Hi I cannot upload the .webm video format on Wordpress. This is after adding: AddType video/webm .webm into both: my .htaccess file (on the root folder of the wordpress installation) the mime type handler of our apache server (via our site cpanel) As far as i remember, at first this message instantly gave me the error, it would even b...
I'm working with a system which had to create objects in one database based on objects being created in another database. The objects are not duplicates, so I can't simply replicate the objects. I have code below which gives a simplified demonstration of what I'm trying to do. If you uncomment the ALTER DATABASE statements then it will ...
I have a tomcat hosted web-app, in one of the jsp pages the webapp displays I am using an iframe to embed an html document. I need to have the html pages separate to the web-app so that they can be altered without requiring a relaunch of the original web-app or access by editors to the web-app. It is also essential that html pages are ...
I have a textarea inside a form. Before the form is submitted, the textarea is validated and checked so it is not empty, not over 2000 characters, not contain forbidden characters etc... I am working on the last part of the validation, which would need the textarea to be compared to an array of "bad words". This to help me maintain an...
How to protect my site from being hacked?just suggest some methods that are in common? i am using php for scripting & mysql for database and i am using CodeIgniter(php framework). if you know some good tutorial or ebooks then provide me some link -Abhijeet ...
I have 3 components in my system: COM Object - Provide Services to application that has func1(), func2() App1 - Trusted Application that need to use the com object funcs (1 and 2) App2 - Malicious application, not authorized to use func1(), can use func2() it is not harmful. How can the COM Object can "authenticate" App1 and allowin...
Possible Duplicate: What security issues should I look out for in PHP How to protect my site(social networking) from being hacked?just suggest some methods that are in common? i am using php for scripting & mysql for database and i am using CodeIgniter(php framework). if you know some good tutorial or ebooks then provide me ...
I have a Image Hosting Site that is using Amazon S3 as a main source for bandwith and storage. I have a few option here to prevent other sources from stealing my bandwith, but I am hoping there are more or other alternatives. Query String Authentication Url Rewrite Are there better ways to prevent thieves from hot-linking to my Amaz...
Hi there guys. Today I came up with a question about the web application conventions. For the sake of security, if we store passwords of our users, most probably we are encrypting it (with MD5, SHA-1 etc.) and storing digested-hash in order to make them difficult or impossible to reverse. Today there are many Rainbow Tables that are lo...
My ASP.NET MVC 2 application runs under built-in local NETWORK SERVICE account. I want to set up access permissions for the folder which resides in another computer, but in the same domain. I located that folder right-clicked to open its properties form, clicked to Security tab and pressed Add button which displayed Add user form with co...
Hello, here is my problem : I have a mobile app, and I want to give the user some information depending on their position ( think something like FourSquare ). But how to make sure the user position is real ? I mean let's say the client uses a request to the server via http : http://www.myserver.com/getdata?lat=X&long=Y ...
I am using C# and .Net Framework 4. I am looking for a foolproof method to get the login id of the currently logged in windows user that is not susceptible to impersonation or hacking. I am looking for this in the form of: DOMAINNAME\USERNAME e.g. SOMEDOMAIN\JohnDoe Currently the best I have is: var identity = System.Security.Princi...
Hello folks, I configured Shiro as follows: [main] [users] ... [roles] ... [urls] /welcome.xhtml = anon /overview.xhtml = authc As you can imagine 'welcome.xhtml' contains my login-form. If I am not logged into the application and I try to access overview.xhtml I...
I have a site through which the majority of users will be anonymous but a few will be active directory users. I'd like to; Enable full anonymous access for everyone without logins. Detect the AD users. Check if the AD users are members of a specific admin group. I'm using .Net 4.0, C# and IIS 7.5 running on Windows Server 2008 R2. ...
Some time ago we needed a solution for Single Sign On authentication between multiple web services. At least at that time we considered OpenID protocol too complicated and we were not convinced about the Ruby on Rails plugins for it. Therefore we designed a protocol of our own instead of implementing an OpenID provider and OpenID consume...
We implemented Diffie-Hellman Key Exchange algorithm: KeyAgreement aKeyAgree = KeyAgreement.getInstance("DH"); keyAgreement.init(myPrivateKey); keyAgreement.doPhase(otherPublicKey) Now we need to generate a secret to use for AES encryption. There is method generateSecret(String algorithm). I think I should call it with 'AES' argument...
Possible Duplicate: What security issues should I look out for in PHP what are the SECURITY THREATS while using PHP connected with MySQL what STEPS should be followed\insured to maximize security ...
In the video below, at time marker 21:40, the Microsoft PDC presenter says it's important that all JSON be wrapped so it's not a top level array: http://www.microsoftpdc.com/2009/FT12 What is the risk of an unwrapped top level array? How should I check and see if I'm vulnerable? I purchase many components from 3rd parties and have ex...
I'm currently reviewing the security implications of various warnings in a large Java EE application. Since most of the code is several years old, it contains many uses of the raw collection types: List items = new List(); rather than the parametrized collection types: List<Item> items = new List<Item>(); The only security implicat...
I've got a ColdFusion page that I want to include some admin level jQuery functions to authenticated users but I'm not sure what the best practice is for achieving this. Currently, I have a cfif statement inside my document.ready that checks to see if the user is logged in (session scope) and if so, runs a cfinclude to a file with the ad...