While filling out secure forms on bank websites, I have always wondered how they know their application is completely secure. Sure you know you are on SSL, your account "should" be secure, and hopefully the security question, account throttle, timeouts etc. should keep your account safe. But what is the best way to test this? And what de...
I want some input on what you guys think is the most secure way to connect to a mysql database using php. Currently the way Im doing it is a utility php file that I include in the top of all my other php files. The utility php file is this <?php if(!defined('IN_PHP')){ die("hackerssss"); } $mysql_host = "localhost"; $mysql_user = "r...
In a situation, where the user is authenticated on another application (like oAuth or a custom security implementation), how can we simulate login? What we intend to achieve is: - use the user identifier key to check if the user exists - if the user exists, set-up the session for the user - basically, setup the attribute holder - assign...
The jar (bcprov-jdk16-145.jar) has been added to the project, Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()) has been added to the class, and BouncyCastleProvider.PROVIDER_NAME does return "BC" but AesFileIo.writeFile() still throws java.security.NoSuchProviderException No such provider: BC. Any ideas? im...
'Microsoft.SharePoint.MailMessage' is inaccessible due to its protection level On this code: MailMessage mail = new MailMessage(); mail.From = "[email protected]"; mail.To = "[email protected]"; mail.Subject = "Testing Code"; mail.BodyText = what; mail.Priority = MailPriority.High; Smtp.Send(mail, "smtp.xxxxx.edu"); How can remidy this...
After seeing this awesome guide on Stack and needing a practical PHP/MySQL security checklist in-house, I have decided to pay homage to the original guide. What I need is a practical security checklist for PHP and MySQL. The contents here can function as the checklist, while the answers should function as the guides. By practical I mea...
I would like to know the pros and cons for deciding to deploy an application which was built in Debug (with debug symbol table) and opposed to Release mode where the symbols are stripped. There are other permutations like turn on optimisations for Debug and turning on debug symbols for Release. The areas which I think may be of concern ...
I've read some good information (on SO) about how you must avoid storing credit card information on your website. My Rails app would be the one getting the CC information from a on my website, correct? (as opposed to a payment processor site, if that's possible?) If so, then how do I know what all logs to "silence" so that they don't st...
Hello All, I am concerned on how to implement security measures may it be Authentication or Authorization.. How can these be implemented.. if you have any thoughts or links that you can share with regards to WCF REST 4.0 Security and if you've implemented it also the better. because ive been trying to find out on this topic all i find i...
Are there any security or compliance concerns around storing user data, (name, email, address, tel) in Google App datastore? ...
For a cookie based "remember me" function on a web app the user can choose to stay logged in for X days: What do you think is better: a) set the expiration time of the "remember me" only at first login, so the cookie expires after X days after the first login? or b) re-set the expiration time each time the user logs in, so the cookie...
I have two .NET websites, which is setup to share sessions in-between via SQL db. The website stores and retrieves session as using session("MY_Session").add and Session("MY_Session"). What gets stored is basically a custom class with their username and name. The parent website is setup in IIS using DefaultAppPool and then the seconda...
Can anyone tell me what does CAPTCHA do as far as security issue is concerned?Registration form of many sites have this field but how it works? ...
Would be a good or bad idea to use localStorage for sensitive data (assuming the current HTML5 implementations)? What methods can I use to secure the data so that it cannot be read by a person that has access at the client computer? ...
There should be no security restriction because the applet is locally installed. Yet I get: java.security.AccessControlException: access denied (java.lang.RuntimePermission loadLibrary.jzmq) when my app tries to call static{ System.loadLibrary("jzmq"); } What gives? What am I missing for it to work smoothly without a security ...
I have a client and server system that regularly run scheduled tasks and communicate through xml files that have been encrypted by gpg. All required public keys have been successfully exchanged between the client and server. The encryption and decryption calls are being done from a batch file. encrypt syntax gpg.exe --batch --yes --re...
Can someone show me a very simple example on implementing LDAP security on Tomcat 6, please? I know not much beyond deploying a war file and bouncing Tomcat server. Thanks in advance! ...
I'm looking for a way to encrypt data on its way into a MySQL database, and decrypt it on the way out. Additionally, I would like to be able to perform normal SQL queries on those fields, such as searching and comparison, which prevents me from using a pure PHP solution. This leads me to AES_ENCRYPT() and AES_DECRYPT(), which can be dup...
Hi guys, I've just read on the net about a newly discovered security vulnerability in ASP.NET. You can read the details here. The problem lies in the way that ASP.NET implements the AES encryption algorithm to protect the integrity of the cookies these applications generate to store information during user sessions. This...
Hello friends, I have built simple PHP application by looking at various articles and tutorials around the web. Since I am now giving it to a few clients, I am worried about its security. How do I make sure it doesn't get hacked? ...