For a requirement to generate per-PC license keys, I need some code which will return a stable and (near) unique key on any PC. It doesn't have to be guaranteed unique, but close. It does need to be reasonably stable though, so that a given PC always generates the same result unless the hardware is substantially changed. This is for a W...
Is there a way to find SQL injection vulnerabilities? Note: I am asking how to find them on a server you are in control of so you can fix them. I am not asking about how to detect them on someone else's server to exploit them. Is there a way to find every occurance of mysql_query() without opening every page and doing a ctrl+f? ...
I need a book about single sign-on implementation, management and application integration. Besides Enterprise single sign-on and Common Single Sign-On Configurations explanations. Any suggestions ?. Thanks in Advance !!!. ...
I have an InfoPath form template as a content type in a form library on SharePoint. The form has several data connections which on submit, save it back to a specific form library on SharePoint depending on how one field is filled out. After I added an additional data connection to receive information from SQL to a drop down control, ...
Greetings, How can I simply encode some binary data into an ASN.1 DER-encoded blob? I'm using C/C++, and I figure it should be possible to simply prefix the binary blob with some appropriate bytes that signify that the data is of type octet string and is of a given length (and in a sequence of length 1 I guess). Background if you're i...
I have a windows service (actually a serviced component) implemented in native C++. I want to be able to run it using the NT AUTHORITY/LOCAL SERVICE account but I want it to be able to store some startup-state information somewhere. Is there somewhere that the local service account has write access to? As far as I can tell, the built-in ...
Hi Folks Planning to create a widget for client sites that uses jsonp to interact with my server. jsonp because i'll need to skirt the same-origin-policy (don't want to trouble clients with using server redirects), but i realize this limits me to http GET. I'll need users to login/identify themselves before they can interact more with th...
I want to store user information after logging in and to display my login and username on every page (using jsp). How can I get access in my jsp views to the session bean that would store information of the user that is logged in? ...
In hgweb.config, the allow_push parameter applies to all defined repos defined in the [paths] section. Is there a way to allow push on one repo but not in another, or would I need to actually create completely separate configurations (and corresponding web apps) per repo then? (In case it matters, it's on Windows with hgweb hosted in I...
I'm new to ColdFusion, so I'm not sure if there's an easy way to do this. I've been assigned to fix XSS vulnerabilities site-wide on this CF site. Unfortunately, there are tons of pages that are taking user input, and it would be near impossible to go in and modify them all. Is there a way (in CF or JS) to easily prevent XSS attacks acr...
If I want to sell my ebook online, and want to make sure the buyer can not redistribute my ebook, how can I secure it? ...
I'm writing this in the forlorn hope that someone has already done something similar. I would have posted on drupal.org - but that site is about as user-friendly as a kick in the tomatoes. I don't know about you, but when I develop I leave all my Drupal paths with open access, and then think about locking them down with access permissio...
Saw a comment today at: http://www.bennadel.com/blog/2004-Escaping-Form-Values-Understanding-The-ColdFusion-htmlEditFormat-Life-Cycle.htm by Rick Osborne I've started moving my students from htmlEditFormat over to xmlFormat. As you said, it catches more characters, but it's also useful for pure XML and is faster to type. I ha...
Hi, I am trying to patch my php fusion to a new vulnerability. But I don't under the vulnerability fully. Please see here first: http://www.exploit-db.com/exploits/14647/ =================Exploit================= maincore.php [php] // Locate config.php and set the basedir path $folder_level = ""; $i = 0; while (!file_exists($folder_l...
Hi, I'm running php 5.2.13 and i have an app that contains tons of files but they all calling one file at the beginning, i want to put some line in that file to automatically mysql real escape any query, because i don't want to go across every file and change code. Thanks! ...
There is a WCF I created on the server, running. And I built an application that connects this url. This is an exe that can be run in every PC. The thing that I want, only this app can see this WCF, and can use its utilities, the others can see nothing, no url , no reference, no wsdl of the web service. How can I create this environmen...
I'm looking for a templating language, that end users can safely edit to customize their html/theme of a web application. Something to how http://www.liquidmarkup.org/ works. ...
On a standard web signup form, users are required to have a unique email for the site. if the email is already in use, a new user cannot be created with that email - but this opens op for exploiting this to find out, what emails are members of the site (at least check if a specific email is in use). Making sure a bot cannot mass-query ...
I set up .htaccess / .htpassword and It works, except when I type the password incorrectly it still logs me in.. If I use a completely different password, doesn't work. A different user name, it doesn't work. But if I use the proper user name and mostly the right password, it works? Example: password I'm using is "firefight", and "fir...
Is there a way to determine the identity of a Message sender in ActiveMQ (JMS in general) that successfully connected to a broker via SSL using a client certificate? I am planning on using JMs for communications between a remote terminal and a perimeter server within my network simply because of the extensive work that's been done inter...