Why would $this->data show up an empty array after submit?
In Cakephp Why would $this->data show up an empty array after submit? i am using the security component. ...
security
Authentication and authorization - new to security
Need to develop a Web application that will be used to authenticate and authorize internal and external users to log and then re-route to web applications for the organization. The login application should be able to provider smooth integration with any future applications that needs a secured authentication. Should I be using WIF - Cla...
How to restrict file system when logged into terminal services: single login name
What I need to accomplish: With one login, when they are in the building I need them to see everything. When they are using terminal services with same login they should not be able to see the network. I can lock down the PC running terminal services as that is its only use. Details: Windows/2003 Server with terminal services. One l...
HTML/JavaScript compation for security.
I just ran across this point that references a security vulnerability in Web Apps that depends on looking at the size of encrypted web pages to deduce what the uses is doing. The simplest solution to this I can think of would be to use a tool to minify all static content so that (after encryption) only a small number of result sizes exis...
Security precautions and techniques for a User-submitted Code Demo Area
Hey folks Maybe this isn't really feasible. But basically, I've been developing a snippet-sharing website and I would like it to have a 'live demo area'. For example, you're browsing some snippets and click the Demo button. A new window pops up which executes the web code. I understand there are a gazillion security risks involved in...
Silverlight 4 Clipboard Security Exception "access is not allowed" ?
Hey, I'm new in Silverlight and i am doing some tests. With my current test I try to display in real time the current Clipboard content. But there is a weird behaviors with this code : namespace SilverlightTest { public partial class MainPage : UserControl { private Timer _timer; public MainPage() { InitializeCompo...
Are there existing web sites that use a photo as a electronic signature?
The use case: to sign a electronic document, users view the document, and if they agree take a picture of themselves with their webcam (done through Flash from the browser). Then a PDF is generated containing the document and the picture in place of signature. This is a biometric signature, which is not as strong as a digital (cryptogra...
security deleting a mysql row with jQuery $.post
I want to delete a row in my database and found an example on how to do this with jQuery's $.post() Now I am wondering about security though.. Can someone send a POST request to my delete-row.php script from another website? JS function deleterow(id) { // alert(typeof(id)); // number if (confirm('Are you sure want to delete?'))...
Game login authentication and security.
First off I will say I am completely new to security in coding. I am currently helping a friend develop a small game (in Python) which will have a login server. I don't have much knowledge regarding security, but I know many games do have issues with this. Everything from 3rd party applications (bots) to WPE packet manipulation. Consider...
How to make a page with a https iframe appear secure
Hi, I have a page on a website that contains a secure form inside an iframe. Although the form data submitted is secure the page doesn't appear secure as the URL in the browser is just http. Is there anything I can do to show the users that the form is secure? ...
How do i propagate security to my independent web service enteprise application?
Hello, I created a simple web application which contains web pages and one enterprise application which contains web services and EJBs for my web application. I managed to configure security for my web application. But now how do i propagate this security to my enterprise application on my EJB method methods? so that i can use annotatio...
WYSIWYG-editor with "add custom html feature" and secure (validated) html output?
I've been looking into some of the WYSIWYG editors (TinyMCE, FCKEditor, etc.) and they all seem to offer a lot of options. However, one vital feature that seems to lack is a simple "add custom html" option which would allow the user to input any of these embed-snippets you find all around the web these days, for example a youtube video....
How to securely pass credit card information between pages in PHP
How do you securely pass credit card information between pages in PHP? I am building an ecommerce application and I would like to have the users to go through the checkout like this: Enter Information -> Review -> Finalize Order Problem is that I am not sure on how to safely pass credit information from when the user inputs them to whe...
C++ Professional Code Analysis Tools
Hello there, I would like to ask about the available (free or not) Static and Dynamic code analysis tools that can be used to C++ applications ESPECIALLY COM and ActiveX. I am currently using Visual Studio's /analyze compiler option, which is good and all but I still feel there is lots of analysis to be done. I'm talking about a C++ ap...
Cross-Origin Resource Sharing (CORS) - am I missing something here?
I was reading about CORS (https://developer.mozilla.org/en/HTTP_access_control) and I think the implementation is both simple and effective. However, unless I'm missing something, I think there's a big part missing from the spec. As I understand, it's the foreign site that decides, based on the origin of the request (and optionally incl...
What's the best way to learn about programming security-related topics? (PHP)
I am currently building a site and all the books I have read on PHP so far are just on functionality and not much on security. Is there a book that deals specifically with making your code/site secure? I don't want to go public and the next day have all my code changed or my database erased by SQL injection. thanks ...
I have to implement Encryption using 3DES in java . I am new to it. Please suggest
I have to implement 3DES encryption using 3DES in java. As I am new to this. Could you please suggest and provide good samples to proceed. ...
WCF NetTcpBinding Security - how does it work?
Hi, encountered the following problems trying to work through the quagmire of settings in WCF... I created a WCF client server service using a NetTcp binding. I didn't make any changes to the security settings and when running on one machine it works very nicely. However, when I ran my client from another machine it complained that the ...
Providing security for a WebService consumed bu an ActiveX control.
hi In my application An ActiveX control is consuming web service hosted in a web app. Here the web App is using Forms authentication for security. in the configuration i intentionally avoided the security for the Web service with location tag, so that it can be consumed by the ActiveX control. What if i want to achive forms authent...
Should I use the GD library in PHP to draw CAPTCHA images?
Is PHP's GD library suitable for drawing images from scratch? Or would I be better off just importing an image and altering it... ...