In my app I'm creating folders for archiving old stuff from a harddisc. When creating a new folder I must copy all NTFS rights (Groups / Users) from the source folder to the newly created destination folder. Here is what I've written so far: FileSecurity fileSecurity = File.GetAccessControl(filenameSource, AccessControlSections.Al...
Hello Stackoverflowers, I am writing my own custom Identity class which implements IIdentity. I don't need to change the default method IsAuthenticated but so now I was wondering how does the default IIdentity determines if it should return true or false? I thought to find the answer in the FormsAuthenticationTicket I am using but not...
I have a classic Java SOA application, with a web UI module, web services module, a service module (Java API), a domain module and a persistence module. In a sense, each of these modules has their own public API. My understanding of Spring Security is that I can use web filters to handle the security of the web gui and web services,...
I have flash (AIR) application running on a single controlled system (there is only one computer running it and nobody has access to it). I will host some files on Amazon's S3 and I need to make sure that only my flash app running locally on that computer can access those files. I'm wondering what the best (most secure) approach would ...
Does MySQL have any equivalent feature to Oracle's virtual private databases in 10g. It is also known as row level security. I prefer not to implement anything like columns and triggers. I am looking for a solution similar to Oracle's. ...
Is it any safer to create a table holding user information and another one for their passwords than using the same table for everything? ...
I have a process running with elevated permissions (defined through manifest file /asAdministrator) and would like to launch an out-of-process Visual Studio instance with elevated permissions too. Currently VS is launched for OLE Automation purposes with the code below: Type type = System.Type.GetTypeFromProgID(dteVersion); DTE dte = (D...
i would love to use mod_xsendfile but i live in a shared environment which does not provide such a module. processing large files such as videos through a server-side script and sending it to the browser that way seems to be unacceptable in my case, so i am looking for a way to enable per-file authentication in such a way that is not goi...
I'm getting an issue with TFS where the documents folder is marked with a red cross. As far as I can tell, this seems to be a security issue, however, I am set-up as project admin on the relevant projects. I’ve come to the conclusion that it’s a security issue from running the TFS Project Admin tool (available here). When I run this, ...
i am new to Security. i want a good book that teach me how to create and use certificate , and log in using HTTPS. using jsp/servlet tech. ...
While working with some random sql queries on our databases, we may not want to insert or delete items to some of the database tables by just typing their names by mistake. So how to make them locked to the "editing", to be able to work safe. Thanks. ...
Hi All. I have a security problem in my website. A script code was added into my all pages like "<script src="Ip address/viewpic.asp"></script>" . It is between </head> and <body> tag. Now Google says "this site may be hartful for your pc!" about my site. How can i secure my website? I use C# and Visual Studio 2008. ...
We have a intranet site that runs on Drupal. If an employee hits the site from outside our network they are required to login first. If they are already in our network, they can browse around freely. So we have a function that checks where they are coming from and redirects them to a login page if they are from outside. If we enable ...
We have our application running on IIS 7, the application pool configured was classic. I have to changed some url re-writing to change the urls and removed .aspx as an extension from the urls. After deploying I have found that url re writing works with integrated mode only and secure pages stopped working. ie pages which are used to ope...
I am interested in hearing about enterprise solutions for SSN handling. (I looked pretty hard for any pre-existing post on SO, including reviewing the terriffic SO automated "Related Questions" list, and did not find anything, so hopefully this is not a repeat.) First, I think it is important to enumerate the reasons systems/databases ...
I just finished my first PHP site and now I have a security-related question. I used PEAR:DB for the database connection and made a separate parameter file for it. How should I hide this parameter file? I found a guide (http://www.kitebird.com/articles/peardb.html) that says: Another way to specify connection parameters is to put ...
Im trying to add a url based security constraint to solr deployed in websphere 6.1. If I specify the core name in the url of the constraint then the admin url for that core gives a 404. Has anyone had any success with this or any suggestions? Cheers ...
I am working on a project that involves Spring Security ACL and I came across the create permission BasePermission.CREATE. Would someone please explain how this is supposed to work or what it allows someone to do? It is my understanding that each object has an acl, and each acl has many ace's, and each ace has an sid and a permission. ...
I am looking for best practices in applying business logic to form elements in an ASP.NET MVC application. I assume the concepts would apply to most MVC patterns. The goal is to have all the business logic stem from the same place. I have a basic form with four elements: Textbox: for entering data Checkbox: for staff approval Checkb...
I use Firefox as my web browser, mostly for access to add-ins such as Flashblock and No-script. I noticed yesterday that the RAD Studio internal browser used for the Welcome Page etc has scripting and Active X etc enabled. Is there a way to disable scripting, or better still, block all access to non-local sources in the built-in browser?...