Hi, I have to create a java me web service client for wsdl of a secure site (https). When I try to do it using the conventional method of retrieving wsdl in netbeans, I get "IO Exception (Check Proxy Settings)" I have no idea what to do. Can anybody point me in the right direction?? Thanks in advance. ...
Hi, I have a question: In Flash, I have the ability to save certain info onto the server. Now the problem is the user needs to be authenticated as admin in order to do so. I can't use sessions, since if you work longer than 20 minutes in the Flash application, the session is gone. The way I see it, I have 2 possibilities: 1. passing a...
Hi, I have seen some captchas being decode using javascript, php, etc. How do they do it? For example, very popular megaupload site's captcha has also been decoded. ...
as far as i read from here, the fact that captchas are not 100% secure.what can be used instead of capcha?,as a programmer what do you think? how to solve this issue? Edit: thanks for all answers. ...
Is there anyway to let users write their own aspx templates with my defined dynamic variables? Note that I don't want to use Web Forms (so there are no tags like <asp:button> etc). In addition, I'd need a security solution so users can't change the system or do dangerous things like this. Thanks. ...
So I recently tested deassembling one of my android apps, and to my horror I discovered that the code was quite readable. Even worse, all my variable names where intact! I thought that those would be compressed to something unreadable at compile time. The app is triggered to expire after a certain time. However, now it was trivial for me...
We have a desktop and mobile application that is used to access many third party services. These services have some potentially sensitive information - eg Authentication tokens, and in some cases plaintext usernames/passwords. We want to provide a service to synchronise their settings across multiple computers and devices. That is - t...
Hello, I've started reading up on security (particularly authentication) with web services and I see a lot of references to security token services. From what I see, they take a username-password (or something) and, on validation, return a digital token. How is using this token any more secure then just relying on the username-passwor...
I have the raw bytes of public and private key in a buffer and want to use that information to encrypt / decrypt data. I do know that I could generate a keypair using SecKeyGeneratePair and then save it to the keychain, but i don't want that... essentially, i need the Objective-C equivalent of the following Java Code (using Bouncycastl...
I have 2 web sites running on the same server. Web1 needs to transfer data to web2 (same web server, different webs), passing sensitive data from one to the next. The browser will be using https. Are cookies possible/advisable here? My initial thoughts where to encrypt the data and pass through the querystring, both sites using a shared ...
I'm creating an application to track publications and grants for a university. Professors will need to put they CV into the system when it is up and running. Yeah, right. The person in charge is planning on hiring someone to input all of the information, but my questions is how? The strategy I'm thinking of is to install a backdoor. ...
I have an POJO in Google Web Toolkit like this that I can retrieve from the server. class Person implements Serializable { String name; Date creationDate; } When the client makes changes, I save it back to the server using the GWT RemoteServiceServlet like this: rpcService.saveObject(myPerson,...) The problem is that the user s...
We have a need to integrate a server with our WebSphere environment that does not support LTPA. I found the blog post here and corresponding code to decode the information in an LTPA token. However, there's no code explaining the digital signature and how that's generated/validated. Does anyone have any information on how to generate ...
Possible Duplicate: Protection of code from its own developers My company is planning in hiring outsourcers to work for us, but concerned to give whole existing code to outside world. What is the proper way to deal with security of sharing code in such cases? Is it possible to restrict part of code for developers? So each o...
First of all, I would like to say that I have used the search box looking for a similar question and was unsuccessful, maybe because of my poor english skills. I have a a 'homemade' framework. I have certain PHP files that must only be visible for the admin. The way I currently do this is check within every single page to see if a sessi...
I'm using a UserNamePasswordValidator in WCF along with Unity for my dependency injection, but since WCF creates the instance of the UserNamePasswordValidator, I cannot inject my container into the class. So how would one go about this? The simplest solution I can think of is to create a static proxy/wrapper class around a static insta...
We all know that all user data, GET/POST/Cookie etc etc needs to be validated for security. But when do you stop, once it's converted into a local variable? eg if (isValidxxx($_GET['foo']) == false) { throw InvalidArgumentException('Please enter a valid foo!'); } $foo = $_GET['foo']; fooProcessor($foo); function fooProcessor($foo)...
I've found out the hard way that my website can be hacked by passing a query string parameter that has many ../s to access files outside of the website directory, and then hack the website. Is there a way, perhaps through the php.ini, to not allow file includes outside of a certain root directory? To make things worse, most of what is ...
We have several applications that are installed in several departments that interact with database via Intranet. Users tend to use weak passwords or store login/password written on a sheets of paper where everybody can see them. I'm worried about login/password leakage & want to minimize consequences. Minimizing database-server attack s...
Consider a simple file upload system written in php. User has access only in admin panel. (Not FTP). He may change folder option from 707 to 755 for security issue. How can do this? Can we do this from upload script ? If yes is this a secure application? ...