NSFileProtectionComplete for iOS 4.0 apps
I saw a WWDC 2010 video about NSFileProtectionComplete and protecting app's data. Are there any examples out there? Does any one have sample code to share? ...
security
Is it possible to resign a signed .net dll with a different key pair?
My colleague deploy a dll and he signed with the key generated on his machine.Right now I need to use the DLL in my project, so I need to resign the DLL, I generate a key pair on my computer, then try to resign it with sn.exe -R or sn.exe -Vr , but always failed. Is it possible to resign a signed .net dll with a different key pair? T...
How I can transform this scenario in GWT context
I have just started using GWT for web interface for our application. My app has three different views for three different types of users. Each user has different type of interface (i.e. different navigation different menus etc). There is one login page which will be index page of the application. The user shall enter the credentials an...
How do you securely connect a flash application within an Ajax menu and keep the flash session when the Ajax menu is closed?
How do you securely connect a flash application within an Ajax menu - and keep the flash session when the Ajax menu is closed? Example, click the A-jax menu which slides open thus revealing a flash application - log into the flash app takes you do some other secure menus (it's connecting via secure connection) but when I close the a-jax...
Is reflection secure?
I'm experimenting with PropertyChangeSupport which has the useful firePropertyChange method. If security is a concern, is it actually safe to use reflection to trigger methods as in the line below or would it be preferable to simply hardcode calls to method names? If reflection is a potential issue, how would one prevent it? method.invo...
What is the difference between a "nonce" and a "GUID"?
This question here is about creating an authentication scheme. The accepted answer given by AviD states Your use of a cryptographic nonce is also important, that many tend to skip over - e.g. "lets just use a GUID"... Which leads me to my question. Why wouldn't you just use a GUID? ...
Review my design: Password resetting facility for web site
When someone has lost a password, they click on the lost or forgotten password link. They will need to enter their email address, then answer their own secret question if the secret question is correct, an email will be sent to them with a link that expires after 24hrs. As the email is sent, a record is entered in a database table hold...
Is there a way to grab a webpage with Actionscript??? I get a SecurityError...
I am trying to grab a webpage with actionscript, but keep getting this error (example trying to grab github.com): [SWF] /get-webpage.swf - 2,708 bytes after decompression Error: Request for resource at http://github.com by requestor from http://localhost:4567/get-webpage.swf is denied due to lack of policy file permissions. ...
Invoke Windows Certificate Export Wizard .NET
Hi, Does anyone know how to invoke/display the Windows Certificate Export Wizard Programmically within C#.NET whilst providing an X509 Certificate? Many thanks ...
How to P/Invoke CryptUIWizExport Function using .NET
Can anyone translate these two cryptui.dll functions/structures into C#.NET [dllimport] wrappers? I would like to P/Invoke the CryptUIWizExport function to display the Windows Certificate Export Wizard. In particular, I need to pass a .NET X509Certificate as a parameter into the CryptUIWizExport function. You help is much appreciated!!! ...
What are the risks of PHP sessions?
So everyone says that sessions have security risks, I want to know what kind of risks are these? What can hackers do with sessions? This is not about knowing how to avoid attacks, I want to know how hackers are doing it, and what are they doing. I talk about PHP SESSIONS. ...
How does AppBrain's installation app work?
AppBrain has a fantastic new app that lets you automatically install applications on your phone using your web browser. Similar to the Chrome push. In their case, they are using it to let you install apps without a prompt directly on the phone. Engadget has a good video demonstrating their system. http://lifehacker.com/5582169/appbrain-...
include a website in php file
Hi i am trying to include a webpage link from another website into my website. how can i do this? i tried <?php web_include ('http://website.com/website.html') ; ?> but all the commands are not loading after this statement. I want to include another webpage into my homepage directly. my homepage is completely designed in php, but the ...
How do I prevent a user from logging in from 2 locations at the same time?
How do I prevent a user from logging in from 2 locations at the same time? A username and password can only be used by 1 person at the same time. Please send me the code in PHP. ...
Generating a CSR with Security framework on iPhone app?
Anyone know how to generate a CSR from within an iPhone app to send to the CA? If its not part of the security framework, then how is iPhone suppose to get certificate that authenticate it against a CA? Thanks much! ...
Algorithm development and Security Critique: Keeping website accounts in sync with system accounts
I am writing some software in Ruby on Rails to do some simple user management for login to our server. I am working on a method for the User controller that will allow a user to change their password on the server (FTP / website login) password. I would like the administration of the server passwords to be done through the website, and...
Security issue related to Virtual directory in Weblogic?
Hi all I wonder whether there is any related security issues if virtual directories are created, specifically in weblogic deployment. Given that I don't put any sensitive information in the directory, should I concern about anything else ? Thank you very much. Regards K. ...
Adding write access for low integrity processes under .Net
I'm creating an FileSecurity for file creation that should have an write access also for low integrity processes. FileSecurity fileAcl = new FileSecurity(); // add everyone IdentityReference sid = new SecurityIdentifier(WellKnownSidType.WorldSid, null); FileSystemAccessRule rule = new FileSystemAccessRule(sid, FileSystemRights.FullCont...
Question about POST method security
Let say I have a post from like this: <form action="myApp/form_action.asp" method="post"> First name: <input type="text" name="fname" /><br /> Last name: <input type="text" name="lname" /><br /> <input type="submit" value="Submit" /> </form> So, let say there is a really bad buy who want to do something in my application. For ex...
Coding strategy for securing sensitive data
A web application contains sensitive data of the users. Neither the operator of the web application nor the hosting provider should be able to see this data. Therefore I wanted to store these data in the DB encrypted with the entrance password of the users. dataInDB = encrypt (rawData, user password) With this strategy it is however...