The wifi scanning apps like eWifi, WiFiFoFum and so on in Cydia can know the security type. How the apps know the security type like OPEN, WPA, WPA2, WEP, when using Apple80211 api? The value of CAPABILITIES is 1057, 1025,34,33,2,1073,1041 and 3121, etc... It is too various. I don't know what it represents. I am using "WEP" and "WPA_...
I am developing against software app that sends notifications via email and it doesn't support SSL/TLS encryption. I need to send these notifications to a server that only supports encrypted connections. I am thinking about I might be able to solve these problems with a local mail relay, something that runs as a windows service and acc...
Certain data types, I.E. numbers or a table name cannot be added as a parameter with PDO, as it adds single quotes around them. When I add them (the variables) manually, say something like this: $statement = $dbh->prepare("INSERT INTO $TABLE_NAME (id, foo, timestamp) VALUES (1234, ?, 4567890))"); $statement->execute(Array($foo)); ...
I was using google SSL search (https:www.google.com) with the expectation that my search would be private. However, my search for 'toasters' produced this query: https://encrypted.google.com/search?hl=en&source=hp&q=toasters&aq=f As you can see, my employer can still log this and see what the search was. How can I make ...
Hi, Is there anyone knows how to programmatically check on Android if the current wifi connection is made to a WPA secured AP, or a weaker WEP secured AP, or a unsecure open AP? Thanks! ...
Hi, I have a software that LIMITs queries based on user input. I'm aware of SQL injections and DOS possibilities here so I'm not interested in hearing about those. What I wonder is that how high limit should I put for common requests like getting the latest X items? Currently I allow the client to specify the value, and I make sure the ...
In encryption, would two symmetric algorithms be considered to be equal in terms of security if their key sizes are equivalent? (i.e. does a 64-bit RC2 algorithm provide the same exact security that a 64-bit AES algorithm would?) How secure (or insecure) would it be to use a 64-bit RC2 algorithm? How long could I expect it to take for ...
We're building a web application that is available to both authenticated and anonymous users. If you decide not to register/login you only have a limited set of features. User authentication is done over OpenID with Spring Security. That works fine. However, the application also comes with an admin UI that is deployed at <host>/<context...
I am trying to figure out how to make public/private keys that are AES encrypted. I'd like to be able to use it like so: byte[] BytesToEncrypt = { 0x01, 0x02, 0x03, 0x04, 0x05 }; byte[] PublicKey; byte[] PrivateKey; byte[] EncryptedBytes; byte[] UnencryptedBytes; PrivateKey = CreatePrivateKey(); PublicKey = CreatePublicKey(PrivateKey);...
I'm using tomcat 6, spring mvc 3.0.0 and spring security 3.0.0, and since the passwords I store in the database are sha1 hashed, I can't use digest authentication (section 9.2.1 of the documentation spells that out). For this reason, I need to make authentication happen through https. Due to potential processing overhead, I want to keep...
When users register an account they get an email with a verification code that they can click to verify their accounts. This is how I generate the verification code. md5(rand(0,1000) Is using the method below a bad choice? It generates a random number between 0-1000. Since there are only 1000 options, and their MD5 hashes are known,...
I'm generating a verification code to be used for account activation. You've probably seen this sort of thing before. My question: if I were to generate this code with a complex formula like this: md5(md5(time().'helloguys'.rand(0,9999))); Is it really any better than generating just a random string of 32 characters and numbers lik...
I am working on an intranet site and need to choose one way of two: 1. Disable an option when a user can change a password to any word he likes, for example, pass123. This way there will be a button to generate a new password using some complex algorithm and then user accepts its using. 2. Make standard password changing function. This w...
I've searched the web for this bit to no avail - I Hope some one can point me in the right direction. I'm happy to look things up, but its knowing where to start. I am creating an iPhone app which takes content updates from a webserver and will also push feedback there. Whilst the content is obviously available via the app, I don't wa...
What is the best way (for a .Net 4 project) to implement authorization in the business layer. Simply I want to check whether a certain identity can access a certain action/resource. I've tried to look this up in Patterns & Practices, but haven't found anything useful yet. And what about PrincipalPermission of ASP.Net 2.0? Is this still...
I have a signed applet that builds a menu from an xml file. When it loads I get the java security warning regarding signed and unsigned code. The applet uses jdom.jar It doesn't matter if I hit yes on the security warning dialog box to block the unsigned code, or if I click no, the applet launches and runs as expected. I have found...
I have a feature where users can submit pure XML in a form. When my server gets the response I will validate it against a XML schema then I store it in the database. I never show the XML on a webpage unless it is in a form for editing. I use the XML to render html forms or text in a webpage and I will encode the text and never show the a...
Hi Guys, I want to remove insecure content from site I added facebook social networking box by using following GWT code in HTMLPanel < iframe width='244' height='242' class='fb-fan-box' src='https://www.facebook.com/connect/connect.php?id="+ FacebookConstants.FB_DUBLIN_PAGE_ID+ "&connections=10&stream=0&css=https://www.supergroupers...
Possible Duplicate: What security problems could come from exposing phpinfo() to end users? Is it safe to publicly display the results of <? PHP phpinfo() ?> Or would that make it easier for my site to get hacked? ...
I've heard a bit about using automated theorem provers in attempts to show that security vulnerabilities don't exist in a software system. In general this is fiendishly hard to do. My question is has anyone done work on using similar tools to /find/ vulnerabilities in existing or proposed systems? Eidt: I'm NOT asking about proving ...