A Swing JLabel automatically interprets any text as HTML content, if it starts with <html>. If the content of this HTML is an image with invalid URL this will cause the whole GUI to hang since the ImageFetche which should load this image will quit by an NPE. To reproduce this problem simply create a JLabel as follows new JLabel("<html...
Is using a USB key to secure an application the best option? If it isn't, what is the best way to secure an application in the form of requiring a valid user before the application can be used? The reason I ask this question is that a client recently asked me to make an application require a specific USB device be inserted into the sys...
I'm building a system to control where my company's ads are placed. Amongst our concerns are potentially malicious code on the target page. Is there any library / database / system that can detect this content and is either open source or free? ~downer ...
I've created the following attribute: [Serializable] [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)] public class OperationPermissionAttribute : CodeAccessSecurityAttribute { private static PrincipalPermission _revoke = new PrincipalPermission(PermissionState.None); priv...
We have some error reporting code that, when an unhandled exception occurs, we send everything over in an email to our groups. This is great except if an unhandled exception occurs on a page with a password field then it's sent over as plain text. Is there a way to iterate through Request.Form and figure out which item(s) are passwords?...
I'd like to write a monitoring plugin that checks various hosts on my network to make sure that password or interactive SSH authentication is not enabled. That is, I need to write code that: Connects to an SSH port. Enumerates available authentication methods. Verifies that only key based authentication is possible. Methods using eit...
I'm using Visual Studio 2008 on a PC that also has .NET 4.0 installed to work on code that has to be kept on a network drive. Question is, since .NET 4.0 overrides .NET 3.5 security settings, how the heck do I get VS2008 to trust the network drive? ...
Right now my login system is the following: Password must be at least 8 characters long, and contain at least one upper and lowercase letter, a number and a symbol. Password can't contain the username as its substring. Username, salted+hashed (using SHA2) password stored on db. The nonce (salt) is unique for each user and stored as pl...
For many of the sites we develop, we verify the user's email address. Typically the workflow is such: User registers for site (activation email is sent with link to activate) User verifies email address (by clicking aforementioned link) User must log in to site in order to use it (assuming they weren't already logged in) Clients ofte...
I have a set of WCF services that I am integrating with, I can not change them in any way because they are provided by a third party. I use a username/password scheme to authenticate with the services. If the services are not available I get an exception (EndPointNotFoundException) from the SecurityTokenProvider class that I can not ca...
I have a web service that I would like to use from a few different mobile applications. The data is not at the user level, but I don't want just anyone to be able to access the data. I want to limit the data access to just the mobile applications, but I don't know what I can do to prevent someone else from possibly writing an applicati...
We have a windows service running under a network account that calls and runs an ActiveX exe. The exe is running under the local system account, not the network account of the service. Can anyone point me in the right direction for making the exe run under the network account? ...
My question is related as to HOW and WHEN should I use the AuthorizationRepository? I guess that I should have some way in my application to maintain my user roles (user groups in rhino security terms) and the relations between users and user groups. So far so good. My problem comes when I want to give specific permissions to entities...
Hi Everyone, I have a bit of a mystery here that I am not quite understanding the root cause of. I am getting an 'Insecure dependency in unlink while running with -T switch' when trying to invoke unlink from a script. That is not the mystery, as I realize that this means Perl is saying I am trying to use tainted data. The mystery is tha...
I am not getting resouces for the JAAS. I dont know that is this appropriate place to ask this but help me. Thanks ...
What whould be the best way to prevent multiple users on a page? For example if a user is at the page "Home.aspx", no other users should be allowed to go there. I'm using asp.net on the server and the js-frameword jQuery on the client side. ...
Here is the login system to which the secure login is to be implemented/ main_login.php <form name="form1" method="post" action="checklogin.php"> Username:<input name="myusername" type="text" id="myusername" /> <br /> Password:<input name="mypassword" type="text" id="mypassword" /> <input type="submit" name="Submit" val...
I have been working on a secure login/portal type set of tools, the general code is free from SQL injections, XSS etc, I have mulitple things in place to stop session hijacking. regenerate session's ID for EVERY page Compare the user's IP with the IP at login compare the user's user_agent with the agent at login have short session time...
Hi, I'm building a self-hosting WCF service, which exposes 2 end-points for each service SOAP REST the SOAP uses WS-* SOAP authentication (authentication header) How can i go about implementing REST authentication? I thought about some sort of login method which will return a cookie of some sort, but i cant think of how to make th...
On a Linux platform, I have C++ code that goes like this: // ... std::string myDir; myDir = argv[1]; // myDir is initialized using user input from the command line. std::string command; command = "mkdir " + myDir; if (system(command.c_str()) != 0) { return 1; } // continue.... Is passing user input to a system() call safe at all? ...