Hello, I'm using ASP.NET 3.5. I have a page in which i want to display a list in a formatted way: <asp:RadioButtonList runat="server" ID="Options"> <asp:ListItem Text="Yes.<br /><span>Detailed info.</span>" /> <asp:ListItem Text="No.<br /><span>Detailed info.</span>" /> </asp:RadioButtonList> Now the somewhat obvious problem ...
I have a WPF application using Client application services to validate a user against a web site Default SQL Membership provider. No matter what I do, the Membership.ValidateUser(username, password) on the client returns false. I even changed the ServiceUri to an invalid URL and it stills returns false rather than throwing an exception...
Hi I am new to IIS 7 security so please have patience with me :) I am writing a ASP.NET web application hosted on IIS 7(.5) that will serve files located on a file server to the users. The web application is hosted on a different web server, but has network access to the file server. Users accessing the site will be authenticated by t...
In my application, once the user is authenticated, he receives a sort of security key that needs to be stored for his session on the iPhone/iPad. This security key is used for all his future requests during the session. How safe is it if i were to store the key in some global variable once I get it? Can it be accessed if the iPhone is j...
I know it is possible to send html enabled emails. Is it also possible to send PHP enabled emails? For this to count: php code has to be sent as plain text php code has to be executed on some server X only after recipient opens the email Server X is not the recipient's machine If this is possible, what are the consequential securit...
I need to buy a few smart cards (under 5) for some development work. I've got readers and I'd prefer not to buy one of the expensive SDK's offered by several companies. I'm hoping to get some help from you folks on a few questions Background: for the card I need to do public/private key encryption. I'd like for the card to hold the p...
I'm trying to include the extra security in web service calls/responses by including an XML Signature (SHA1-HMAC) in the result. I've read on msdn that it can work, but I haven't seen anything telling me how to implement it. Has anyone done this before? (and how have you done it?) ...
Can .NET or one of it's many languages enforce the cleaning of untrusted data... or prevent accidental variable use in the wrong locations? One example of this is when a user POST's data and the "raw" response is used within a SQL transaction. This could cause anything from a client-side scripting vulnerability to the entire server bei...
Hi, Is it possible to sandbox JavaScript output? What I mean is that whenever a developer is doing document.write, X.appendChild(), x.replaceChild(), x.innerHTML, etc. he would not be able to directly affect the DOM -- and instead the update would have to go through my framework. ...
Stack Overflow is obviously a great example of really successfull implementation of OpenID, but let's be honest - it's a little easier when your target user base is geeks like us! I'm really interested to hear people's experiences of implementing OpenID outside hi-tech websites. What kind of responses have you got from a) users? b) s...
Say you created a blog application, and it's data is stored in a MySQL database. In your application configuration you set the data source name to myBlog user root password whatever Now, when users start using your blog to access, post to, and comment on threads, etc... I am assuming they connect as root through the application myblog ...
Hi, If I were to use separate Windows Server that was PCI-DSS compliant, would I still be compliant if I had a SQL Azure hosting the backend? This is assuming that I'm compliant at the application layer, and that I'm only storing permitted values (like no CVV), etc. Thanks, Jack ...
I implemeted a WCF service and a client application for one of projects for my employer and currently facing a serious problem due to the soap body element. The issue is the soap body is not getting encrypted and only the header is encrypted. I am grateful to anyone who can help to resolve this issue. I can send the code for this if anyo...
Will Firefox 4, Chrome 6 and IE9 secure this security hole where user history can be accessed with js? http://www.niallkennedy.com/blog/2008/02/browser-history-sniff.html ...
Hi, I want to read issuer String from users public key with bouncy castle... is there any one have some code or something from which i can get help... ...
Hi, I am facing an issue with SecureRandom in java. This was the code that used to work as expected ,Generating PRNG when it ran on java 1.4. So basically when it was executed any weblogic server running on 1.4 generated same PRNG Problem: In a clustered env , data is encrypted in the one weblogic 10 instance , and the same needs...
If I have a users 6 digit PIN (or n char string) and I wish to verify say 3 digits chosen at random from the PIN (or x chars) as part of a 'login' procedure, how would I store the PIN in a database or some encrypted/hashed version of the PIN in such a way that I could verify the users identity? Thoughts: Store the PIN in a reversible ...
I'm looking for guidance on encrypting fields (and/or tables if possible) for MySQL. I will settle for a decent tutorial but I'd really like specific tips on managing the transition from an unencrypted schema to one utilizing encrypted fields. Thanks! ...
I noticed that most sites send the passwords as plain text over HTTPS to the server. Is there any advantage if instead of that I sent the hash of the password to the server? Would it be more secure? ...
I have an application that can be used without authentication on computers in public locations. It's a simple four page application that allows users to apply for a marriage license. Some offices will have a public computer kiosk where applicants can fill out their own information before proceeding to the clerk. They can also do so at ho...