An introductory text about digital certificates
I would like to learn the basics of digital certificates. Including how to create a self-signed certificate. Does anyone know a good introductory text about this? ...
security
Write Secure Cocoa Code
Hello, Im making an application in cocoa and wanted to see if some strings in it were easily accessible so I ran OTX on it and sadly all of my code was found. Is there a method I can use to make my code more "secure" or at least encrypt/hide the strings? The reason I want to encrypt the string is it's a password for a server. I don'd ne...
How to retreive SID's byte array
Hello experts, How can I convert a PSID type into a byte array that contains the byte value of the SID? Something like: PSID pSid; byte sidBytes[68];//Max. length of SID in bytes is 68 if(GetAccountSid( NULL, // default lookup logic AccountName,// account to obtain SID &pSid // buffer to allocate to...
Testing ASP.NET security in Firefox
I'm not sure whether this question belongs on StackOverflow or SuperUser, but here goes nothing... I'm trying to test out some basic security problems on my personal ASP.NET website to see exactly how the custom validators, etc. work when tampering with the data. I've been looking at the Firefox extension TamperData which seems to do th...
firefox extension security issue
I'm writing a firefox addon that logs certain user activity and displays some statistics on a webpage. When the page is opened, the page sends an event to the addon. The addon adds data to the page and sends an event back, and the page refreshes the statistics. Now how do I ensure that the extension only puts the (sensitive) data on th...
How can UNIX access control create compromise problems?
My system administrators advice me to be careful when setting access control to files and directories. He gave me an example and I got confused, here it is: a file with protection mode 644 (octal) contained in a directory with protection mode 730. so it means: File: 110 100 100 (owner, group, other: rw- r-- r--) Directory: 111 011 00...
Session variables can be fooled (login)?
IN PHP: Is there a way for the user to fake a session variable? Is it secure to trust in the value of a session variable for a login system? ...
iphone secure network identification
Hello!!! can anyone tell me (code sample woudl be awesome) how to get the the secure wi-fi userid and password for the current logged user on the iphone for example: Wi-fi settings for a network using WPA2 Enterprise (network/username/password) how can I found out who's logged for said network ?? Thanks in advance!!! Cheers ...
Can someone explain C# CngKey.Create please?
The internet resources seem few and far between and the best MSDN page (as far as I could tell) throws an error! Specifically, I'm not sure what to create as a CngKeyCreationParameters object... Thanks, Matt. ...
Does the default MVC security utilize the same security as ASP.NEt
I am converting a personal site over to MVC 2 and I have been using Forms Authentication against a SQL Server DB. Curious if the standard MVC 2 template will just automatically work if I upload it to the server. I have added the connection string to the web.config. I'm thinking it will work but wanted to see if anyone's done this. ...
Ways to restrict WCF Service so only our apps can access it.
I have a public WCF Service. I have a WPF Desktop app & a silverlight app. My apps does not have any login requirements. I want to make it difficult for another developer / website to make use of my service. What's the best way to restrict access to my service? Use SSL and have the desktop / silverlight app store a token inside of it?...
Is it more secure to run a desktop app within a applet?
Fist of all, when I say "run a desktop app within a applet" I mean do a Applet application that runs off-line, instead of a Desktop application that runs inside a JFrame. The little I know about applets (and maybe something I say is wrong, please correct me) is that applets have all permitions not granted by default. Also, the applets r...
how can i rewrite secured url in asp.net
hi experts, please look at below specified url http://10.130.18.212/Test/(S(klcclla5uwjxijryxfvm3muj))/Quality/secureWelcome.aspx i found this kind of secured url in various various web sites. please let me know how can i embed "(S(klcclla5uwjxijryxfvm3muj))" within the url. please let me know in detailed. to which concept it does be...
security policy error iphone ipod touch issue
I'm getting an "Error from Debugger: Error launching remote program: security policy error" when I try to run my app on my ipod touch. The provisions look in order, and the app builds to my iphone 3gs just fine. The app used to build just fine to my ipod touch, so I'm flustered what could have changed and wondering if anyone has any th...
User.IsInRole returning false
My ASP.NET app is using windows authentication. If I run the following code: WindowsIdentity wi = (WindowsIdentity)User.Identity; foreach (IdentityReference r in wi.Groups) { ListBox1.Items.Add(r.Translate (typeof (NTAccount)).Value); } if (User.IsInRole ("Everyone")) Labe...
Recording Audio With J2ME and an HTC Touch 2
Is anyone aware of a work around the security measures put in place in MIDP that stop access to the audio recorder in J2ME, I know my phone supports it but it just keeps asking if it's ok to let it record over and over again, if I try to skip it it throws a .SecurityError. ...
Copy all current system data content in memory
I'm studying security, and I would like to know: in Windows or Unix based OS environment, is there a way for anything (programs or user with some knowledge) to copy all the content of the computer's memory? My worry is about a hacker get my decrypted data loaded in memory. And how to avoid it. The hacker may be the user himself. ...
More secure password communication
Hi, Our vendor needs some access to our test server, and thus we send them email with username/password (i think it's unencrypted). What is the most unintrusive way to bump up the security level? Thanks ...
faking a filesystem / virtual filesystem
I have a web service to which users upload python scripts that are run on a server. Those scripts process files that are on the server and I want them to be able to see only a certain hierarchy of the server's filesystem (best: a temporary folder on which I copy the files I want processed and the scripts). The server will ultimately be ...
question about pcap
hi, i have to do a sniffer as an assignment for the security course. i am using c and the pcap library. i got everything working well (since i got a code from the internet and changed it). but i have some questions about the code. u_int ip_len = (ih->ver_ihl & 0xf) * 4; ih is of type ip_header, and its currently pointing the to...