My application loads a lot of different plugin assemblies. Each plugin can add their own services into the IoC container and can also use all services provided by the main application. I'm moving from a home brewn security solution to use CAS (PrincipalPermissionAttribute and an own one derived from CodeAccessSecurityAttribute). Can I ...
A company I work for develops winforms .net applications in which users are required to login. These applications are deployed in an online environment, e.g desktops in a LAN where the client app connects to a service on a server. The same applications can be deployed 'standalone' in an offline environment, where data is occasionally syn...
I was thinking of the multiple ways which security could be implemented in a Plugin-based system. Now when I say 'Security', what I mean is this: a) How developers of a Plugin system can ensure that plugins are secure and safe to use on the Core platform. b) How developers of a plugin can ensure that the plugins being used on their Plat...
I have a remoting service which uses the Windows Auth. Been working fine for a while but yesterday my windows account has been lockout and after it has been unlocked and the password changed I have been having issues since. It just didn't let me in with the following error: "System.Net.WebException: The remote server returned an error:...
Hi all, We've got an Asp.Net / IIS6 web application which sits on two servers in separate data centers on our intranet in an active-passive failover configuration. Lets call these servers MyAppSpringfield and MyAppShelbyville. Now we've got a DNS name set up called 'MyApp', so that the users can simply access the application through ht...
I was wondering to hash the password in PHP using different methods available and the combination of them for more and more security. I was wondering if this would work..? $pass = "***"; $salt = "!@)#%%@(#&@_!R151"; $pass = sha1($pass.$salt); $pass = md5($pass); ...
Let's consider I have a service in my user session that listens on some TCP port. Is there a way, on Windows, to only authorize processes from the same session to connect, and to deny connections from the "outside" ? ("outside" means another computer, and another user session on the same host). I will also accept any alternative to TCP...
Hi, i need to create hash for folder, that contains some files. I already done this task for each of files, but i searching the way to create one hash for all files in folder. Any ideas how to do that? (of course i can create hash for each file and concatenate it to some big hash but it's not a way i like) Thanks in advance. ...
Whats the best way to digitally sign a file server side with .Net before offering it for download via an asp.net based web site In addition how do I trigger checking of the signature and hence prove the file has not been tmapered with during the download process in a web browser ...
We have a 3rd party webservice used to authorise users. Primarily it takes the calling user, checks their identity, and returns a cookie for subsequent requests. I would like to unit test it, making sure it throws the appropriate exception. Ideally something like this: var dummyIdentity = WindowsIdentity.GetAnonymous(); using (dummyId...
Hi I am facing below error while logging into Entrust Authority Security manager server version 7.1. "Unable to retrieve valid certification revocation list" This installation was working properly before 1 year. Now when i tried to login we are getting the above error. Can anyone please help on this issue. Thanks Santhosha K ...
Hi, I have a form that reveals user IDs to public. I was wondering that is this dangerous. Personally I do not see anything bad about it. The ID is just used to reference a single database record. ...
I'm using AzMan (1.0) for an ASP.Net web app, and I have a question about nested Roles. Say I have the following roles: MyApp MyAppUser MyAppAdmin MyAppSupport For the most part, all users (MyApp) can access the app, but some functions will be specific to the other roles. I want to declaratively restrict access to the web pages to me...
I am creating a web service for end users which will have a front-end in the form of an Adobe AIR desktop app but users will be able to access their data through the website too. User's data will be synchronized between the server and the local data store. The problem is that I cannot get an SSL certificate. Is there a way to make this m...
I have the following code: Intent myIntent = new Intent(Intent.ACTION_VIEW, ContentURI.create(arAdapter.getItem(position).getUrl())); startActivity(myIntent); But I get the compile time error: ContentURI cannot be resolved. How can I fix this? or is there a different way to launch the android browser? ...
I'm looking at a signed Applet that is heavily called from JavaScript. Obviously, the threads that originate from JavaScript are more heavily sandboxed than any thread started directly from within Java. For example, if a JavaScript thread calls into the Applet and logs something that causes the log file to roll, a security exception is...
Assuming that you already have created an oauth client app in twitter, you can go to http://twitter.com/apps to manage them. When I viewed the source of the HTML pages, I see that they use a hidden form parameter called an authenticity token in their form definitions. <form method="post" id="sign_out_form" action="/sessions/destroy" sty...
I have a Silverlight Business Application. I want to store the username and password that the user enters when logging into the system. Does anyone have any pointers, tips etc on how I can securely store this data? I would like to store it encrypted but I'm not sure where I would store the password/salt, would it be secure to store th...
HI all, I have used Oracle Advanced Security to encrypt data during data transfer. I have successfully configured ssl with below parameters and I have restarted the instance. I am retrieving data from a java class given below. But I could read the data without decrypting, the data is not getting envrypted. Could you please help. Environ...
I'm in the process of writing a server application that mainly allows people to submit jobs to a DRM system (e.g. TORQUE) over RMI. The application needs to run as root so that it can submit proxy jobs (where a job is run as a user other than the user who submits it), however this obviously isn't secure - the user name is simply a string...