In our project there are several places where we could've gotten away with hashing. For example, we store an encrypted reference between a license and the licensed object in the database along with the unencrypted reference. This is to ensure that the user can't change the entity they have licensed by mucking with the database. The ma...
Hello, I've been trying to find a proper way to pass some information, such as password, to my applet. Since the code is executed on the client, I don't want to put that information in clear text in the "param". I'm using php as script to generate the web page. So, I was wondering if there was already some kind of solution/mechanism? ...
I came across this statement Do not use "forgotten password" functionality. But if you must, ensure that you are only providing information to the actual user, e.g. by using an email address or challenge question that the legitimate user already provided in the past; do not allow the current user to change this identi...
Is there any module which provides somehow basic "secure" deletion, sth. like the Linux utility "wipe", e.g. import securitystuff securitystuff.wipe( filename ) I need to protect company source codes which should not be easily retrievable anymore. Thank you, Marcus P.S. Yes I know "wipe" is not perfect, e.g. on journalling filesyste...
Hi all! I'm developing a java web service, with client certificate security enabled. I don't want to add a parameter to each method with a user ID. Since the user is already authenticating through the soap header with his client certificate, is it possible to fetch the user data (common name, email, etc) from his certificate? Thanks! ...
I want to provide license to the simple console application. I used RSACrypttoServiceProvider class to encrypt and decrypt. I also want to use LicFileLicenseProvider class to grant license for my application. how to inherit LicFileLicenseProvider class and use it? Namespase.classname.lic file contains text - "Namespase.classname is a lic...
I'm creating a login system in PHP, and I want to know how to best protect the user information string in my cookie. I was thinking of encrypting the string with a key somehow? Is this the best way? I'm kinda new to this. Thanks in advance. ...
I am developing an application for schools in South Africa which is required to submit data in XML format to the State IT Agency for statistical processing. I am currently generating the XML files using PHP's DOMDocument class. My files have gone through a first stage verification process. The next stage is to implement encryption and c...
Surprisingly enough there's very little information on the Web about using Bouncy Castle's lightweight API. After looking around for a while I was able to put together a basic example: RSAKeyPairGenerator generator = new RSAKeyPairGenerator(); generator.init(new RSAKeyGenerationParameters ( new BigInteger("10001", 16),//publ...
How can we encrypted user credentials when they are transmitted with php? (in login forms) Thanks ...
I am interesting in using a Discretionary Access Control List with Membership provided by .Net Security. Are there any implementations of this that exist in .Net or open source? Is there a way to use .Net security as a DACL? Does a custom solution have to be built? Thanks. ...
The main page is www.myserver.com:80 and the ajax references www.myserver.com:8081. The status code is 0 and the text is null. Is this a cross domain denial? ...
Hi, The Case: UI JQuery Dialog should contain credit data of customer, when the rest of the page is product catalog in http. Question: Its possible to secure Jquery ui dialog with https when the rest of the page in http? or all the page have to be https and not only dialog? (What I know that dialog is part of the page because that ...
Pardon the length here...hopefully I didn't go overboard... I'm in the process of working on my first production MVC application and I'm trying to stick to DDD principles in the process. I've run into some questions related to how to deal with the security requirements of the application and thought I'd see if the SO community could of...
Hi I'm currently building an web application for a customer that uses a rich client. (Flex) In this application, a user has a password, as well as a couple of other key attributes that are used throughout the system for identification purposes. (Eg., things like mothers maiden name). A user logs on with their password initially. Th...
I just got hammered on a Security Audit by Deloitte on behalf of SFDC. Basically we use flex and communicate via AMF. We use FluorineFX for this (as opposed to LCDS and Blaze). We are being told that because the AMF response is not encoded and that someone can manipulate the AMF parameters and insert Javascript that this is a XSS vulnera...
After much research it appears to create and use our own security manager in the web browser control in IE we need to override the GetSecurityId method for both IInternetHostSecurityManager and IInternetSecurityManager as at some point they are compared and if found to return a different result they throw a UnauthorizedAccess exception. ...
I'm designing a training program in C++ that will be distributed to a large number of facilities, most of which won't have much in the way of an IT staff. The program connects via a TCP connection to a central database which stores various pieces of data for research and evaluation purposes. The problem I have is that I would like to ma...
I know this question has been asked before, but I haven't found any answers that seem ideal. I have a php app that needs a login system. I'm no crypto expert by any means, and I am wary of reinventing the wheel, which has doubtless been invented many times already, and very well. I'm wondering if anyone is aware of a good authenticati...
We are developing a suite of windows applications for a client and need to add a security module. The basic needs are fairly simple: A function to return a list of permissions: string[] AllowedApplications = Security.GetList("Applications"); string[] AllowedMenusAndButtons = Security.GetList("Functions"); //In General: string[] Allowed...