I'm about to create the update system for .NET CF application. It is going to be a manual update system, customer will be able to "check for available updates" and install them. There will be one global update server for about 500-5000 devices. The application will be distributed as a zip compressed folder. The client application will ...
(C#, ASP.NET 3.5 Environment) I'm using Microsoft's DSOFile.dll for counting the pages in a word document (.doc format). When I deployed my application to a medium trust environment (GoDaddy) I got a security exception. I narrowed my web service down to the line which is causing the problem, and it looks like it takes place in the follow...
Like most users, I'm simply trying to figure out a secure way to store passwords. What I haven't found here (or maybe it's my lack of understanding) is how to retrieve a salted hash in my database and separate the salt from the hashed password, especially with unique salts to each password while maintaining the salt+password in a single ...
I just came back from a hackers conference about internet security and I'm interested in learning web security and protecting companies from hackers. But I don't know where to start and what languages to learn.. Could anybody point me in the right direction for this? ...
Ok, I have developed this WinForms client, which interacts with a server (ASPX Application) by means of WCF calls. I would now like to deploy the server to my shared webhost, but I'm kinda new to WCF and especially the security possibilities behind it. The goal is to kind of secure the WCF service, so that not everybody that knows or f...
I have to secure a section of my GWT based application from accessing it directly via some url. Actually there is an index page which is login page. The use gives credentials and enters into the app (the module to be saved). Currently what I am doing is that when a user logs in I save his username into session ( session.setAttribute(“u...
Given the path of a string i want to wipe out the contents of a file. The natural way I thought (which maybe incorrect) was to open a FileStream to the file and write gibberish (random data perhaps taken from a RNGCryptoServiceProvider) to it. And then perhaps do this several times and then delete the file. My problem is that while thi...
What is best for storing passwords? Should I be Encrypting or hashing password for you users table ? What do you prefer, and why? Could you please provide an example of secure password storage. ...
Hello, I've built an ASP.NET application that's using Forms Authentication. In our hosting account control panel, I set up an automated task that requests a web page once per week. When the page loads, a number of emails are sent out. I'd just like to know if there's any way to determine in the code-behind if the request is coming from...
I am trying to get authentication and authorization working with my ASP MVC project. I've run the aspnet_regsql.exe tool without any problem and see the aspnetdb database on my server (using the Management Studio tool). my connection string in my web.config is: <connectionStrings> <add name="ApplicationServices" connectionStri...
I have a main website running on AppEngine. It's on a subdomain like main.example.com. This main application is a content portal for our customers. It offers an Ajax application built on YUI. Customers can upload data to it. Users authenticate using Federated Login. The Ajax application on it allows users to process the data previousl...
From what I understand document.cookie only gets your cookies for the current site you are on. Would it be possible for a malicious site to get around this by using an iFrame, modifying my HTTP header, making a request to the target site or some other method? ...
Hey guys I have my own webserver that is hosting a website that I recently installed/setup a self-signed SSL cert. Securing the website seemed to go fine, but in firefox and IE I sometimes get pop up boxes that say something along the lines of "There is a mix of secure and insecure information on this page..." and in the firefox error co...
Dear Guys, I have written a program in vb.net 2008 (using .net 3.5). It's a decent size program. One part of this program is to access an online database and encrypt/decrypt files. To access db I use a hardcoded password. To encrypt/decrypt files I used a hardcoded key. No matter what I do I would need to hardcode one of the two things ...
Hi, i am writing an asp.net mvc c# site which will not use sessions... What are my options for prividing login functionality without sessions? ...
Hello Stackers, Right now I'm learning about the CakePHP framework, and I just wanted to know what makes CakePHP secure. How secure are its components like for example how secure is the authentication component. Also, what can we do as developers to increase the security of our CakePHP base web application? Also do you guys recommend a...
Hello all, I am starting to learn everything about security and secure programming. I have always heard about things like buffer overflow vulnerability. But I don't know yet how such vulnerabilities are exploited. And how can we program securely enough to make sure that our code is robust. When I say all this, my programming language...
I was given the task of creating a registration page for an upcoming church retreat. Design-wise, it will consist of fields for name, sex, phone number, email, and grade. We need a way for the end user to put their credit/debit card info and have it charge them for the retreat. After some searching I found that Braintree offers a good s...
I have been developing a login library for a website using CodeIgniter. The authentication code is as follows: function signin($username, $password) { $CI =& get_instance(); $query_auth=$this->db->query('SELECT user_id, banned FROM user WHERE username=? AND password=SHA1(CONCAT(?,salt)) LIMIT 1', array($username, $password)); ...
Hello, How can you detect if the client browser has SSL support? I am not refering to the server Variables HTTPS_* . I want to be able to determine if the browser has no SSL support. P.S. I know this is possible because this company (http://www.cyscape.com) has a product that can even detect when you unselect SSL support from your bro...