I am working on an iPhone app that uses CoreData(with SQLite) to stores some sensitive biographical data that is downloaded via a Restful Web Services for offline use in the device. I am worried that the competition could pay a subscription and extract the .sql file via SSH with a jailbroken device, and make copies of the data that has...
If we assume that an attacker is able to control the clock of Alice, Bob, and the KDC (key distribution center) how could the attacker attack the Kerberos protocol? ...
Is it possible to use Rhino Mocks to mock WindowsImpersonationContext? I get: System.MissingMethodException : Can't find a constructor with matching arguments ----> System.MissingMethodException : Constructor on type 'WindowsImpersonationContextProxy04bee852de914d5b8a47d6776edc4cb3' var windowsImpersonationContext = mockRepository....
In SharePoint, the definition of the 'View Only' permissions level is as follows: Members of this group can view pages, list items, and documents. If the document has a server-side file handler available, they can only view the document using the server-side file handler. What is considered to be a server-side file handle...
I have just started PHP and mySQL and need to know if this is "safe". The login information is passed into the following PHP file through AJAX (jQuery). jQuery AJAX $("#login_form").submit(function(){ $.post("login.php",{user:$('#username').val(),pass:$('#password').val()} ,function(data) PHP ob_start(); mysql_connect("-", "-", ...
We have a Java 1.4 web service running on AIX 5. We want to have the web service methods execute under the context of the caller, not the hosting web server. How would we go about this? ...
I just came accross a site that has been hacked and I'm wondering what this javascript does. so far as I can tell it attempts to redirect the page somewhere but fails. It looks like it made its way into every last file on the server. <script> function sF() { }; var sMN = new Array(); sF.prototype = { b: function () { ...
Is there a way to list which users and AD groups have permissions to a folder and all sub folders in a TFS project? EDIT: We are using TFS 2008 ...
Example, i have a session that i gave to users that have maching password = stored password, like all simple login system : if ($pSys->checkPassword($AccountData['password'], $StoredData['password'])) { // Checks Password and Username $_SESSION['login'] = true; } so the question is, is this secure enough? function loginChec...
Hello, I'm creating a service that will gather user data such as username, name, email, login password. How do I securely store this data? One thing I was thinking is store it encrypted in the DB so that if anyone gets access to the DB they won't be able to use the data. But that arises two issues - #1 - much much slower search of the ...
Hi, I have a ms sql server database with a growing number of stored procedures and user defined functions and I see some need to organize the code better. My idea was to split sps and functions over several schemata. The default schema would hold the the sps called from the outside. The API of the database in other words. A second schem...
Many users – myself included – would like the security of having everything they do on a web service encrypted. That is, they don't won't any one at the web service to be able to look at their: posts, info, tasks, etc... This is also major complaint in this discussion of an otherwise cool service: http://news.ycombinator.com/item?id=154...
I am using SimpleHtmlDOM PHP quite successfully to scrape some of my favorite webpages. Some of these pages, however, require me to log in before I can get at the information that I really care about. Does anyone know how (or if it's possible) to get this library to access a page that requires a username and password be enterred before y...
The NSA provides a guide to securing version 2.0 of the .NET framework here: http://www.nsa.gov/ia/_files/app/I731-008R-2006.pdf I was wondering if they provide guides for later versions e.g. version 3.0 or 3.5? Also, I'm interested in any other links especially those from NIST or NSA on .NET security. ...
How can Malroy impersonate Alice in the Wide Mouth Frog protocol? Notation: A: Alice B: Bob S: Trusted server Ta: Timestamp A Ts: Timestamp S Kab: Session key between A and B Kas: Session key between A and S Kbs: Session key between B and S Protocol: step 1: A->S:A,{Ta,Kab,B}Kas step 2: S->B:{Ts,Kab,A}Kbs ...
Any user that tries to access some secure resources on my webapp A needs to be authenticated with a webapp B. B has access to the user credentials password etc., I am wondering about the right way to go about this. One alternative would be to have a filter protecting my secure pages. If a user that is unauthenticated access A secure res...
I apologize ahead of time, becuase I'm neither great at explaining things nor flow charts. This is not a specific code problem, but a general question on session security. I'm trying to eliminate as many potential problems as possible at once. I think this takes care of: CSRF Session fixation Session prediction Cookie theft (through b...
I'm writing an internal business application that needs to access a number of different databases. Each database needs a different password. I'm loathed to actually hard-code my passwords because if they change then Ill be forever having to modify them in my code. Not to mention the fact that there is no attempt at security in this situa...
Someone (probably a bot) sent a request with the following URL to my ASP.NET 4.0 web forms application (running on IIS 7.0): http://ipaddress-of-my-applications-domain/bla1.bla2.bla3.bla4.bla5:) This caused an System.Web.HttpException. I received a logging email from ASP.NET HealthMonitoring I had configured, telling me: A potentially...
Why does the Kerberos protocol not feature perfect forward secrecy? ...