We're trying to run a set of administrative tasks on the server via a web administration console. The console runs with impersonation as the currently logged-in user, and only administrators on the local machine are allowed to log in. Right now it works for most cases but we're having trouble when running under UAC. The first issue is...
Our inhouse Windows 2003 server hosts our companies svn repos. I'm looking for a secure method, preferably encryption, for the server-side passwords. Right now they're stored in clear text. Is there a svn plugin or method that I can use to achieve this? Thanks ...
Does the new security transparency model provided with .NET 4 apply to C++/CLI assemblies as well? Can we annotate the members with security attributes for them as well? ...
Does ASP.NET 4.0 have any improvements as to inbuilt ptotection against session fixation attacks? ...
I'm using .NET 3.5. Say I have a method that accesses a specific file, and a specific registry key. I want to add declarative security definitions that restrict the method so that it can only access the file and the registry key specified, and nothing else. When I try: [RegistryPermission(SecurityAction.PermitOnly, Read = "registry...
I am in a situation where I am given a comma-separated VarChar as input to a stored procedure. I want to do something like this: SELECT * FROM tblMyTable INNER JOIN /*Bunch of inner joins here*/ WHERE ItemID IN ($MyList); However, you can't use a VarChar with the IN statement. There are two ways to get around this problem: (The Wr...
Or is there a standard, default one provided in 2008? Thanks, Matt. ...
After reading this: http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#how-to-use-it I came to the conclusion that it is not valid to use this except for when you trust the person who is using the page which enlists it. Is this correct? I guess I don't really understand when it's safe to use this because of this statement: This...
It's an important security issue and I'm sure this should be possible. A simple example: You run a community portal. Users are registered and upload their pictures. Your application gives security rules whenever a picture is allowed to be displayed. For example users must be friends on each sides by the system, in order that you can vi...
I want to implement Secure Login and Registration functionality for my website can any one please guide me on that. ...
how i use security component in cake php?can any one give me good tutorial . ...
Hi, How to include security roles in grails portlets for liferay ? After deploying war in tomcat i added manually these lines for roles liferay-portlet.xml : <role-mapper> <role-name>administrator</role-name> <role-link>Administrator</role-link> </role-mapper> portlet.xml : <security-role-ref> ...
We're trying to create an app for OpenPeak. The Flash app will act as a client to a Java server on another computer on another domain. The Flash app client connects via XMLSocket. The Java Server uses ServerSocket to receive a request and send back a message. In order to trust the server, the Flash client needs a socket master policy ...
Say I have this url: http://site.example/dir/ In this folder I have these files: test.ascx.cs and test.ascx Just to be clear, I am not a .NET developer. From a security point of view - why can't I access http://site.example/dir/test.ascx.cs and how secure is it to keep those files there? I assume IIS filters out request that query t...
Is there a library or something that will allow me to simply call a function that will AES encrypt a byte array? I don't want to deal with multiple update blocks/transformFinal/etc, because there is a possibility I will mess up... ...
I'm trying to detect "Use after free()" bugs, otherwise known as "Dangling pointers". I know Valgrind can be used to detect "Use after free" bugs on the *nix platform, but what about windows? What if I don't have the source? Is there a better program than Valgrind for detecting all dangling pointers in a program? A free and open...
No matter how I configure the Credentials property I get a 401 exception when I try to Render the report. Here is my (latest) code: var rs = new ReportExecutionService(); rs.Url = "https://myserver/reportserver/reportexecution2005.asmx"; var myCache = new System.Net.CredentialCache(); myCache.Add(new Uri(rs.Url...
Hi this is a discussion between me and me to understand isolated storage issue. can you help me to convince me about isolated storage!! This is a code written in windows form app (reader) that read the isolated storage of another win form app (writer) which is signed. where is the security if the reader can read the writer's file, I ...
Hi, I'm looking at starting a new web app which needs to be secure (if for no other reason than that we'll need PCI (Payment Card Industry) accreditation at some point). From previous experience working with PCI (on a domain), the preferred method is to use integrated windows authentication which is then passed all the way through the ...
I have some security related service running on my machine (start type = automatic) In the service control manager, the stop/restart commands are grayed out. I was wondering how can I develop such service for which the stop operation is disallowed. Note that I am logged in as an administrator ...