Hello experts, I need to get serial number of x509 certificate. The result of usage "certificate.getSerialNumber()" differs from the expected. As I see X509 certificate file specs, it should go in following format: Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdent...
I am trying to implement a generation of HttpSession key I am generating a random number between 1,000,000 to 9,999,999 and send it as a cookie to the user. Is it possible to make this process secure? anyone can make a random number like that and try to access my server...maybe I need larger range? another question is, how can I gener...
Hi, I've read somewhere that adding a salt at the beginning of the password before hashing it is a bad idea. Instead, it is much more secure to insert it somewhere in the middle if the password. I don't remember where I've found this, and cannot neither find any other articles saying the same thing, nor understand why this may increase...
web pages running on the localhost, if i copy the web page link (address link), then copy to the another tab or browser, it should not open, it should display a Login Page. For example, web pages are Login.aspx Account.aspx Once Login, account page will open, then copy the address link, then try to open in another tab or browser. It ...
I have created web services based on Jersey (auto generated via Netbeans). I have also created a user names “testClient” with password “secret” and created User group “Users” and used file Realm using glassfish 3.0.1 admin console. I have also mapped web.xml and sun-web.xml accordingly. My web services are secured successfully; as I a...
I want to create a web app that would scan your mp3 library to get the ID3 tags. Ideally, I would like to avoid any installation/downloading procedures. However, I understand that based on what I am trying to accomplish, there are obvious security limitations. Are there are any workarounds? What would be the best approach to accomplish t...
I've a code to persist information in cookies about users like UserName and password. Question is: Its not secure to store information like that plain text in cookies.My DB store hashed passwords,so i could save those hashs in cookies and retrieve them later,but if i do that i wouldnt be able to fill password's textbox cause the hash s...
I'm trying to create a flexible security infrastructure for our WCF services on our intranet, but I'm not quite sure where I should be putting this code... there are so many different ways to extend WCF that I don't know for sure where to begin... The basic idea: every time my service is called - for any operation - I want some code to ...
I am trying to secure online transaction between application server and database. One-way is SSL, but is there any other way of securing transaction between them. I am trying to reduce the overhead in securing the line. Are there any tool or api's which I can integrate with the application server or deploy on it. /SR ...
Possible Duplicate: How do you implement a good profanity filter? I have a classifieds website, and when displaying a classified, users have the option of mailing a message to the poster of the classified. I need to check this message against bad words and unseirousness before sending it. Firstly, how can I check some text a...
Hi I have a couple questions about SSL certificates. I never used them before but my current project requires me to do so. Question 1. Where should you use SSL? Like I know places like logging in, resetting passwords are definite places to put it. How about once they are logged in? Should all requests go through SSL even if the data...
What are the most secure sources of entropy to seed a random number generator? This question is language and platform independent and applies to any machine on a network. Ideally I'm looking for sources available to a machine in a cloud environment or server provided by a hosting company. There are two important weaknesses to keep in ...
Possible Duplicate: PHP Session Security I've just finished coding the basics of a web-app (the main code) and I've integrated a basic user system. This is my first web-app so I'm wondering what are the things that I should use to secure it? I already know about thing like mysql_real_escape_string() and strip_tags() but what e...
Hi, There have been many questions with regard to IV generation, encryption and sharing the IV between the sender and receiver, but I want to make an explicit post regarding the best way to send the IV from the sender to the receiver. From all the posts that I've seen so far, I'm uncertain as to whether it is safe to send the IV in "pl...
I've been told that it is insecure to store things such as passwords, usernames, and user ID's in cookies, and that instead you should store a sessionID in a cookie. Here's where I get lost. My objective is to have a basic 'remember me' feature. Normally I would store user login information in a cookie, but as this is unsafe, I'm wonder...
I normally use this function to sanitize my form inputs before storing them into my database: //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } ...
If EnableViewStateMAC is set to true, ASP.NET will generate a hashcode for the ViewState data and compare it to the hashcode stored in the posted value. What prevents an attacker from setting the hash based on the altered form values? ...
HTML5 will be widely adopted as a way to design games, is the prediction. But I have my questions about this: how can an online HTML5 game ever be secure? Let me give you an example: imagine this platform game where you gain badges when you win, for example, an extremely hard level. When you have actually won this badge, a request is ma...
Hi, I'm having trouble with the new .NET 4 security-transparent code, level 2. I'm upgrading my ASP.NET 3.5 web application which uses XSLT with Extension Objects. In .NET 4 the transform causes a SecurityException, after lots of research it appears this exception has to do with the new transparent code, level 2. As a fix I now have t...
Hello guys! I have prepared a site in Magento ..its all about online shopping ..in this site user can't enter without log in. but i am facing a hurdel now that... there are visits from one IP, 150.70.64.199 this visitor is able to access inside categories with out loggin in when ever this guy comes, he can visit the sales as a guest mode...