I have shared hosting, and within my own user space I run three different .com domains. One serves as the actual hosting plan master domain, and the other are subs via URL redirects and domain pointing. One of those subs is a Wordpress blog, and I'm concerned about the ability of an attacker to use security holes in Wordpress to access ...
Dear all, I use Seam 2.2.1.CR1 on Weblogic 10.3.2 (11g). I want to use an external SSO (the proprietary one Oracle provides, based on OID). I would like to integrate this external login (the login screen belongs to the SSO). Please note that I don't want to use an LdapStore. If I got this right, this would require me to have a login pag...
I'm looking over my security model and is wondering how you handle security (access control) in your projects? I'm not interested in simple winapps or webapps, but in n-tier applications. How do you control access? Do you do it in each tier, or only in the User/Service frontends? Are you using a homebrewed solution or are there any sta...
We have a memory intensive java applet that runs in IE. The client is trying to upgrade to IE8. They want to enable the security feature Enable memory protection to help mitigate online attacks. But when they do and try to access our application, they get the following error message: "– “Internet Explorer has stopped trying to res...
Hi all, I'd like to build a C application that I can then exploit to get some confidential information from the kernel memory. The issue is that I don't really understand where to start... I've found that the use of copy_to_user() without appropriate checks on the return value could lead to this sort of issue, but I don't understand ho...
New to php Sessions here. My stored user data is pretty minor and not very sensitive but of course I still want a secure site. I have stored their password hash in my db with salt. Do I need to validate a user on every page of my site using their password, or is that overkill? In other words, if they have successfully "logged in" and I ...
I'm getting this error (see title) while trying to parse an XML file in my ASP.NET MVC application. I'm in the early stages of development and I'm just trying to get this working with Visual Studio 2010's built-in DEV server. I have tried every combination of the following and still no luck: Granting FULL access to the NETWORK SERVICE...
I'm attempting to set up a small network of computers where 4 child nodes feed small snippets of data into 1 parent node. I need the data transmission between the nodes to be secure (secure as in, if the packets are intercepted it is not easy to determine their contents). Does anyone have suggestions? I looked into HTTPS POST and encrypt...
I have a user's name and password stored in their preferences. How do I go about passing it back into the webview in a secure way? I know if I do this it will work, but it just seems bad. There has to be a better way to post the variables. webview.loadUrl("http://mysite.com?name="+username+"&password="+somepassword); I've been loo...
The internet is so unsecure and unregulated that I frequently tell customers who use my app to never connect their production system to it!.. as a matter of fact, I tell them to acquire a standalone system exclusively dedicated to surfing the web and to never store any confidential info on it. Anything can be broken into and I truly beli...
Hi, While using session in Rails, what are the things that I have to be careful in perspective of security.? ...
I'm building a website that just allow each person in my office to access the page from their own PC placed at the office only. It looks like I need to identify a client from within the codes on the ASP.net web server. How can I do this? Please help! ...
I am pretty much confused as to when should I implement an ACL (access control list) system in my application though I can easily manage permission on groups simply by fetching the session group id and restricting access using the Auth component. How is an ACL solution better then the approach I discussed above (restricting the group a...
Hi Again, I have managed to integrate spring security to my GWT application using the following approach: http://technowobble.blogspot.com/2010_05_01_archive.html Note that I used the gwtrpcspring library for basic spring integration with GWT and it works well (non-invasive and efficient). My question for which I can't seem to find t...
I have two web applications both on the same IIS 7 box. One application is running in an app pool with .NET 2.0. The other is running in a different app pool with .NET 4. Both are running as the app pool identity and have identical settings. Each contains a virtual directory of a network share. To access the share, a username and passwor...
It is bad to name my form fields the same as my column names? I mean do people really do: <?php $id = intval($_POST['user_unique_key']); $name = mysql_real_escape_string($_POST['name_of_user']); $email = mysql_real_escape_string($_POST['user_mail_thing']); $address = mysql_real_escape_string($_POST['user_place_of_living']); //.......
There seems to be a lot of hype about asymmetric Public Key encryption. RSA, PGP... etc. You have a set of two keys and distribute one, so that either only you can encrypt the message or only you can decrypt the message. One method provides a way to verify the sender, while the other provides a way to secure the message. (Feel free to co...
I have made a small application in C. It does some file manipulation, basically searches and changes some files names. But if it is used in Win Vista/7 in the program files folder the program says permission denied. Is there anyway to bypass this? Also, can Java bypass this? ...
I've done a little googling but have been a bit overwhelmed by the amount of information. Until now, I've been considering asking for a valid md5 hash for every API call but I realized that it wouldn't be a difficult task to hijack such a system. Would you guys be kind enough to provide me with a few links that might help me in my search...
hi I am pretty new to security aspect of application. I have a C++ window service (server) that listens to a particular port for http requests. The http requests can be made via ajax or C# client. Due to some scope change now we have to secure this communication between the clients and custom server written in C++. Therefore i am looki...