I have a asp.net c# web application with contains reports in remote processing mode. I am using the report-viewer control to render the reports. When I run the application in debug mode, I'm able to view my reports however when I publish the application to a different server I get this error message: The request failed with HTTP statu...
I'm using Spring 3.0 along with Spring Security. I've always used the following configuration: <form-login login-page="/login" authentication-failure-url="/login?error=credentials" default-target-url="/account" login-processing-url="/security_check"/> So when the user doesn't login correctly, they go to /login. Now I have a logi...
Is it possible for crook to redirect website site/landing to your domain to elsewhere? Say, a visitor's intended website is, knowledgenotebook.com, but the crook redirected the user to google.com or yahoo.com or anything else? And doing so randomly, so, it can try to avoid detection... Thanks. ...
Is it possible to implement a custom way to lock/unlock an android mobile phone? I know that in versions 2.1 from android and before, there was only the locking pattern available, and that in version 2.2 it is now possible to set a password as well, but what if i want to make a custom way of locking/unlocking it myself (such as recogniz...
I have some data I want to encrypt in an ASP.NET MVC application to prevent users from tampering with it. I can use the Cryptography classes to do the actual encryption/decryption, no problem there. The main problem is figuring out where to store the encryption key and managing changes to it. Since ASP.NET already maintains a machineK...
Hi, I am reading the tutorial on java security by oracle. (http://download.oracle.com/javase/tutorial/security/toolsign/rstep4.html) I duplicate all the files and everything from the tutorial basically. I am able to run the file with security manager using the following approach in unix: java -Djava.security.manager -Djava.security.po...
I ran Wapiti on my webserver. I dump the database before and after, deleted the last line which is the timestamp and found both files have me the same hash value so i know the database hasnt been changed. But according to the report i failed a number of test. And this is the data in the info 500 HTTP Error code. Internal Server Error. ...
I have an html file index.html (in my server say abc.com) which accesses xyz.js like <script type="text/javascript" src="xyz.js"></script> The javascript file in turn accesses data.xml file. The files index.html,xyz.js and data.xml are in the same folder. How can I deny direct access to xyz.js and data.xml if a user types abc.com/x...
Hi, I am using the get method to perform some operation like, approve, markasspam, delete, for commenting system. i know it is highly insecure to go this way but i cannot help it out. because the reason for using $_GET method is to perform the operation within the page itself using PHP_SELF, and FYI i am using the post method using chec...
what configurations can make differ between a local host server like phpMyadmin and a web hosting server is it possible or convenient if a laptop [instead a desktop computer] is converted into a serverHost is there a php script provided for an automatic backup or sync of files in a web-based application, which is better? running the co...
From my reading I am not sure if AES is a single, standardized algorithm that can work with different length keys, or a family of similar algorithms? What I mean is if I find any 2 AES implementations taking a 128-bit key, should I be confident they will work identically (barring bugs)? Specifically in .Net/C#, I was confused why there ...
I have a ASP.NET MVC site with a private site administration application secured with ASP.NET sql-backed authorization. I need to add a login for the public site to allow visitors to sign up for an account. I am thinking I should create totally seperate storage for the public site, rather than extend the existing user db and rely on rol...
I have some extra features on a site that employees can use but customers are not allowed to see. The employees are all going to be on a series of domains. What I do is get the user ip like so: $user_ip = gethostbyname($_SERVER['REMOTE_ADDR']); Then I get an array of all the ips for the domains the users will be on using gethostbyna...
I'm developing a website and am sensitive to people screen scraping my data. I'm not worried about scraping one or two pages -- I'm more concerned about someone scraping thousands of pages as the aggregate of that data is much more valuable than a small percentage would be. I can imagine strategies to block users based on heavy traffic...
Possible Duplicate: How to secure phpMyAdmin I use phpmyadmin to preview the database of my website. However, everyone can access the login page of my phpmyadmin by simply typing example.com/phpmyadmin I am not an expert in network security but I assume this isn't very secure. How can I restrict the access to the login page(...
Hi, could you tell me plz - is it possible to disable warden/devise for one or more controllers/actions? I need to allow requests with basic auth to one of controllers, but everytime i send similar requests i've seed message, that basi auth is not required for my app. I'm writing oauth2 provider and its a problem to allow client applic...
I run a site that is an implementation of a proprietary hosting+cms solution. This solution offers a nicely doc'd API that I have had several contracted programmers interface with in order to build custom extensions of the site functionality. As such, I have had to share my API keys several times. The methods called by the API can ope...
Hello, I am developing a web application using CI at www.example.com . My CI install is located outside the www root folder. How do I go about password protecting my application while still allowing my "home page" (in this case the default controller/view in CI ) to be publicly accessible ? I.E. I want to develop my application withou...
When you convert a list of user objects into json, and then convert it back to its original state, do you have to cast? Are there any security issues of taking a javascript json object and converting it into a python list object? ...
I need an OID to use to add a custom extension (already ASN1.encoded) to an X.509v3/PKCS#7 digital signature. I don't care if it's interoperable; this is a private proprietary application (actually, a research project). Right now I actually don't even care if it's an OID that's in use in some proprietary application, although obviousl...