Reading through the many questions regarding session hijacking here on Stackoverflow, I've gathered that the only 'solution' to validating a users session is by checking the user agent, which is such a weak layer of protection that I don't even bother to implement it. So, I was wondering what solutions you guys have implemented? Are you...
I'm using the following code to initialize database connection: public Connection getConnection() { try { if (null == connection) { String driverName = "com.mysql.jdbc.Driver"; // MySQL MM JDBC driver Class.forName(driverName); // Create a connection to the database ...
I'm just getting into learning about sessions, and for my purposes, I want to create something that upon every request from the client, the server authenticates that user, and only then performs data-handling for that user. However, I have seen a lot of examples with CodeIgniter where the session is set up as thus: $this->load->library...
Hi All, I am developing one web application ( using php), I want to provide more security to application so that no one can easily break the functionality. Brief explanation about my problem : In one module there is one stage where I am checking the source of the request ( from where this request is coming from ) Currently, I am using...
Hi I'm trying to encrypt and decrypt some text file data using .NET's ProtectedData.Protect method. I'd like to be able to encrypt the text (and save it to a file) on one machine and decrypt the text on a different machine. The machines are both in the same domain and both running the same service under the same username so I thought us...
I have a Java application executed from a ([ba]sh) shell script and unfortunately sometimes the people responsible for deploying it and starting it fail to switch to the appropriate user before starting the application. In this situation I'd like the application to not run at the very least, and ideally issue a warning not to do that. ...
Hey guys, I've been browsing around on SO for quite some time and can't thank everyone enough. I've finally come to a road block after ironing out the other bugs in my code: Tomcat 6's security manager combined with Java's security is stalling me. Basically, I've written a web application (that only trusted people will have access to,...
I'm doing some research on security and sitemaps in ASP.net and am unfortunately running short on time. I have not worked too much with ASP.net security so I'm not completely sure if I'm heading in the right direction. Here is my problem: I have a public website (i.e. on the internet) that will allow any user to sign up to. The websit...
Hi Guys, as I can imagine, this is a quite big topic. Let me explain: I have used MS Money for several years now and due to my "coding interest" it would be great to know where to start learning the basics for programming such an application. Better to say: Its not about how to design and write an application, its about the "bank detail...
I'd like to deny access to query linked servers to a group of users. I've put them in a role and assigned certain permissions to object level permissions to the that group. I'm at a loss after searching BOL and 'net how to DENY access to linked servers. EDIT: I decided to break out profiler to verify exactly what SSMS is calling when d...
When i Execute the Below Query it doesn't show me whether the guest account is enabled or disabled. SELECT name, type_desc, is_disabled FROM sys.server_principals ...
did someone know about a good perl module that implement the most of the functionality of paros proxy http://www.parosproxy.org/ if yes could someone provide some modules do that ...
I'm using Python's ssl library with an encrypted keyfile. However every time I wrap a socket, I'm prompted for the passphrase. Enter PEM pass phrase: How can I give the passphrase just once, and have Python hold the decrypted key open for the lifetime of the process? I'm very interested in the canonical openssl command line or C equi...
Hi , I have some webservices exposed through xfire and want to have security around those webservice calls. How can I add security without changing anything inside the web services? Basically I want to intercept these webservice calls before it is reaching actual webservice and to authenticate those calls. Please help me Regards Vishal...
Everywhere I have seen people talking about storing passwords in a database, they have almost always used MD5. What is wrong with AES, or SHA1? ...
I need to grant a specific account SERVICE_START permissions for a given Windows service. There seems to be some methods for doing so here, but would prefer a method that's native to PowerShell and doesn't require external tools, for ex. by using Get/Set-ACL cmdlets, or calling some .NET API. Does someone know how to do it in that fash...
I'm a PhD student looking at software watermarking techniques and I always get asked 'who uses it?' The answer to which I don't know. There is a large amount of academic work on the subject (most notably from Collberg et al.) but very little indication of it's prevalence in industry. Software watermarking involves embedding a unique iden...
I have some down time and I am think of picking a new project for fun. I am a college student and every year we have a online pitch competition. I want to create a project for this pitch competition that is approx 9 months from now. The problem is the project requires very high security and the competition is a very competitive. Things...
I need to build a small web app that will ultimately need to be launched via SSL. My question is, can I design and test it as if it was an ordinary application and only later add whatever is necessary to make it secure ? Or I have to test it over SSL right from the start. ...
JSON responses can be exploited by overriding Array constructors or if hostile values are not JavaScript string-escaped. Let's assume both of those vectors are addressed in the normal way. Google famously traps JSON response direct sourcing by prefixing all JSON with something like: throw 1; < don't be evil' > And then the rest of th...