Is there any method to tell from javascript if the browser has "enhanced security configuration" enabled? I keep running into problems with certain controls not working from within dynamically loaded content. This only happens with browsers running on Windows Server 2003/2008 systems - even when I add the server to the "trusted" zone. ...
I have given the particular permission for the particular user. Only that menu will be enabled which permission is set for that user. I have two problems.... 1) Menu item should be invisible rather than disable 2) If any User copy the page name which it has no access and can open it.. Suggest any....(urgent) ...
I have two XML files, structured as follows: My Key <RSAKeyValue> <Modulus> ... </Modulus> <Exponent> ... </Exponent> <P> ... </P> <Q> ... </Q> <DP> ... </DP> <DQ> ... </DQ> <InverseQ> ... </InverseQ> <D> ... </D> </RSAKeyValue> A Public Key <RSAKeyValue> <Modulus> ... </Modulus> <Exponent> ... </Exponent> </RS...
Hello, we are using the native BlackBerry camera in our app, using the Invoke class to start the camera. We listen for an image being written to the filesystem, and when the user is finished with the camera, we call Application.getApplication().requestForeground(); inside fileJournalChanged() to get back to our app. This caused a p...
I've heard a lot about trust levels, had people try to explain it to me but still am unable to give a scenario in which I would apply one trust level over another. I've read through MSDN's article but it didn't do much for me. Can someone provide a real world example of when you would want to use the various levels (Full, High, Medium,...
Just now i'm writing a project, and i desided to write it with jquery and ajax requests. only thing, i don't know, is it secure enough? for example, when i verify the username, when registering new user, i use jquery ajax request, i get the array of existing usernames from db(with json), and then verify, if new_username not inArray() ...
Could someone enumerate the main differences between OAuth 2.0 and previous versions? Or point me to good documentation. (Not the full OAuth 2.0 Protocol draft; I don't have time to read it.) ...
Hi, I am a bit of a newbie around Security nitty gritties and especially around Cryptography. In the application we are building(ASP.net application built on .NET 3.5), we are currently using Databases to save our users authentication information (AD etc is not an option at this point). The intention is to do a one way salted hash of t...
Hello all, I'm wondering if I can have multiple public keys for a private key. Can this be done? If so, what are the security issues!? If I generate multiple key pairs based on the same initial values (with no initial vector), shouldn't the keys be "compatible"? I'm just checking some things out and I would appreciate any help :) Ch...
I've been playing around with Bouncy Castle's implementation of RSA (Lightweight API) and got the basics figured out. Looking at their spec for JCE provider implementation I noticed that different padding schemes can be used with RSA. From what I understand, by default null padding is used. So I began exploring OAEP padding, particularly...
Hi. How can I deny access to particular directory in IIS. In Apache I could just add .htaccess file: Order allow,deny Deny from all to Logs or cache directory and nobody will allowed to see any content in that directory. However when I add Web.config: <?xml version="1.0"?> <configuration> <system.web> <authorization> ...
Hi, Application I am developing does some kind of server-side authorization. Communication is done via secure channel (HTTPS in my case, with valid SSL cert). I plan to implement something that will verify if remote server is exactly who he claims to be. I know that no client-side protection is unbreakable, especially given enough time...
Considering writing a wifi cracking (wep, wpa) auditing tool for the android platform, but I am wondering if it is possible to do without a rooted phone. I had thought it would be impossible to run on an unrooted phone due to the phones wifi chip ignoring packets not addressed to the phone. That is, without the ability to set the wifi c...
What is the most secure implementation of OpenID technology? Is there someone out there who knows enough about security, cryptography and OpenID specifications? No rumors, just facts. I would like to know all about insecurities of network communication process between OpenID provider and OpenID-enabled site during: logging in is user...
A lot of Android apps are open source, but how can we make sure the person who finally uploads to the Google Market does not include some spyware just before uploading? Background: Mobile apps security seems to be a growing concern, and I would like to reassure the users of my Open Source Android app. Solutions that require to modify th...
Hi There is something I don't understand, When I don't put certificate at all, the SSL connection is established successfully, I wonder how the server decrypt the message without client certificate. What is client side certificate is for? Thanks ...
I am new to web development. Am I allowed to store users' original passwords? I know good practice is to store the hashed password using a salt, but why don't we store the original password? Is it because the database is easily hacked, so hashing protects passwords? Are there any other reasons? If not, I would like to store the origi...
What attacks or security vulnerabilities are specific to WPF applications? To clarify, I'm not asking how to do SQL Injection on WPF apps, or what kind of crypto should I use, or... I'm also not specifically asking about flaws in the Framework, or in WPF itself, rather flaws that might manifest based on improper implementation. Very spec...
Scenario: Web-service producer have only SHA-1 hash of passwords stored in database. We need to authenticate Web-service users using User Name/Password combination. Web Services Security UsernameToken Profile allows us to add soap headers for this purpose: The element is introduced in the WSS: SOAP Message Security document...
This is a broad question in search of a decent broad answer, but I am really curious about which key issues professional developers must account for in terms of security. How do you make your website more hacker-proof? How do you ensure the security of your companies' databases? I'm a real noob with security issues but I am keen to hea...