Here is a simple overview of my directory layout for my views: Project Page 1 Page 2 RSS Issues Page 1 Page 2 RSS I am using forms authentication to deny access to all unauthenticated users, that works fine. However, I want to be able to grant access to the RSS views to everyone (so they can subscribe via google reader and stuff...
My previous job involved maintenance and programming for a very large database with massive amounts of data. Users viewed this data primarily through an intranet web interface. Instead of having a table of user accounts, each user account was a real first-class account in the RDBMS, which permitted them to connect with their own query ...
What would be the basic and obvious security considerations and recommendations in a Java EE Web application? ...
I am developing web services in C# using WCF and I want to create a custom way of handling security. I have found this way to retrieve the username out of the soap message that was sent to web service: String username = System.ServiceModel.ServiceSecurityContext.Current.PrimaryIdentity.Name; I was wondering if there was a similar way ...
What's the best way to protect system integrity while running possibly malicious third party executables? I would like to allow a program to be able to store some information for its own use during execution, but disallow access to the network and to devices, and of course to other users' data and the overall system. A few constraints:...
We have offer a number of online services. We are required to develop a system which provides a quick/simple experience for users if they are transferred from one service (on domain1.com) to another service (on domain2.com). Is there a safe and secure way to automatically login a user automatically once they have been transferred to the...
If have created a custom role within SqlServer which I added to the db__denydatareader and db__denydatawriter roles. I think went through the db and granted exec permission to all neccersary stored procedures. Everything works fine, calling those sps will run fine. The one exception is a stored procedure which executes dynamic sql by u...
I'm rewriting a PHP web site in ASP.NET MVC. I'd like to maintain the same user base but the passwords are hashed using the PHP crypt() function. I need the same function in .Net so that I can hash a password on login and check it against the hashed password in the user database. crypt in this case is using the CRYPT_MD5 implementation ...
I'm currently writing an app for a Windows Mobile 5.0 app and it seems to possess some firewall-esqe feature where I need to permit the running of any deployed executable. Is there some kind of registry key I can use to turn this off during development as it's frustrating having to babysit the device. ...
Where should one go to be kept updated on all of the security flaws/problems floating around? Specially in the era of open source where we tend to use libraries from everywhere. ...
I have never had to deal with the security aspects of a website before but would like to learn how to run a secure website on my own server (IIS7). What elements of security do I need to learn? Are there good online resources? client side IIS Server / Firewall Asp.Net Note: I'm thinking of security meaning safe and secure, not relat...
What is your suggested solution for the threat of website UI spoofing? ...
I've created a .Net library at work that is used by all of our developers. The security part of it uses Microsoft AzMan for the security backend. In order to create a security (AzMan) ClientContext I have to pass it a token value (as a uint). This is all fine an dandy until I needed to make a COM wrapper for our common library so some of...
I have a case where if a SharePoint site owner decides to break permissions inheritance and directly manage site membership, I'd also like to correspondingly modify view permissions on items in a specific list in the top-level site. How can I best catch those changes so I know when to apply the appropriate changes to the list items? I...
Hi all, I'm working on a project to submit the new 10+2 Security Filing data to Customs & Border Patrol (as required by DHS). Anyone else doing this? I need to be able to submit our data files via a IBM 3770 style Remote Job Entry gateway using Job Control Language and all the old junk. Question is this: Is there a Java API that will ...
While there appears to some documentation on how to expose JMX through various firewall and tunneling schemes, I sort of want the opposite. I want to ensure that JMX is only accessible to local machine. Unfortunately it appears that the "out of the box" management options do not allow restricting the ports to a local interface and nets...
In a PHP project I'm developing I have a couple of requests that can be either POST or GET. Currently, I'm using the $_SERVER[REQUEST_METHOD] value to determine, which request array to use. I know that $_REQUEST values can be manipulated with cookies, is the $_SERVER superglobal vulnerable to attacks? ...
There seems to be three common approaches for mapping an application end user to a database user. One to One Mapping: Each Application user (bob, nancy and fred) also get a corresponding database user account (bob nancy and fred). N to M mapping: Each application user is mapped to a database user that represents their role. bob and...
Does anyone have any examples of using Sqlite with ASP.NET membership? I am building a small "drop-in" type web application and don't want to rely on an SQL database for storing user credentials, etc. Sqlite seems like a good option, and I have been impressed with its performance in Elmah; I wouldn't mind using xml as a data store eith...
Bonus points for explaining how you improved it. ...