I have an application in JBoss. For some reason I had to enable classloader isolation. To do so, I had to dublicate remoting.jar inside application ear. Now, I am trying to implement EJB3 Session Bean and after InitialContext.lookup for my session I cannot do anything with it because of: at org.jboss.ejb3.BlockContainerShutdownInte...
Hi, I need to improve security in a website built on grails. The requirement is that when a user changes its password, it shouldn't be able to choose from any of the previous N passwords. Does anyone know a module for this? Should I roll my own? Any thoughts / tips will be appreciated. Thanks in advance ...
Hello there, I load dynamically pkcs11 security Provider in java and it works as long as the smart card reader is inserted before running the application. Could anyone please tell me how to detect a smartcard hotplug when the application is running? Actually I need something like pcsc_scan in java. The environment is Ubuntu 9.10 with ja...
With Intel's recent purchase of a well known security company, I'm starting to think about what software w/could be more secure on a chip level. Examples I've come up with are: Random number generation Encryption Memory protection But is hardware level security any more secure than software based security? ( I would assume garbage i...
Specifically, I'm not sure if I'll need SSL or any other security measure on my website or if Amazon handles that with the API. My website has a simple login and a sidebar on the right side for subscription payment information. I plan on having a simple 3 forms input box to collect payments (very similar to media temple). Credit Car...
how to put a security image in php? I wanne put it in a form, and check it on submit ...
I have a stored procedure that finds all the existing databases and reads from a table in each one. Is there a way I can give a login read access to all databases, and to all future databases i.e., I won't have to do anything when a new database is added? Is there a server role that would work? Is there a way to make a SQL agent job ...
How can I display a calendar in SharePoint that behaves like my Outlook calendar? I know I can link the calendar to outlook, but anyone can make changes to my calendar in Sharepoint. How can the Sharepoint calendar enforce security on the calendar so that nobody can override my changes? ...
I have a C# program that I want to dynamically create databases with. Although only privileged users will be using this application, I want to follow best practices security wise. How do I go about doing this? I don't think I can use a parameterized query in this case since I'm not wanting to pass in a string, I want to pass in an ide...
We are rolling out our first .net 4.0 entity framework application and are having an issue with security. We have it working on our alpha site inside our development environment with the following setup: SQL2005 IIS6 .NET 4.0 asp.net mvc 2 Entity Framework NTLM But when we moved it to our production environment for beta testing we ...
I am contributing to a relatively mature open-source PHP project. Recently, I discovered that it stores passwords as plain MD5 hashes, which is quite bothersome to me. I figured that if I was going to fix it, I might as well Do It Right(tm), so I wanted to use bcrypt. First, what I have found for other languages: bcrypt-ruby appears t...
Hi all, I came across the bind address while trying to configure the mysql server. The details of why I want to configure the bind address is in the link below. http://stackoverflow.com/questions/3540051/multiple-hostnames-and-multiple-privileges Now, I wan to understand the purpose of the bind address. In the sense, is a bindi...
I'm working through Peter Mularien's Spring Security 3, and am having a problem setting up the UserDetailsManager. I create the JdbcUserDetailsManager bean as follows: <bean id="jdbcUserService" class="org.springframework.security.provisioning.JdbcUserDetailsManager"> <property name="dataSource" ref="mySqlDb" /> <property name=...
I see that the close or hidden options can be set for a webpart, but it seems anyone can edit those settings when in edit mode. Do you use item level security? If so, what are the specific steps to accomplish this in 2010? ...
Hello all, I have a set of PHP scripts sitting on several clients servers and I want to get the mac address for that server so that I can store it and determine that the PHP scripts are not being used on another server. How can I get the Mac address of a computer using PHP somehow? Is there a better way to determine if the PHP scripts...
I have a Java applet which doesn't need any special privileges to run (i.e, it runs fine in the sandbox), but which expects the user to enter some sensitive information. Therefore, I'd like the user to be able to verify the origin of the applet. I then signed the applet, and everything appears to be working correctly. The browser appare...
Hello, I'm trying to set up security for my application for users. I am not sure about my logic. Is the following possible: I want to create 1 login for 'all users' in Active Directory. Then I want an admin (in the program self) to choose which user is in which server role (e.g. marketing, sales, ...). Then I want to give those roles p...
Hi, I have a windows service that along with several other projects (class librarys) make up a solution. The service also references the Quartz scheduler (from soundforge) and NValidate ( these are not in the GAC) When I try and view the security settings for the service I receive the following error: "Visual Studio was unable to det...
On a actual project (dating site) i have the following scenario: Member can upload photos (main profile) and create albums and assign photos to it. Now the member can choose only to allow registered members, premium members or members in his favorites to access the album. The easiest solution is to hide the album, but if someone who ha...
Hi all, I have forms within my website. Some of these forms include PayPal forms (forms that submit information to PayPal). I do not wish my customers to view the source code and see what fields & their respective values I am using. As such I wish to encrypt them and yet, be able to submit information securely over to PayPal with the va...