic authentication with htpasswd files, i want to provide a custom login frontend. Should be able to securely protect a...
Hello, Sending username and password as plaintext, but trough HTTPS; then on server hash(salt+password) and compare that with the hash in the DB. (salt is per-user) Doin' it right? :) Cheers PS: I'm using Ruby/Sinatra, gonna serve via lighttpd, I think. ...
Hi I have an asp.net app, and i want to store a machine wide encryption key that i will be using in the apps, when using DPAPI crypto system. What are the best practices to store the key - where do i store it? Thanks. ...
I have a Silverlight 3 Application and for security I'm using Active Directory. For some reason that I can't explain whenever I access my app in the production servers the default browser authentication window pops up and I have to Authenticate two times! Whats up with that? I checked IIS and everything seems fine! ...
Hi folks, I have a security consultant demanding that we implement encrypted connections to mySQL. He is concerned that the username and pass for the db are being sent cleartext when we connect. The mysql server is on the same network as the scripts though not the same physical machine. So the credentials will not be passed externally...
I am working on an application for which requires the following functionality: The user clicks a button on the web page and this causes a document to be printed without any further user intervention. The approach I am using to deliver this functionality is to embed a Windows Control (using a Windows Control Library) in the web-page. (A ...
We want to embed an ajax style service into a number of our websites each with a unique api key. The problem that I can see is that because the api key is stored in the javascript file the user could potentially take the key, spoof the http referrer, and make millions of requests to the api under that api key. So I am wondering how Goog...
Okay, so I have created a webpage for a client who is using https protocol, but wants to stream video from a non-secured source (not YouTube, unfortunately). Best case scenario: I'd be looking for a way to stream the video without getting security warnings for mixed content (especially a problem in any IE). I realize this may be impossib...
Can this be simplified to a one liner? Feel free to completely rewrite it as long as secureString gets initialized properly. SecureString secureString = new SecureString (); foreach (char c in "fizzbuzz".ToCharArray()) { secureString.AppendChar (c); } ...