Before uploading a file I need to salt the name with some additional information to increase the chance of the filename being unique (stateless-ly). Invoking FileInfo.LastWriteTime-get throws a SecurityException saying the process needs elevated priviledges. I can see to some extent that there exists certain historical information about...
Is there a way to find out if a user has the PIN lock or password lock screen security set? I know that you can check Settings.Secure.PATTERN_LOCK_ENABLED to read if the pattern is set. Even a value to read that shows if ANY security is set would be helpful. ...
I have an idea for a web application that involves a multiple users, two different applications (which will be run from a user's local machine), and a remote database server. Databases stored on remote server: 1) Username database - contains user information 2) application database - contains two rows, one for each application. Stores a...
This article about php form security: http://nedbatchelder.com/text/stopbots.html ... mentions a "spinner" as: The spinner is a hidden field used for a few things: it hashes together a number of values that prevent tampering and replays, and is used to obscure field names. The spinner is an MD5 hash of: * The timestamp, ...
In the project I'm currently working we're using WCF. Company policy forces us to use async calls and the reason should be security. I've asked why this is so much more secure but I don't get clear answers. Can someone explain why this is so much secure? ...
Hi Folks, I have a website where I can't use html_entities() or html_specialchars() to process user input data. Instead, I added a custom function, which in the end is a function, which uses an array $forbidden to clean the input string of all unwanted characters. At the moment I have '<', '>', "'" as unwanted characters because of sql-...
My web application will be launched through existing thick client applications. When launched, an HTTP POST request will be generated including information like the userID and additional context information (basically stuff like the target user's name, birthday, etc.). My plan for authentication is for there to be a look-up table in the...
Hi, I'm pulling my hair out a little bit over an issue we're having on one of our project environment servers. I'm trying to run 2 different versions of our site, from 2 different code bases. The site has a secure and a non secure area. I can, as expected, create as many non secure sites as I wish. The problem I'm having is that I ca...
I currently have my access permissions in web.config: <location path="Account"> <system.web> <authorization> <allow users="?"/> </authorization> </system.web> </location> ... I don't like this for two reasons: 1) web.config becomes a mess as my website builds up 2) I'm not sure it's good security to ke...
I have an contact mail form on my website and i want to make this form secure enough. Which is the best way to to this job, is there any way to hide php variables that i sent with post to another page. Any sample or link or idea ? Secure - i mean my data to be safe, since users will be inserting their personal data, like passport nu...
In an effort to increase performance, I was thinking of trying to eliminate a plain 'session cookie', but encrypt all the information in the cookie itself. A very simple example: userid= 12345 time=now() signature = hmac('SHA1',userid + ":" + time, secret); cookie = userid + ':' + time + ':' + signature; The time would be used for a...
When I create a filter in ArcSight with a lot of conditions, it doesn't always take all parts of the filter into account. Is there a limit to the number of conditions I can have in my filter? ...
What are the issues with double POSTing user data? I am building a site for a client that requires login to a bespoke backend system that I am constructing, and login at the same time to a third party system hosted on a seperate domain. Client system is built in PHP and Vendor system in .NET. The login process requires both sites to pe...
I am trying to register a .Net 4.0 compiled binary using regasm utillity. This ComInterOp assemply has to be deployed on a network share, and trying to register from the share fails with the error "Cound not load file or assembly or one of the dependecies". (registration works if the binary is on a local drive). It may be Code access sec...
I've been learning about networks and have been logging the post requests I make in firefox using LiveHttpHeaders. What is interesting is that when I log into sites, with or without https, the Post request which gets submitted includes my username and password in plain text! Isn't this dangerous in the case that a system administrator ke...
I need to store source code for a basic function in a database and allow it to be modified through an admin interface. this code will take several numbers and strings as parameters, and return a number or None. I know that eval is evil, so I need to implement a safe way to execute a very basic subset of python, or something syntactical...
Hi All, I am trying to run a java client with 2way SSL which uses CAC card as keystore for the client. I have addded the following system property in my client program to make it work and change the java.security file to add pcks11 provider. System.setProperty("javax.net.ssl.keyStoreType", "pkcs11"); System.setProperty("javax.net.debug...
Could someone provide links for tutorial about libwhisker library? ...
I was trying to understand how sessions work in PHP and found that session data is by default stored in the file system. In a shared hosting environment, session data can be read by PHP scripts written by any user. How can this be prevented ? ...
I have a rather convoluted scenario where I want to create a DynamicMethod that's attached to a class in an in-memory AssemblyBuilder. The dynamic method calls a method "GetReplacement" in a (regular) assembly of mine. This worked fine in .NET 2.0, but in .NET 4.0 I get an error: MethodAccessException: Attempt by security transparent m...