Hi, I have a block of gsp I'd like to reuse and make into a little gsp snippet: <sec:ifLoggedIn> <g:link controller="user" action="showProfile">My Profile</g:link> | <g:link controller="privateMessage" action="list">Inbox</g:link> | <g:link controller="user" action="showPreferences">Preferences</g:link> | <g:link control...
Has anyone come across a bulletproof function/class (homemade or native) for securing contact forms? ...
My team implemented a UI to assign/revoke permission levels to users on a certain SharePoint list. The UI supplies an "undo" feature to restore the rights the user had before they were changed through our UI. Now there is a problem if the user had the "Limited Access" permission level: This permission level is removed when you do a chan...
Title says it all. ...
Hi, I'd like to find out what session ID hijacking protection is built into the current version of ASP.NET. I recently saw this very informative article that explains how session security can be enhanced by implementing an additional layer that encodes the IP address and user agent header into the session id. These details are then ve...
Hi, Can somebody please advise a very advanced book on the architecture of the web application development, preferably in .Net I'm interested in patterns and designs, code security and re-usability I have studied a variety of books, but they all seem to be for beginner/intermediate levels. ...
Does anyone have a detailed explanation on how integers can be exploited? I have been reading a lot about the concept, and I understand what an it is, and I understand buffer overflows, but I dont understand how one could modify memory reliably, or in a way to modify application flow, by making an integer larger than its defined memory.....
I need to be able to tell the user if their password is strong or weak (or in between). Is there a library or a function that already does this? If there isn't, what would be the best approach to determining if a password is secure or not? ...
Hi, Has anyone used DTLS on Android or is there an open source Java implementation that supports DTLS? What are my other options for securing UDP traffic on Android ? Thanks. ...
How can I secure the communication between a C# programm running locally on my computer and a SQL Server in a hosted environment? I have an asp.net application that is secured by SSL encryption. So using the asp.net from an open wlan connection is no problem. How can I achieve the same kind of encryption for my administrative tool? Wou...
I would like to safely be able to simulate open with O_CREAT | O_WRONLY | O_TRUNC | O_NOFOLLOW and O_CREAT | O_WRONLY | O_APPEND | O_NOFOLLOW on systems that do not support O_NOFOLLOW. I can somewhat achieve what I am asking for with: struct stat lst; if (lstat(filename, &lst) != -1 && S_ISLNK(lst.st_mode)) { errno = ELOOP; retu...
Hi, How do I run PHP Security Scanner and SpikePHPSecAudit? I've already extracted them at the root of my website and thought it could be run like phpSecInfo where you just navigate to www.mySite.com/phpsecinfo/index.php Any assistance will be appreciated. ps I am using Windows XP and XAMPP ...
Hi Guys, Like everyone of us, I have my own dreams about developing the next cool product that will be adopted by many users and become industry standard. Surprisingly, I find that the most challenging task is to keep my website up & running. My site is being hacked again and again no matter what I do - I blocked the FTP connections, cha...
Have you ever created application/website that worked on first, with no bugs in IE/Firefox/Chrome...? Or it's just dream of every programmer? :) ...
Hi, I am using database with a list of username/passwords, and a simple web form that allows for users to enter their username/password. When they submit the page, I simply do a stored procedure check to authenticate. If they are authorised, then their user details (e.g. username, dob, address, company address, other important info) ...
Today I read about MD5 hash and was wondering if this is possible. seems like a recursive problem... or is there a solution? ...
How frequent (and/or sophisticated) are man-in-the-middle attacks? About In cryptography, the man-in-the-middle attack (often abbreviated MITM), or bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them,...
Can I encrypt shared files on windows server and allow only authenticated domain users have access to these files? The scenario as follows: I have a software development company, and I would like to protect my source code from being copied by my programmers. One problem is that some programmers use their own laptops to developing the ...
Hello, I am collecting as information as possible about http(s) session attacks. There is a plenty of information about existing attacks, but, i would like to know if some new breeds of attacks are now made possible either by security flaws in popular software or technologies or by new smarter security engineering. Do you have some re...
I've got a simple WPF 4.0 app that currently has no concept of user security. I need to add some very simple username/password based security and access the credentials in just a couple of spots, and want to utilize Thread.CurrentPrincipal. I am wondering what the ramifications of simply changing this property are? Will it affect the .Ne...