Hi all Is it possible, using spring security plugin 0.5.3 with Grails 1.2.1, to authenticate a user using only one field? I mean, for example, making j_username and j_password fields in the authentication form equal previous to the authentication. I read it was possible to define j_username field in Config.groovy with acegi plugin, in o...
My next task will be to encrypt passwords. I am working at the database access layer and my co-worker has made this comment, implement SHA512 hash, on an empty method which I will implement. Any recommendation about this? ...
I am working on application which runs as a special unprivileged user. I would like to be able to easily check to see if the user can read a given file. It seems like this should be easy, even when I go into the file in Windows Explorer and see that the read permission is checked, it sometimes seems that there is still something preven...
Hi, I am currently running JDK 6 on Windows 7 and have installed the Unlimited Strength Policy Files. I wrote a Java app some time ago which used to work but now fails, giving an error message indicating that the SHA1PRNG SecureRandom is not available. I have tried printing a list of cryptographic providers available on the platform and ...
We are using security exits in WebsphereMQ 6.0 to provide security in java clients connecting to MQ and MQ - MQ connectivity. We use security exits to provide secure way to connect to Queue managers , Queue , channel. IS there any change in security mechanism in latest version so that we can completely avoid using security exits ? Thi...
From within a Java program, I want to be able to list out the Windows users and groups who have permission to read a given file. Java has no built-in ability to read the Windows ACL information out (at least until Java 7), so I'm looking for other solutions. Are there any third party libraries available which can provide direct access t...
I've read a number of SO questions on this topic, but grokking the applied practice of storing a salted hash of a password eludes me. Let's start with some ground rules: a password, "foobar12" (we are not discussing the strength of the password). a language, Java 1.6 for this discussion a database, postgreSQL, MySQL, SQL Server, Oracl...
Hi all, is there any (opensource) asp.net implementation (in the form of an httphandler or other) for the following paper: http://www.cse.msu.edu/~alexliu/publications/Cookie/cookie.pdf greetings, Tim ...
I have written an intranet application from which you can directly connect to a virtual machine by clicking on a RDP-button. The click calls a .bat file, which opens the connection. With IE, this is no problem, as you can choose to directly execute the batch file. But with Firefox, I can only download the script, and have to start it ma...
I've been trying to use persistent keychain references in an iPhone application. I found that if I created two different keychain items, I would get a different persistent reference each time (they look like 'genp.......1', 'genp.......2', …). However, attempts to look up the items by persistent reference always returned the content of t...
I'm starting a blog with a hosted wordpress instance and i would like to be able to stream music using a flash player on some posts. The problem is that every player i find uses a simple param to get the file url which makes it very easy for someone to find that url and just download the file. I know that it's probably impossible to pr...
I have tried and tried to achieve an SQL injection by making custom queries to the server outside of firefox. Inside the php, all variables are passed into the query in a string like this. Note, by this stage, $_POST has not been touched. mysql_query('INSERT INTO users (password, username) VALUES(' . sha1($_POST['password']) . ',' . $...
I have an VSTO (outlook-addin) application that uses Unity. It is deployed to a folder inside Programs Files and full trust is set on that folder to allow all code FullTrust that runs from there. What I am getting now is a strange error that I cannot get to the bottom of. System.Configuration.ConfigurationErrorsException: An error occ...
If I have a server with a database if top secret data in PostgreSQL and my password is practically impossible to crack (128 character string of all sorts of weird chars, generated by hand). The server password is also uncrackable in theory (basically, ignore the possibility of a password crack). Aside from a password crack, how easy is ...
I am working on the design of a high security application (involving financial information, personal information etc). I need to identify what security measures (application level) will be implemented. The application will involve sending data to and from a database, user login, import export to csv, txt files, and print function. What ...
In my project i have created a file upload.Now it is required that any exe file or exe file in a zip folder having .zip as extension, be prevented from being uploaded. Can someoe suggest me a solution? ...
I am trying to secure a controller action to prevent a user from accessing an Entity that they do not have access to. I am able to do this with the following code. public ActionResult Entity(string entityCode) { if (CurrentUser.VerifyEntityPermission(entityCode)) { //populate viewModel... ...
Ok so I need 2 of the 3. Something the user knows. Something the user has. Something the user is. I have a system that is exposed to the internet and we need clients to connect in a secure manner to satisfy our security standards. I'm thinking when a user registers to use our system we send them an application that they install on the...
Hi everyone, I have changed the Configure::write('Security.salt', '############'); value in the file config/core.php file to a '256-bit hex key'. Is it safe or a good practice to change these lines for every different installation of cakephp application or shall I revert back to the original ? I also changed the Configure::write...
Hey My Question is: Why don't use more webpages AJAX to load the Webpage content? Because of the fact that you can switch off JS or is there a thought about some security problem ? ...