I currently check every GET and POST variable with isset() and throw exceptions when isset() returns false. Example 1: if(!isset($_GET['some_var'])) throw new Exception('GET variable [some_var] is not set.'); $someVar = $_GET['some_var']; Example 2: if(!isset($_GET['some_num'])) throw new Exception('GET variable [some_num] ...
Google returns json like this: throw 1; <dont be evil> { foo: bar} and Facebooks ajax has json like this: for(;;); {"error":0,"errorSummary": ""} Why do they put code that would stop execution and makes invalid json? How do they parse it if it's invalid and would crash if you tried to eval it? Do they just remove it from the strin...
As most of you know, email is very insecure. Even with a SSL-secured connection between the client and the server that sends an email, the message itself will be in plaintext while it hops around nodes across the Internet, leaving it vulnerable to eavesdropping. Another consideration is the sender might not want the message to be reada...
Our distributes application uses Microsoft RPC for interprocess communications. Starting with Windows XP SP2 and Windows 2003 SP1 Microsoft tightened the bolts so now the programs on two different computers can't communicate that easily. Either they both must be running under suitable user accounts so that uathentication succeeds or the...
Im not sure that it is the right way but I use this functions for inputs . for example a contact form: RemoveXSS(mysql_real_escape_string($_POST['input'])) But with scanning, there is this result: Parameter Name: Query Based Parameter Type: FullQueryString Attack Pattern: /"ns="alert(0x00058B) I cant see anything in page when cl...
I found on Assembla's webhook tool possibility to integrate with twitter. To do this assembla uses such url: http://username:[email protected]/statuses/update.xml How twitter handles that kind of URL? Is this some standard? Does it require some special logic to perform login when someone POST data for URL with username:password? Ho...
I want to protect my applications from reverse engineering. What I would like to do is protect the executable from any tampering, such as with hex editors, resource editors, and dis-assembly tampering. My idea is to have the application check the hash value of itself against an imported value in a version file from the service server (...
I have an issue with a signed Netbeans RCP Application distributed via web start. When a user starts the application on a windows system (java 1.6.0_20) the second(!) time, the Mixed Code Warning appears. The NetBeans 6.9 build process doesnt add the "Trusted-Only" or "Trusted-Library" Attributes in the various jar files by default. ...
Our clients call our web service over SSL and authenticate themselves with a username and password. Our server then generates a symmetric key and sends it back to the client. Then, the client establishes a TCP connection to our server, and sends a login message. At this point, I want to authenticate the client. My idea is to have the c...
I would like to use TDE, but I cannot use it, so I have chosen to use the EncryptByCert and DecryptByCert functions. However, I was also considering encrypting/decrypting data in c# as shown here. My question is are EncryptByCert and DecryptByCert unsecure because the certificate is also stored in the database? How do people get around ...
I have an informal group that need to exchange emails between each other in a secured fashion. I am a programmer and can barely get away with using PGP (using http://www.jumaros.de/rsoft/index.html), so I cannot except the "average" person to send using PGP. I cannot change everyone's email to a PGP-enabled mail server either because eve...
I am working on an android application, and I need to use encryption for one aspect of it. I am really indifferent to which algorithm I use (AES, DES, RSA, etc...). I am aware that Java has a crypto package, but I am not at all familiar with. Can someone post an example on how to do an encrypt/decrypt function? Thanks ...
I have installed the latest WAMP server from http://www.wampserver.com/ on a VPS Windows 2003 machine for development purposes between a team of programmers that are geographically distributed around the world. We have also installed the CollabNet SVN server that is working over HTTP. I am concerned about security - even though this is...
I have created a certificate basically straight from the keytool example page: keytool -genkey -dname "cn=Anything, ou=Anything, o=Anything, c=US" -alias business -keypass kpi135 -keystore C:\mykeystore -storepass ab987c -validity 1095 I am trying to access this certificate and use the private key portion to digitally sign a portio...
I have some experience with programming, but I have very little experience when it comes to the security of programs. I've written a single-service server in Ruby which runs on a Windows XP computer to be used by a Linux computer in the same lab. The lab network is also behind a firewall, so there might not be a problem there, but I real...
I'm trying to encrypt and decrypt data using RSA in C#. I have the following MSTest unit test: const string rawPassword = "mypass"; // Encrypt string publicKey, privateKey; string encryptedPassword = RSAUtils.Encrypt(rawPassword, out publicKey, out privateKey); Assert.AreNotEqual(rawPassword, encryptedPassword, "Raw password and e...
Hi, I'm just setting up an SSL area of a website, and was just wondering... is it as simple as adding HTTPS on the url? (this is presuming I have a valid certificate of the hosting company?) Or is there something more to it? Thanks. ...
how i can i complete oauth authentication with php for jaiku? i completed authentications for google, facebook,friendfeed, etc. but for jaiku there is a problem. can you send an example for jaiku oauth? ...
How do I run validation checks on a password field in CakePHP, seeing that the password is hashed before I get a chance to run any checks on it? ...
Suppose I have some PHP code running inside a web server, for example, running a simple CakePHP app. From this app, I want to occasionally make a TLS connection out to some server to exchange some data. How is this typically done? (I have little experience with PHP.) What PHP plug-ins or libraries or whatever, are recommended to accompl...