I am allowing people to upload their project files, I've tightened my security but I just need to get to the simple point. How can I stop execution of any files in the subdirectories they're uploading too? I'm thinking .htaccess but I'd need to generate one for each new subdirectory (I think), would I need to scrap my current code and u...
Hi, I am writing a little app similar to omegle. I have a http server written in Java and a client which is a html document. The main way of communication is by http requests (long polling). I've implemented some sort of security by using the https protocol and I have a securityid for every client that connects to the server. When the ...
I know many web projects still use the older MD5() or SHA1() when creating hashes. However, in my projects I have been using SHA256 for stronger/longer hashes since when I last checked the there was some question about which hashes were the bester ones to use. So I just chose the government standard (at the time). However, I'm wondering...
From page 5 of Bernstein's paper, it says to do a simple summation equation of c_q * r ^(q-x+1) from 1 to q and mod the entire thing by 2^130-5, add it to an AES output and mod it by 2^128. However, I cannot seem to get his test vectors. one of them is: c1 124bcb676f4f39395d883fb0f19ea3c66 c2 13...
Hi If the Microsoft Web Protection Library can have custom white-lists http://wpl.codeplex.com/ I am also wondering do you need to do anything special to get it to work with asp.net mvc? I am going through it's methods and I see AntiXss..::.GetSafeHtml AntiXss..::.GetSafeHtmlFragment Method AntiXss..::.HtmlEncode Method AntiXss.....
Possible Duplicates: What security issues should I look out for in PHP What should a developer know before building a public web site? The project i was working on is nearly complete and near launching ,But i want to make sure it is hack-proof as mine friend/partner thinks we have some enemies those can hire smart hackers t...
I am trying to write a website that has user accounts. There isn't much sensitive information other than the password and email address. But I don't really understand what I'm doing; I'm kind of hacking it along as I go. Is there anything I should be keeping in mind with respect to security or any other important details? ...
Hi I am trying to stop XSS attack so I am using html agility pack to make my whitelist and Microsoft Anti-Cross Site Scripting Library to deal with the rest. Now I am looking at encoding all html hrefs. I get a big string of html code that can contain hrefs. Accours to MS Library they have an URL encode but if you encode the whole URl...
I'm receiving many failed login requests from spammers/bots that are trying to brute-force the credentials, also I'm receiving many requests to pages like /forum/index.php. I wrote a script to parse the IP's of those attackers from production.log: #!/bin/bash # Failed Logins grep "Failed " ~/app/log/production.log | egrep -o -e "[0-9]...
Hi I want to see if my encoding is working however the example I made just reverts back to non encoded after it goes back to the page. <a href="http://search.msn.com/results.aspx%3fq%3dIamBad">Click Here!</a> Turns back into <a href="http://search.msn.com/results.aspx?q=IamBad">Click Here!</a> Edit UrlEncode Untrusted in...
This is a WTF moment for me. Working with a SWf where it's worked all along, loading data from http://akmi.kaltura.com. But, now, if you switch from Flash Player 10 to Flash Player 10.1, I get the standard security sandbox violation: * Security Sandbox Violation * Connection to http://akmi.kaltura.com//index.php/partnerservices2/...
I got very concerned reading this genius post by Aza Raskin. What are the non-browsers solutions to defend against TabNabbing? Are there any? ...
I'm working with a security policy on Tomcat 6. I've successfully granted permissions to my entire webapp, but would like to grant some permissions only to specific classes. However, when I try this, my doPrivileged block receives an AccessControlException. Because I've been successful granting to a more general code base, I went back...
Is a user able to edit localstorage (and sessionstorage) items? Specifically, would a malicious user be able to edit it like cookies can be edited? I am researching session info for a web application I am writing, and I had the idea of using localstorage for some items. Yes, I have looked into session variables, and I am probably going ...
I have a system which is a CRM of sorts, it essentially manages customers claims that they have been mis-sold insurance. This system is expected to handle a fairly high volume of claims and several call center desks have been enlisted to that effect. The general workflow of the system is; call center recieves a claim and enters it on...
A good security practice is never to maintain a database of login passwords for your system but instead to maintain a database of hashes of passwords (using some suitable hash function) and at login compare the hash of the password provided with the information stored in the database. However, I am increasingly seeing examples of logins...
Hi, What are good options to restrict the type of html tags a user is allowed to enter into a form field? I'd like to be able to do that client side (presumably using JavaScript), server-side in PHP if it's too heavy for the user's browser, and possibly a combo of both if appropriate. Effectively I'd like users to be able to submit da...
Okay so like everything else IE8 is giving some serious problems. When trying to load MooTools into the browser IE8 just gives me a "A security problem occurred" error. I think it may have something to do with the clashing of files or something but I can't seem to figure it out. Here's a web address so you can see for yourself. http://w...
Can you give me some information about the strongest way of ddos attack ? Is botnet the strongest way of ddosing ? Thanks in advace ...
Phishing is a very serious problem that we face. However, banks are the biggest targets. What methods can a bank use to protect its self from phishing attacks? What methods should someone use to protect themselves. Why does it stop attacks? ...