Hello! I've a question regarding distributed transactions. Let's assume I have 3 transaction programs: Transaction A begin a=read(A) b=read(B) c=a+b write(C,c) commit Transaction B begin a=read(A) a=a+1 write(A,a) commit Transaction C begin c=read(C) c=c*2 write(A,c) commit So there are 5 pairs of critical operations: C2-A5...
I am doing connection string encryption. we use our own encryption key with AES algorithm to do this. during the process, we need to convert string to byte array and then convert byte array back to string. I found the encoding play an important role on those conversions. So I need to know the encoding C# is using to get above conversio...
Hi All, Here is a situation I am currently addressing. I am working on a Web project with its security being tied up with the Active Directory. Which means technically when you add a user through the application we are adding a new user to the Active Directory on the Server. Now my question is, is this a good practise? At this ...
Recently I installed a certificate on the website I'm working on. I've made as much of the site as possible work with HTTP, but after you log in, it has to remain in HTTPS to prevent session hi-jacking, doesn't it? Unfortunately, this causes some problems with Google Maps; I get warnings in IE saying "this page contains insecure conten...
Hi Is there a permission to allow one app to read the (private) data/data//files/... files of another application? If not, how do backup programs like MyBackup work? C ...
How does interprocess communication generate security holes? Examples appreciated. ...
Hello World, I am trying to piece together a solution to a problem. Basically I am using Silverlight 4 with C# 4.0 to access the world of warcraft armoury. If anyone has done this - please oh please provide the working .net 4.0 code. The code I am attempting to run is (e.Error contains a securtiy error): private void button10_Click(ob...
I would like to set it up so that my domain account is allowed to publish a clickonce app without having to provide domain/admin (or local/admin) credentials. I had this set up once before but do not recall how or where I did this. ...
I am using wicket 1.4.7 + spring 3.0 + spring security 3.0 Problem is : Spring security authenticate the user via cookie (remember-me service) but Wicket's AuthenticatedWebSession couldn't understand this and populate login panel. How can i solve it ? Thanks. ...
I'm providing a RESTful API. This API is used by a third party desktop application. The API is currently secured using Basic Authentication. That isn't very secure because the credentials have to be stored in the client application. The communication between the desktop app and the API can also easily be intercepted. The desktop applica...
Should the HTML5 database be used to store any form of private information? Say we have the following scenario; You're browsing a web-mail client, that uses the web database to store mail drafts after you've written some information you close the web browser. What's to stop me from getting access to this information? If the webpage t...
This script was added to a defaced web page of a client web site running PHP. I have no clue what this script can do, and do not know whether this is really malicious. Can someone advise. Please find code below.... var GU = ''; var h; var X = new String(); var mP = ""; H = function () { var F = ["hu"]; function L(Lc, O, d) { ...
No matter what I do I cannot get either of these local File URIs: <a href="file:///c:/">x</a> <a href="file:///C:">x</a> <a href="file:///C:\">x</a> <a href="file://C:">x</a> <a href="file:///C|/">x</a> <a href="file:///C|">x</a> <a href="C:\">x</a> <a href="C:">x</a> <a href="#" onclick="return window.open('c:\\');">#</a> ...to work....
Hi! I've been reading about XSS and I made a simple form with a text and submit input, but when I execute <script>alert();</script> on it, nothing happens, the server gets that string and that's all. What do I have to do for make it vulnerable?? (then I'll learn what I shouldn't do hehe) Cheers. ...
I am adding security to my web service and chose to sign the Timestamp and Token. While reading docs I found a lot of examples where they sign the Body of the SOAP message. My question is: what is best to sign? From what I understand signing the Body could lead to performance issues if the Body is pretty large. Thanks. ...
I'm retrieving a X509Certificate2 from my local X509Store and I'd like to use it to digitally sign emails. I'm using the SignedCms.ComputeSignature to generate the signature, but without the private key it throws exception "Keyset does not exist". So how do I enter the private key programmatically? The ComputeSignature(cmsSigner, fals...
Hello, I have a little vb.net script that will copy a file, set its attributes to Normal, update the file time, and then set back the attributes to match those of the source file. If IO.File.Exists(Destination) Then IO.File.SetAttributes(Destination, IO.FileAttributes.Normal) IO.File.Copy(Source, Destination, True) IO.File.SetAttribut...
So I'm having a heck of a time trying to piece together what I think is a pretty simple implementation. This is very similar to another StackOverflow question only I can't leverage Tomcat to handle role based authentication. I have an Apache httpd server in front of my app that handles authentication and then passes LDAP roles to a Jer...
Normally, when a site requires that you are logged in before you can access a certain page, you are taken to the login screen and after successfully authenticating yourself, you are redirected back to the originally requested page. This is great for usability - but without careful scrutiny, this feature can easily become an open redirect...
I've finally got this PHP email script working (didn't work on localhost…), but my concern is that it's not safe. So - is this safe for spamming and any other security pitfalls I'm not aware of? <?php $email = '[email protected]'; $subject = 'Notify about stuff'; $notify = $_REQUEST['email']; if (!preg_match("/\w+([-+.]\w+)*@\w...