I am trying to sign a token object using SHA1. I am using bouncycastle as the security provider. Whenever the program tries to sign something it gives me this error. java.security.SignatureException: java.lang.IllegalArgumentException: input data too large. What is the maximum size for signing something? Do you have any suggestions ab...
With the current issues with Network Solutions sites being hacked, I'm in need of a tool (preferably freeware) that I can install into my site and it will email me the second a file change/update occurs. Any recommendations welcome :) This site is on a shared server hosting package. ...
I am building a Sharepoint web part that will be used by all users, but can only be modified by admins. The web part connects to a web service which needs credentials. I hard coded credentials in the web part's code. query.Credentials = new System.Net.NetworkCredential("username", "password", "domain"); query is an instance of the we...
Hi all, I am curious about the security of PHP on an HTML webpage where PHP code is embedded (a webpage that would exist on the server as "webpage.php") or on a PHP script that may be referenced by an HTML page (that is, a PHP script that is not actually part of a webpage that exists on the server as "something.php" and is referenced by ...
Hi all, I've got a WCF service setup which I can consume and use as intendid... but only on the same machine. I'm looking to get this working over multiple computers and I'm not fussed about the security. However when I set (client side) the security to = none, I get a InvalidOperationException: The service certificate is not prov...
Is there any system to check that a php script is secure or not? Thanks in advance ...
My web applications security is handled by Spring Security 3.02 but I can't find any out of the box support for Brute Force Detection. I would like to implement some application level BFD protection. For example by storing failed login attempt per user in the database (JPA). The attacked user accounts could then get a lockout period or...
Hi, I have installed Java EE 6 with GlassfishV3. I want to use NSS tools to manage the security of the server, i.e generating certificates using certutil. However I can't find the NSS library and tools in Glassfish. On the other hand, I read the documentations of Java EE 6 and it says that it still supports NSS! Does anybody know about...
Hi Is there a security risk if an application called page.ashx called internal only page.ashx, can a hacker conclude that another page is called. I don't want anyone to access this page. it looks stupid I know, but it is a part of more complex problem. thanks ...
Hi I have inherited a conventional three tier web app with ASP.net 2.0 for the UI, .Net web services (ASMX) in the middle tier and SQL Server 2005 for the DB. This is currently an intranet application with the only users being company employees. Currently the application uses Active Directory (AD) authentication. At the login screen, t...
Our computer system at work requires users to change their password every few weeks, and you cannot have the same password as you had previously. It remembers something like 20 of your last passwords. I discovered most people simply increment a digit at the end of their password, so "thisismypassword1" becomes "thisismypassword2" then 3,...
H Regarding this URL http://www.codeproject.com/KB/aspnet/FlashUpload.aspx User.Identity as System.Web.Security.FormsIdentity is always null, because the Identity is GenericIdentity, I assumed it will be as in the tutorial FormsIdentity, what is chances. Thanks ...
This is a simple database security & performance question, but I've always used either a special user (eg. mydbuser), or Windows' built-in Network Service account as the owner when attaching databases to my SQL Server instances. When deploying my database to a production server, is there a specific user I should stick to or avoid? I w...
I recently came upon a Microsoft article that touted new "defensive enhancements" of Windows 7. Specifically: Address space layout randomization (ASLR) Heap randomization Stack randomization The article went on to say that "...some of these defenses are in the core operating system, and the Microsoft Visual C++ compiler offers o...
one day after managing to defend against a massive DDoS attack now http://arabcrunch.com is hacked by someone who seems to change the posts title into Viagra ad on google search engine look how they damaged us: .google.com/search?hl=en&client=safari&rls=en&q=Viagra+Online+Pharmacy+-+Buy+Online+Viagra%2C+Cialis%2C+Levitra+wordpress+hack...
I have been on this problem for a while. I need to compare a paasword that the user enters to a password that is in the membership DB. The password is hashed and has a salt. Because of the lack of documentation I do not know if the salt is append to the password and then hashed how how it is created. I am unable to get this to match. Th...
Hi everyone, I would like to know how can I generate a random pre-master key PMK in java? (related in key exchange and authentication) Is it similar with other randam key generating? What particularly is a pre master key? Thanks, Sebby. ...
Hi, I have an [AllowPartiallyTrustedCallers] class library containing subtypes of the System.DataAnnotations.ValidationAttribute. The library is used on contract types of WCF services. In .NET 2/3.5, this worked fine. Since .NET 4.0 however, running a client of the service in the Visual Studio debugger results in the exception "Inherit...
I would like to SET ALL permissions to True for all users of a computer, while using Directory.CreateDirectory Could you point me a point to start? ...
i have a website that uses session cookies for security. it works fine and all, but any ajax requests right now are not secure. example being lets say a user is on a page. they can only get to this page if they are logged in with a session - so far so good. but now the ajax request they ask for is ajaxpages/somepage.php?somevar=somethin...