Hi all! I'm looking into an offline web app solution using HTML5. The functionality is everything I need BUT the data stored can be directly queried right in the browser and therefore completely unsecure! Is there anyway to encrypt/hide so that the data is secure? Thanks, D. ...
I have a single installation of java in a system that runs 2 or 3 applications. All the applications use the same runtime. Is there a way to specify a different keystores for the ca certs than the one in java_home/jre/lib/security. That is, is there an option to specify an "extra" keystore that is loaded and added to the certs loaded ...
I'm currently trying to create a CMS using PHP, purely in the interest of education. I want the administrators to be able to create content, which will be parsed and saved on the server storage in pure HTML form to avoid the overhead that executing PHP script would incur. Unfortunately, I could only think of a few ways of doing so: Set...
I have a problem; I´m working on a little security application. I received an array, i.e. a sequence of bytes, and such bytes can be interpreted as assembly code. So, my question is... Does someone knows a library that I can use on my application and which can execute this bytes sequence and show what it does (or something like that) ? ...
I am running windows server with asp.net websites and sql server 2008 and IIS 6. It is working fine. Now I need to move my asp.net websites to another windows server and I have hard time setting correct file security for the new server. Is there any way to compare or move or see difference file security between two servers? ...
Hi folks, I have a specific Silverlight application, that is fed with data by a WCF-Service. I want to make sure, that the WCF-Service is only called by that specific Silverlight App. What is the best way to accomplish that and what do I have to do? It doesn't have to be a high security solution. Thanks in advance, Frank ...
I have an Action that needs to read a file from a secure location, so I have to use impersonation to read the file. This code WORKS: [AcceptVerbs(HttpVerbs.Get)] public ActionResult DirectDownload(Guid id) { if (Impersonator.ImpersonateValidUser()) { try { var path = "path to file"; if (!...
I want to let visitors of my web pages to access a textarea where they can write a tiny bit of javascript to configure certain features. Imagine the javascript to be something like this: { max:100; allowFeedback:false; filterEnabled:true ; } I would want to eval what they write and then my javascript would do something dep...
Hi http://msdn.microsoft.com/en-us/library/aa479314.aspx You have a user who successfully log in from a machine in Cybercafe, Hacker H able to sniff the network and get the sessionID of the user, Can H use the sessionId and act as the user from another machine? Can H enter http://folder/(session id)/CreditCardInformation.aspx to kno...
Hi, I'm gonna add authorization, user and groups management to my application, basically... you will can define a set of permissions for a concrete user or group. For example, you could specify whom can use a concrete resource. So I want to ensure that my assumptions about ACLs are right: A basic rule could be "Grant", "Deny", "NoSet...
Hello, I'm currently in the beginning of learning WCF, as some of the concepts and the functionality they provide look interesting and also useful in a project I'm undertaking. So far I've been following some pretty simple guides to get the hang of it but after creating my first host service I've come a bit unstuck, after trying to ret...
Hi; I'm trying to register a simple MSV1_0 subauthentication package for MS Windows Server 2003. I created a dll which implements required functions described in MSDN. I copied my dll to system32 folder. After that, I created a registry key Auth255 (I also tried Auth128) with a REG_SZ value ,which specifies my dll name, to this location;...
I know how Kerberos works and understand it purpose but I need some real world examples, where does it fit, and have you ever use it? ...
I need to hash some passwords with salt on postgresql, and I haven't been able to find any relevant documentation on how to get that done. So how can I hash passwords (with some salts) in postgresql? ...
Hi, How can i encrypt and later decrypt a value of a cookie in PHP (how secure will the encryption be ) ...
How do I protect my users from session hijacking? ...
I always take precautions regarding SQL INJECTION ATTACKS when data is saved between someone's iPhone and a remote database on the cloud. But is it also necessary to do the same... when just saving data (using sqlite) from someone's cell phone, to a database that's just on their own phone? What's the worse they can do? Delete their ow...
I have a webpage that a user logs into to. Now I want to provide the ability for a user to change their password using the ChangePasswork Control. The control does work as described here ChangePasswork Control for non-authenticated users. But I want to the behavior for authenticated users. I'm fairly new to asp so this could be a si...
Hi friends, I have a php file at my site, and I connect to db, get some records and list them in same file. mysql_connect("localhost", "blabla", "blabla") or die(mysql_error()); mysql_select_db("blabla") or die(mysql_error()); $blabla1 = mysql_query("SELECT * FROM gallery WHERE id_cat=1"); $blabla2 = mysql_query("SELECT * FROM gallery...
Hello, The title says it all, I have a Web Service written in .NET that provides data for an iPhone application. It will also allow the application make a "reservation." Currently it's all internal to the corporate network but obviously when the iPhone application is published I will need ensure the Web Service is available externally....