The Keychain seems to be used a lot for usernames and passwords, but is it a good idea to use it for other sensitive stuff (bank details, ID numbers etc), but with no password? What kind of encryption does the keychain use? The scenario I'm concerned about is a thief acquiring an iPhone (which is screen-locked) and being able to access t...
Hello, We have a CMS plugin that writes statistics to 1 table, this creates performance issues on the entire platform. We decided to use another statistics plugin which can connect to a different database server (the first plugin couldn't!) however we need parts of the first plugin. I want to lock the statistics table to prevent misusa...
I'm managing the MySQL database from PHP scripts. the communication between server and client is secured via SSL. I store user account data which is sensitive. Is there a way to encrypt this data when entered into the DB? What is the best way to protect this sensitive data? EDIT: I’m using a CRON job for updating data which relies on t...
Hi, I have a very basic doubt regarding cloud computing that is catching up pretty fast these days. To my understanding, cloud computing is a paradigm in which companies put up their data and applications on somebody else's machines aka 'The Cloud'. I want to know just how secure is it to put up my data on some third party machines, esp...
Hi all: This is the first time I am working for a front-end project that requires server-side authentication for AJAX requests. I've encountered problems like I cannot make a call of session_start as the beginning line of the "destination page", cuz that would get me a PHP Warning : Warning: session_start() [function.session-start]: C...
Hi, I'm a member and contributor of the Argentum Online (AO) community, the first MMORPG from Argentina, which is Free Software; which, although it's not 3D, it's really addictive and has some dozens of thousands of users. Really unluckily AO was developed in Visual Basic (yes, you can laugh) but the former community, so imagine, the c...
hi i want to implement SHA 1 Algorithm using java. Can any one help me Thanks in advance ...
I'm starting a blog and i'm in the process of choosing where should i host it. For now i want a free solution like Blogger or Wordpress.com. The problem i'm facing is that i want to use files i have in a S3 bucket in my blog but none of the blog solutions i found supports any kind of server code, which means that in order to use S3 quer...
Can resources be extracted from a compiled iPhone app that is released to the iTunes store? I'm particularly interested in the security of XML files... if I have copyrighted data in an XML document in my resource directory, how likely is it for someone to extract that information and paste it around the internet? If it's as easy as usi...
I have an app that reads xml from a database using NHibernate Dal. The dal calls stored procedures to read and encapsulate the data from the schema into an xml message, wrap it up to a message and enqueue it on an internal queue for processing. I would to secure the channel from the database reads to the dequeue action. What would be ...
I only got the account username (DOMAIN\USER). The check also has to take into account the user's groups. I'd like to use this sample, but I can't figure out how to get a WindowsIdentity only from a username without his password. ...
The mail() function is bad, because it is so permissive with headers that you pretty much can't use it with any user input without subjecting yourself or others to spam. So what is the simplest substitute that can still ensure that it's use is secure? Ideally something that can be included in an external file. ...
I have a c# evaluator which uses the (I think) the .Net 4 new simplified sandboxed appdomain model to host the c# assembly, with remoting doing the rest. The call to create the appdomain is Evidence ev = new Evidence(); ev.AddHostEvidence(new Zone(SecurityZone.Trusted)); PermissionSet pset = SecurityManager.GetSt...
Is there any way to secure your assembly down to the class/property & class/method level to prevent the using/calling of them from another assembly that isn't signed by our company? I would like to do this without any requirements on strong naming (like using StrongNameIdentityPermission) and stick with how an assembly is signed. I rea...
I have been creating an application using UDP for transmitting and receiving information. The problem I am running into is security. Right now I am using the IP/socketid in determining what data belongs to whom. However, I have been reading about how people could simply spoof their IP, then just send data as a specific IP. So this seems...
Hi, Is it possible to prevent the application installed on device from deleting in blackberry. For Ex: Say "myApp" is installed on the blackberry device. If the user try to delete the application from the device. It should not give him permission for delete. Please let me know is any rim api is available which will to prevent applicat...
So guys, there's plenty of different ciphers available - but which one is the safest to use nowadays? List: http://www.php.net/manual/en/mcrypt.ciphers.php ...
Hi all Let's say I have 2 AD security groups: "Access to SharePoint" and "Access to Archive". How do I set the security in this way on a SPWeb that only people who are member of both groups, are allowed access? Is this possible with out of the box AD tools? Thanks! ...
What is the safest communication method between two applications on the same machine, both Java and C/C++ clients with a Java server. Are SSL sockets safe enough or they can be broken by "man in the middle" attacks? The main concern here is how the clients can trust the local server? Would introducing a remote server improve the secur...
Hello, I used GWT 2.0 since a few days. So, I try to code an basic application with a login form and a page accessible only if i am logged. Usually in my web application with jsf for example, I use Spring Security 3.0 to configure and secure that kind of application. So, I decided to try to do the same thing with my GWT 2.0 application...