The current top-voted to this question states: Another one that's not so much a security issue, although it is security-related, is complete and abject failure to grok the difference between hashing a password and encrypting it. Most commonly found in code where the programmer is trying to provide unsafe "Remind me of my password" fu...
i want to validate a set of credentials against the domain controller. e.g.: Username: STACKOVERFLOW\joel Password: splotchy Method 1. Query Active Directory with Impersonation A lot of people suggest querying the Active Directory for something. If an exception is thrown, then you know the credentials are not valid - as is suggested ...
I've noticed on bank websites, etc, my user IDs aren't saved (they don't appear in a dropdown like other commonly entered stuff does) and there's no prompt for it to remember your password. How is this done? How do the sites notify the browser that they are in 'special' or else exceptions? Just curious. ...
Hi, I need to get an auditrail in mysql; is there a way to configure the binary log to get not only the changes, also the user, (connection) who made this change? Or do I have to use mySQL Proxy? TIA Peter ...
Hi, I'm looking at this 3rd party licensing component, and I'm curious what measures they can take to secure a .net desktop application? they provide things like: trial version, registered version using a license key. It also can lock the application if their license expires. It is a C++ dll under the covers, and in .net you have to ...
We want to allow "normal" href links to other webpages, but we don't want to allow anyone to sneak in client-side scripting. Is searching for "javascript:" within the HREF and onclick/onmouseover/etc. events good enough? Or are there other things to check? ...
Just looking at: What does this SQL do: Robert'); DROP TABLE STUDENTS; -- I know both ' and -- are for comments, but doesn't the word DROP get commented as well since it is part of the same line? ...
This problem has been solved thanks to your suggestions. See the bottom for details. Thanks very much for your help! Our ASP.NET website is accessed from several specific and highly secure international locations. It has been operating fine, but we have added another client location which is exhibiting very strange behaviour. In partic...
I'm thinking about exploring the idea of having our client software run as a service on a high port and listen for simple http GET requests from 127.0.0.1. The theory is that I would be able to access this service via js from a web page that is served from my site. 1) User installs client software that installs itself as a service and ...
I need to make an AJAX request from a website to a REST web service hosted in another domain. Althouht this is works just fine in Internet Explorer, other browsers such as Mozilla and Google Chrome impose far stricter security restrictions, which prohibit cross-site AJAX requests. My problem is that I have no control over the domain nor...
How can I list all the local users configured on a windows machine (Win2000+) using java. I would prefer doing this with ought using any java 2 com bridges, or any other third party library if possible. Preferable some native method to Java. ...
I am writing a set of database-driven applications in PHP. These applications will run on a Linux server as its own user. Other users will likely be on the system at times, but have very controlled access. Other servers they will not have access to at all. I will also expose a limit stored procedure API to developers who need to writ...
I've got a windows service that has a part I'm very paranoid about, so I've instrumented it with custom performance counters (I'm moving calls from mta threads to sta threads--don't ask). The counters and the configuration section have been tested and are known to work... on my machine, but they aren't appearing on the server I instal...
I am looking for a DBI (or similar) proxy that supports both SQL restrictions and transactions. The two I know about are: DBD::Proxy DBD::Gofer DBD::Proxy The problem I have found with DBD::Proxy is that its server, DBI::ProxyServer, doesn't just restrict queries coming in over the network (which I want), but it also restricts queri...
I have a Javascript that changes the host in links to match the current development/test server. Here's an example: var ndomain = document.domain; var mydomain = 'www.foo.com'; var alink = document.getElementsByTagName('a'); for (var i = 0; i < alink.length; i++) { if (alink[i].href.length > 0){ if (alink[i].host.substr(0, myd...
I run all my integers through a (int)Integer to make them safe to use in my query strings. I also run my strings through this function code if(!get_magic_quotes_gpc()) { $string = mysql_real_escape_string($string); } $pattern = array("\\'", "\\\"", "\\\\", "\\0"); $replace = array("", "", "", ""); if(pr...
This question is more security related than programming related, sorry if it shouldn't be here. I'm currently developing a web application and I'm curious as to why most websites don't mind displaying their exact server configuration in HTTP headers, like versions of Apache and PHP, with complete "mod_perl, mod_python, ..." listing and ...
I've heard that there are some free applications that will check the vulnerability of a PHP website, but I don't know what to use. I'd like a free program (preferably with a GUI) for Windows that will analyze my site an give me a report. Anyone know of a solution? ...
Is it possible to query certificate store on windows server 2008 using .net platform? I would like to get information about certificates that were issued by this system. tnx grega g ...
I'm a bit stuck here, I have a .net 3.5 sp1 application that I want to deploy locally to other machines on my network using ClickOnce. On installation they get a warning message saying that this application is from an unknown publisher etc. My boss does not want to buy a verisgn certificate. He just want's it to install and without pro...