Multiple image upload and resize Images : SECURITY
Is multiple upload secure in php? How can I prevent security holes? Thanks in advance ...
security
JAVA or .NET which is more secure?
To make a secure website which language is more preferable .NET, JAVA or others and why? ...
<? or <?php --- is there any difference?
Possible Duplicates: Are PHP short tags acceptable to use? What does <?= mean when seen in PHP is there any difference in using <? ?> to signify a php block, or using <?php ?> ? if there is not, why would anyone use <?php ? figure the file extension of .php would give plenty of info about what type of code you are looking ...
What for are the commonly used PKCS-Standards: PKCS#7, PKCS#10 and PKCS#12?
What for are the commonly used PKCS-Standards: PKCS#7, PKCS#10 and PKCS#12? ...
How to calculate the Modular Multiplicative inverse of a number in the context of RSA encryption?
How to calculate the Modular Multiplicative inverse of a number in the context of RSA encryption? ...
Securing third-party JavaScript code
I'm building a system that allows multiple third-party plugins/gadgets conforming to the system's API to be run simultaneously on the page. What is the best practice of securing or isolating these plugins from one another, aside from running them in separate iframes? Should I design the API so that data fields of these plugins are priv...
PostMessage: Access Denied
The application shall receive messages from all processes of the system. Messages are sent using PostMessage call, which returns an error (5, access denied). The code works correctly on Windows XP SP2, but on Windows 7 application receive messages from only itself, which it should be supposed to get message from every application. Rea...
Is there an argument to be made for/against checking for authentication in every JSP?
Is there an argument to be made for/against checking for authentication in every JSP? Maybe via a custom tag or some such thing. The argument that I am hearing is that it is useful to show different content based on the user authentication state. If I use a filter or container managed security that means I can protect a set of director...
Authentication for IIS content in virtual directory under ASP.NET MVC website
Hello. I have an ASP.NET MVC application for which I store uploaded content files in a virtual directory. This virtual directory is directly underneath my MVC website in IIS. My problem is that the virtual directory allows anonymous access. Anyone, logged in or not, can type in a public URL to my virtual directory and read the files in ...
Authentication and Authorization Framework for Java Web-Application
H folks, I am programming a Web-Application with JEE, JSF and Hibernate. I do not use Spring or EJB! Now I am at the point where to implement authentication and authorization. I need to access an Active Directory or LDAP. And I want to implement my own roles, that are not retrieved from the AD/LDAP. My Question is: What's the easiest ...
Secure SQL Server accessed by fat client
Is there a way to secure a sql server database which is accessed by a fat client? Meaning: The application communicates directly with the database as it places sql statements itself. That means, the connection string has to be somewhere on the client. Using this connection string (either with winauth or sql server authentication) any use...
User security with .NET and mySQL
I feel like I'm kind of inventing the wheel all over but I haven't understood if I can use ASP.NET User Management with mySQL. Not sure if I want to either. I am designing a web site which requires user management. I use mySQL and .NET 4. Right now I've made a class Register which registers a user, but I am unsure how to protect the pas...
How can I programmatically remove impersonation in ASP.Net?
I have in my web.config, is there any way to programmatically "unimpersonate"? There is just one or two little places where I need to not be impersonating... is this possible? ...
Best (and short) book on network security
For Linux and maybe other platforms. Could you suggest? ...
a better approach than storing mysql password in plain text in config file?
It's always bothered me that many PHP programs require the user to store the mysql password in plain text (in a string or constant) in a configuration file in the application's root. Is there any better approach to this after all these years? So far I have come up with two minimal security boosts: make the file unreadable via the web...
Protecting An App For Market
I'm working on my first Android app, and am almost to the point where I can start thinking about putting it up on the market as a paid app. In the process of researching this step, I found out that it's basically trivial to break Google's copy protection scheme. I don't know how big of a problem this really is, or if we need to look int...
How should we capture the database user when using the entity framework on a middle tier?
We are developing a service layer for a new system that will handle all interactions with the MSSQL (2005) database. We are a bit perplexed as to how to capture all of the 'who done it' information that is required by our users in some of our legacy audit tables. While we could pass in the users name that was modifying data and log the...
Custom HTTP Basic Auth Modules, in IIS7
Hi I am trying to implement the sloution found in the following question http://stackoverflow.com/questions/490627/custom-http-basic-authentication-for-asp-net-web-services-on-net-3-5-vs-2008/534878#534878 the one answered Feb 11 '09 at 0:04 eed3si9n When looking I have created my own AuthModule etc, but I am unable to add it to the ...
Shellcode and format string vulnerabilities?
Hi, Here at my job, we have a lot of machines running RH 9, RH Enterprise 3 and some older Linux tastes. As I read about the "format string vulnerability" and "shellcode", I would like to know how to see if that Linux are vulnerable to these kinds of attack (without running the attacks itself)... Thanks for help! ...
IE secure and unsecure items issue
Hi all, I'm trying to get rid of the error pop-up window that appears in IE saying "page contains both secure and non-secure items". I have made sure all the links are pointing to https:// rather than http://. I have also looked at the fiddler and firebug logs to see that all the requests are being made to https:// links only. Here's...