Hello, what I am trying to do is to force some arbitrary JavaScript code to execute "inside" a DOM element, e.g. <div>. In other words, is it possible to make a piece of code "thinking" that <div> is the root of document hierarchy (or <body> of a document)? Real life example: Let's say we have a page that allows executing JavaScript ...
I am looking for an implementation similar to that of what is seen on banking sites. If a user comes to the site I want them to have to pass some form of registration IE (answer a question or enter in some key). If the user closes the browser and comes back to the site again from that machine they would just be able to provide login cr...
Hi, I am thinking of secure ways to serve HTML and JSON to JavaScript. Currently I am just outputting the JSON like: ajax.php?type=article&id=15 { "name": "something", "content": "some content" } but I do realize this is a security risk -- because the articles are created by users. So, someone could insert script tags (just ...
Can i get installed certificates on my system through java something like this Eg. Certificate[] certificate = someClass.getsystemCertificates(); Is there is some api available for this???? ...
What is the point of signing your code like Java's jars when everyone can do it with jarsigner? How does it provide security? ...
So I was thinking of writing a irc bot/bot extension that lets users play certain text based games by starting the game, sending parts of certain lines they enter(regexp match for game signal if not in bots channel ex. rbot gamename enter the forest . sends "enter the forest) to std in of game, while standard out of game is cached by ...
I want to have a login form on a charity website I am building (it's for a friend, and I'm learning on the go), and I want to know what languages/software should I learn to build databases for user logins and info? Note: it HAS to be secure and relatively simple to learn for someone with moderate programming experience. Update: I unders...
I recently found the code below in one of my directories, in a file called doc.php. The file functions or links to a file manager. It's quite nicely done. Basically, it lists all the files in the current directory, and it lets you change directories. It had access to all my files (add, rename, info, delete...). I don't remember installi...
Facebook and others offer little iframe snipplets that I can put in my site. Example: <iframe src="http://www.facebook.com/widgets/like.php?href=http://example.com" scrolling="no" frameborder="0" style="border:none; width:450px; height:80px"></iframe> What I'd like to know is, if I put this code inside my side, could ...
I would like to put a link back to my site on other "approved" domains. When they click on the link it goes to a page that checks the referrer ($_SERVER['HTTP_REFERRER']) to make sure they came from a domain that is approved to have my link. This can be spoofed so how can I make sure the clicks are actually coming from the approved domai...
I need to distribute a PHP site and want to control the installation, to do this, I extract a unique identifier based on the hardware of the machine where it is installed and send it to a Web site for validation. I want to find a way to extract the unique identifier without using the Win32 API PECL extension. How I can do this? ...
I'm currently writing a couple of MVC sites using Kohana as my framework. Each has a simple admin area where the admin can upload and edit content. I'm currently storing the admin's user model in a session and checking whether or not they're an administrator with the following method: private function checkAdmin() { if (!isset($_S...
I have just started PHP and MySQL and have created a login form and all works well! Now I am looking to add ajax and the first method I considered is using the jQuery $.post method. I am okay with the code and here is a quick idea of what I will be doing: function login(){ $.post('login.php', { username:form.username.value, ...
We have the following: iPhone native app, with login form that posts to: A php script on remote web server which checks against MySQL user table. For security, would it be best practice to use some two-way encryption to encrypt every request? including this initial login? otherwise the user and pass will simple be passed to the web a...
How can I look for any client side call backs in javascript. I have people adding javascript code for me. how do I make sure they are not somehow sending confidential data or user info to their sites through client side POST, GET, AJAX or any client side methods! How would I do the same thing for my server side code like to see my php p...
how can i implement a secure transfer from login form on client to server in php? i mean coding password and user ,something except using https. ...
When I set the text of the ErrorMessage Literal control, the text is not visible). Note that ErrorMessage is found (not Nothing/NULL) and the Visible property is TRUE. Any idea how to set this text? I'd rather not create a redundant Error label. Protected Sub CreateUserWizard1_CreatingUser(ByVal sender As Object, ByVal e As System.We...
Hi, Most of the literature on security talks about the importance of defining a security policy before starting to workout on the mechanisms and implementation. While this seems logical, it is quite unclear as to what defining a security policy really means. Has anyone here had any experience in defining a security policy, and if so: ...
Hi. I make security system in mvc application. In MVC it must be done by AuthorizeAttribute and roles string via actions methods. Could i make this stuff: instead of action resolve I want to make view where html parts are hidden depend on current user permission set (For example: save button are not visible if user not Administrator). ...
Hello everyone, I am using SQL Server 2008 Enterprise on Windows Server 2008 Enterprise. In SQL Server Management Studio, I can execute the statement "select * from syscolumns" successfully, but I can not find the syscolumns table from SQL Server Management Studio, any ideas what is wrong or how to find this table? (I mean syscolumns t...