Since no one answered this question: What issues to consider when rolling your own data-backend for Silverlight / AJAX on non-ASP.NET server? Let me ask it another way: How does WCF RIA Services handle authentication/authorization/security at a low level? e.g. how does the application on the server determine that the incoming http ...
Say we have a form where the user types in various info. We validate the info, and find that something is wrong. A field is missing, invalid email, et cetera. When displaying the form to the user again I of course don't want him to have to type in everything again so I want to populate the input fields. Is it safe to do this without san...
How to create a secure login system using PHP Session variables? ...
I am trying to create example given at this site: http://download.oracle.com/docs/cd/E12839_01/web.1111/b32511/custom_assertions.htm#CIHFGJAG but While compiling I get following errors: Error(63,64): cannot access oracle.annotation.logging.Publish Error: error: in class file D:\Installations\Oracle\Middleware_11g\oracle_commo...
Has anyone had experience using SSL with net.tcp binding in WCF? Ive read its possible, but not finding good information on how to implement it. I would love to hear from anyone who knows about or who has implemented this. Thanks in advance... ...
I'm very new to Flex and I have what I think it a head-scratcher. I am building a little Flash app that will consume some web services over HTTP. When I am in Flexbuilder and run my app there, it works fine. When I goto to my FlexBuilder project on my OS and double-click on it, it works fine. When I zip up my bin-debug file, I get th...
Here is the model we are using to store the CC details how secure does this look? All our information is encrypted using public key encryption and the keypair is user dependent (its generated on the server and the private key is symmetric encrypted using the users password which is also Hashed on the database) So basically on first run ...
Storing credit card information securely and legally is very difficult and should not be attempted. I have no intention of storing credit card data but I'm dying to figure out the following: My credit card info is being stored on a server some where in the world. This data is (hopefully) not being stored on a merchant's server, but at s...
For the sake of argument, lets say that I've got a basicHttp WCF service. Besides implementing authentication (login/logout methods), what is stopping someone from just cracking open Visual Studio, adding a web reference to my website's service, and then playing playing around with my service? I'm not familiar with a method of stopping s...
Hi, I tried creating custom security and policy as given here: http://download.oracle.com/docs/cd/E15523_01/relnotes.1111/e10132/owsm.htm#CIADFGGC when I run the service client custom assertion is executed, returning successfully. public IResult execute(IContext context) throws WSMException { try { System.out....
In a servlet I have a config text file. How to prevent web access to it? So that only servlet code can get access to it? It is not encrypted and lays in the subdirectory of WebContent. ...
gpg = gnupg.GPG(gnupghome="/tmp/foldername", verbose=True) print "Import the Key :", gpg.import_keys(pub_key).summary() this two lines of code gives me public key exract which i further used in encryption. i need to get the equivalent metods in php . ...
Is it wise to use Domain Administrator as a SQL Windows Authentication log-in? ...
Hi guys, From within a webmethod (.net asmx file) - is it possible to determine from where the call to the webmethod came? Thank you ...
This is a variation on an existing question in SO about securing/obfuscating .Net applications in general. I'm developing an API in C# that includes some algorithms I'm keen to protect. I understand no method will be perfect, but what's the generally accepted method for doing this? I'd like my clients to be able to code against the ...
I have to encode a field so to make it secure of script injection. I know I can use HttpUtility.HtmlEncode and Decode, but this method for HI-ASCII characters goes out of the range of the field size in database and I dont want to change the size of data field column. Instead if I use HttpUtility.HtmlAttributeEncode, it works fine beca...
I need to do something I don't even know if is possible.. We have a code that handle crypted data, and we have another software that is open source and need to manipulate this data, both are desktop stand alone softwares. I'm wondering, is there a way to create a "secure environment" in Java to use the open source software as a plugin,...
Can an attacker attach a debugger to my app after installing it to the market, or does the app have to be marked as debuggable first? How secure is this? Are there ways to get around it? ...
Hello all, I've developing an ASP.NET application that interfaces with Google Maps and retrieves marker information from a database. The marker information is split into tables in the database, where the name of the table reflects a company (e.g. CompanyA_MarkerData, CompanyB_MarkerData etc). In order to periodically update the map with...
We maintain a DLL that does a lot of system-related things; traversing the file system, registry, etc. The callers of this DLL may or may not be using impersonation. In order to better support all possible scenarios I'm trying to modify it to be smarter. I'll use the example of deleting a file. Currently we just call DeleteFile(), an...