I'm writing a multiuser application (.NET - C#) in which each user's data is separated from the others and there is no data that's common between users. It's critical to ensure that no user has access to another user's data. What are some approaches for implementing security at the database level and/or in the application architecture ...
I am looking at an embedded system where secrets are stored in flash that is internal to the chip package, and there is no physical interface to get that information out - all access to this flash is policed by program code. All DMA attacks and JTAG and such are disabled. This seems to be a common locked-down configuration for system-o...
Hi, I am creating a new Silverlight 4 business application using RIA services. This will be using a SQL-Server 2005 DB. There is no AD setup so I am required to use SQL Server Authentication. The details that the user uses to login to the system will be used to hit the SQL Server. E.g., if username="TestUser" and password="Password"...
Hi, I was wondering how you could encrypt/decrypt your querystring in a simple asp.net page? some values need to be passed between different pages but the querystring cannot be changed or read. Some say httphandles could be the solution for this. Any thoughts? MORE BACKGROUND INFO: hi thx for all the comments. this is the problem, s...
I have two passwords and two resulting hashes. I can't figure out how the hash is derived from the password. I don't know if salting is used. I don't know if the password is hashed as a integer value or as a string (possibly Unicode). Password: 6770 Hash: c12114b91a3841c143bbeb121693e80b Password: 9591 Hash: 25238d578b6a61c2c54bfe55742...
Hi, in my SQL2008 I have a user which is in the "db_datareader", "db_datawriter" and "db_ddladmin" DB roles, however when he tries to modify a table with SSMS he receives a message saying: You are not logged in as the database owner or system administrator. You might not be able to save changes to tables that you do not own. Of course...
(A)RC4 used to fit the bill, since it was so simple to write. But it's also less-than-secure these days. I'm wondering if there's a successor that's: Code is small enough to write & debug within an hour or so, using pseudo code as a template. Still considered secure, as of 2010. Optimized for software. Not encumbered by licensing iss...
Is There any concept of HTTPS in Iphone.how iphone apps are safe? if we are developing any apps related to some security?how can we provide security to iphone apps. I know that NSURL,NSURLConnection classes contains in Build HTTP but is there any concept of HTTPS? Thanks, ...
I'm doing a security audit on a fairly large php application and was wondering where I should include my user-input validation. Should I validate the data, then send the clean data off to the back-end functions or should I rely on each function to do it's own validation? Or even both? Is there any standard or best-practice for this so...
A customer asked me to prevent users from typing common passwords, but permit them to use only alphanumeric passwords. Do you know a regular expression to use in the built in PasswordStrengthRegularExpression option? Edit: I know is pretty vague, and that what I told the client. The definition is something like Do not allow the same ...
As I'm writing a django site from government bodies I'm not going to be able to use cookies. I found this snippet http://djangosnippets.org/snippets/1540/ but it's currently not allowing users to login. Before I start debugging I wondered if anyone else has solved this problem with this snippet or in any other way? UPDATE The ONLY an...
I couldn't find aes libraries in .net framework. Is there any external libraries? thanks ...
I'm writing a setup/installer script for my application, basically just a nice front end to the configuration file. One of the configuration variables is the executable path for mysql. After the user has typed it in (for example: /path/to/mysql-5.0/bin/mysql or just mysql if it is in their system PATH), I want to verify that it is correc...
I'm new to mysql, I'm trying to run Wordpress inmy windows desktop and it need Mysql. I install everything with Web Platform Installer which provided by microsoft. I never seta root password for mysql and in final step of installing wordpressit askfor root password of mysql. What is the default password for root (if there is one) and h...
I have some functionality that interfaces with the server's OS in my web application. I've written a bash script and am able to run it from within my app. However, some functionality of the script requires superuser privileges. What is the most sane way to run this script securely? It is being passed arguments from a web form, but shou...
I would like to integrate vulnerability scanner as part of our build process. Are there any open source tools worth looking at? ...
Is it possible to somehow view another websites php files/codes? Or to rephrase the question, Can my php codes be viewed by anybody except for those who have access to the file? If so, how can I best prevent this? Thanks Ps: Server OS is Ubuntu 9.10 and PHP version is 5+ (Apache2) ...
I have an asp.net web app storing user's cellphone number in Sql Server 2005. I want to use C# to encode cellphone number for security reason. Which encryption method should I use for cellphone Encode and Decode? DES、AES、RC4 or something else? ...
I have a php script which takes a relative pathname via $_GET, reads that file and creates a thumbnail of it. I dont want the user to be able to read any file from the server. Only files from a certain directory should be allowed, otherwiese the script should exit(). Here is my folder structure: files/ <-- all files from this folder a...
Hi, I have a login with Windows Authentication which is called domain\username. Now I want to map this login to my DB and the SSMS is proposing a user called domain\username as well. I don't know if I have to map the domain login to the database user as domain\username or simply as username. What is the best practice? THANKS ...