Hi guys, I am inserting data into a mySQL database, but I am inserting banking details so it is very sensitive, how can I secure it and protect against it getting into the wrong hands? At the moment the code is still very basic, without any preventative measures in place, mysql_connect("localhost", "user", "pass") or die(mysql_error())...
When using Jasypt's StandardPBEStringEncryptor we have to set password explicitly in spring bean configuration file. Is it ok and secure to have the password in the bean configuration file? Will it be a problem in PCI Compliance to store the encryptor password? ...
So I made a landing page for all these forms that the marketing department at my work makes. One of the fields they pass is a URL that I redirect to after I'm done processing - a thank you page. Recently, I discovered a URL that looked like this: http://www.oursite.com/folder/thank-you.php?thankyou=free-guide&amp;adgroup=<?php e...
I'm relatively new to dotnetnuke and am trying to set up a simple site which will have multiple user groups with their own set of files and then another user that has access to all files. I'm currently playing with doing this with the "documents" module and hiding the module from all but the everything user and the specific company user...
Is there a way to only allow POST requests to j_security_check? I want to reject GETs. ...
Hey everyone, I've been trying to figure out what computer field I want to go into later on in life. College is just around the corner for me and I've considered looking into Computer Engineering, Software Engineering, etc. Lately, I've been looking into computer security systems and exploitations of such (purely for educational purpos...
Hi, I am getting a Client Hello message from the Client during handshake and after that Server is not able to respond back with Server Hello message. The server will send this message (ServerHello) in response to a ClientHello message when it was able to find an acceptable set of algorithms.If it cannot find such a match, it will respon...
I want to use node.js (or other SSJS solution), running my own code + external written code inside (untrusted). Any way to seperate and protect my own code? Could I limit the modules and system effect of th untrusted code (limit access to files, non HTTP ports, etc.)? ...
I'm currently working on an application where we receive private health information. One of the biggest concerns is with the SSN. Currently, we don't use the SSN for anything, but in the future we'd like to be able to use it to uniquely identify a patient across multiple facilities. The only way I can see to do that reliably is throug...
PMD has a rule called ArrayIsStoredDirectly in the Sun Security ruleset: Constructors and methods receiving arrays should clone objects and store the copy. This prevents that future changes from the user affect the internal functionality. Here is their example: public class Foo { private String [] x; public void foo (String [] ...
I'm using jQuery in an app which registers user clicks to perform a given action through the .click() binding, and I want this functionality to be available only through a user mousedown. One of my friends pointed out today that it's possible to run $(element).click() from a javascript terminal in Firebug (or something similar), and achi...
Can anyone suggest some good resources, preferrably free, that I can read to thoroughly understand the basics of getting my web app secure? It is being written with a Rails back-end, and regular HTML, CSS, jQuery front-end. For instance, the proper security practices for handling users login. To storing info in the db, to anything else...
Hi all, I have this problem, I was trying to create a subauthentication package for windows 7. But no samples are available. Can someone please help. Sid ...
I'm working on a completely ajax-driven application where all requests pass through what basically amounts to a main controller which, at its bare bones, looks something like this: if(strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') { fetch($page); } Is this generally sufficient to protect against cross-site requ...
Hi all, I want to limit what PHP functionality my users have access to. For instance there is an object $data and the user likes to use if for and echo. Obviously allowing him to write PHP would be a serious vulnerability. Is there any way to run this PHP in a sandbox or would you recommend any lightweight PHP template engine? ...
Lets say i have a website mysite.com that will store some sensitive personal data (bank related) On this website i have an oracle database with a USERS tables that will store the logins and passwords of users from mysite.com I have a few questions : How should i store passwords,encryption of course, but which ? What should be the pro...
Sorry if this has been asked before, I did check but couldn't find anything... Is there a function in Unix to encrypt and decrypt a password in a batch file so that I can pipe it into some other commands in a bash file? I realise that doing this provides no real security, it is more to stop someone accidentally seeing the password if t...
I have a flash file which captures an image from a webcam and sends it to the server. This file works fine under ActionScript 2.0 but under 3.0 I get an Unspecified Error and the debugger crashes on the return eval in : function __flash__addCallback(instance, name) { instance[name] = function () { return eval(instance.CallFuncti...
Hi, i want to know which are the main security issues that i must remember when i develop a file transfer program. ...
In my WPF Desktop sample Book Store application I want to manage Users and Roles. With multiple Users I want to achieve below points 1) Application Should have multiple user 2) User has 3 categories a) Admin b) Manager c) Employee 3) Application can have multiple roles like, add books, sale books, Update Stocks, Generate Purchase Orde...