In Flash 10 there are methods that require that they are triggered from user-initiated actions like button click, keyboard up/down keys, etc. Is it possible to implement this behaviour in .NET? For example, if we have this subroutine: void SomeMethod() { // Here some stuff } how to check inside it whether the method was called fro...
Hi All, Im wrapping up my Iphone app. Im just worried about security at our web server level. The data is being pulled over to the iphone app via web services. What security measures can i put on the web services so that I am not vulnerable? Thanks ...
We have some applications (web and WPF) that call WCF services to access data. We are not using Windows Authentication. The user is prompted for a username and password when logging into the web app or WPF desktop app. The data is not highly confidential (i.e. no credit cards, SSN, etc.). We would like to use BasicHttpBinding for the WC...
Hi guys. I'm thinking of using PHP_SELF to grab the name of the page the user is currently visiting. I'm well aware of the dangers of using PHP_SELF in places like form actions, though I'm not sure where it would hurt to use in hrefs? But that's beside the main question . . . anyway. Are there any dangers in using PHP_SELF to grab the ...
i was learning this PHP code from a tutorial to upload files <form method="post" enctype="multipart/form-data"> <input name="userfile" type="file" id="userfile"> </form> <?php if (isset($_POST['upload']) && $_FILES['userfile']['size'] > 0) { $fileName = $_FILES['userfile']['name']; $tmpName = $_FILES['userfile']['tmp_nam...
I have three secrets to store in the Mac OS keychain. Currenly I store each of these in a separate keychain entry. The drawback to this is that if my application is updated the user sees three "allow access" dialogs, one for each entry. What I'd like to do is store all three secrets in one keychain entry. One of these secrets is a us...
I was emailed a reset key. It was 40 hex letters, so 20 bytes which is 160 bits. I thought to myself, why 160 bits? Maybe it's a 128 (key) + 32 bit (checksum or id or something). Maybe something else. I am sure it was done for a reason but why? (PS: The person on the other end seems to not want to say why or maybe doesn't know. So askin...
Are there any good books, blogs, wiki's, etc, on coding security systems? and standards that should be followed? I'm specifically interested in writing Access Control (DAC, MAC, RBAC) and auditing. I think I have a solid working understanding of DAC due to my experience with *nix systems. But I don't know what goes into implementing thes...
Hi, I read about Session Hijacking articles and would like to some more information related to it. Currently my web application which is developed in ASP.NET , is using Cookieless =true mode for sessionstate. We are using HTTPS which is a secure connection which will reduce session hijacking. I know when we using Cookieless the session ...
Hi all, I have some questions about the security model of Microsoft .NET. I am aware about RBS and CAS which decide permissions of an assembly in function of their strong name, website origin, and so on. My question is : where are stocked in the assembly these informations (strongname, origin,...) ? Thanks. Robie. ...
Hi, I am using AES to accomplish symmetric-key encryption. I store the Key in a password protected KeyStore. the api exposes the following for loading the key from keystore keyStore.load(inputStream, keyStorePassword.toCharArray()); so everytime when i want to enrypt or decrypt , i have to pass the inputstream which is atleast in my...
Hi Overflowers, Hope somebody can help this poor distraught noob. I have inherited another devs app and I'm trying to add some much needed functionality to it. The issue in question is creating an Invoice from a crystal report that can be downloaded as a pdf. I got the code working in Visual Studio (It's a C# MVC application, built on...
Hi there o/, A friend and me are working on a Java Game with a client/server - architecture. It is working well, but i ran into a problem. We use TCP Sockets for networking between server and client. Our network protocol isnt encrypted and can just be read by anone who bothers to watch the stream. We thought about how we could apply s...
I'm working on a system at the moment which, for no apparent reason, has been split into no fewer than 7 separate databases so I'm looking to merge everything together. The application is used within the client's company but a restricted version is also exposed to the internet. At the moment, a separate 'internet' version of the databa...
I am working on the security design for a new application at my company. We are using the Windows Identity Foundation framework. I have a logon application that issues a token to a user who successfully authenticates. The token is then used to access the new application. Of course, this happens transparently to the user. The WIF fra...
Hi, I'm looking for days how to translate this command to OpenSLL php function: $ openssl pkcs8 -inform DER -in aaa010101aaa_CSD_01.key -out AAA010101AAA.key.pem Enter Password: a0123456789 This work perfect, but I can't (I don't know) use the correct function of PHP OpenSSL http://www.php.net/manual/es/ref.openssl.php I have made th...
That idiot being me. I've read a bit about it at http://oauth.net/ , it's "a simple way to publish and interact with protected data" apparently. I think it's exactly what I need to provide a secure way of accessing data from an android/iphone app via a REST web service, but I can't work out exactly what it is. So, put simply, what exa...
I can't wrap my brain around why this isn't work... I really think it should be. Please help. Here is the error I get: signature_invalid base_string:GET&https%3A%2F%2Fwww.google.com%2Faccounts%2FOAuthGetRequestToken&oauth_callback%3Dhttp%253A%252F%252Fnoveis.net%252Fauthsub%252Findex.php%26oauth_consumer_key%CONSUMER KEY HERE%26oauth_n...
Need to understand how subject is stored and propagated in weblogic. Once authenticated, where is subject stored in HTTP layer ? Internally is it stored in HTTPSession ? Same way, where is it stored in EJB layer ? Have an application, where a lot of principals are updated in the subject in HTTP & EJB layer. At some corner cases, getti...
I don't know what these are called, so I will explain as best I can what we want to do: We want to implement a secure log-in system so that when logging in we want to ask for a number that is generated on a small device that is carried with the person at all times. I understand these devices work by relying on an algorithm that generat...