Using CakePHP 1.3, I have a (working) form that has dynamically created form fields (via Javascript). Everything works great, multiple models are saved via saveAll(), and it's just beautiful. But, I get black-holed to a 404 whenever I enable the Security component (hoping to get some of the auto-magic CSRF protection). I understand t...
I am building a site that requires a lot of MySQL inserts and lookups from different tables in a (hopefully) secure part of the site. I want to use an abstraction layer for the whole process. Should I use a PHP framework (like Zend or CakePHP) for this, or just use a simple library (like Crystal or Doctrine)? I would also like to make s...
I was looking for a quick way to compute the SHA-256 hash of a password so I could upload some test data into a database that we are using Spring Security to authenticate against. First I found the linux utility sha256sum and ran it again the password "admin" and got this result: fc8252c8dc55839967c58b9ad755a59b61b67c13227ddae4bd3f78a3...
I'm using an offsite error logging package for my python web application. When I send an error I include the contents of (among other things) the POST variable and some template data. Some of this data must not be sent to the error logging service (passwords, some other template data). How can I take a payload that consists of a mix of ...
While installing an application onto a client's server, I would like to make sure that the client (or a future developer for them, etc) does not copy my application and place it on other domains/servers/local servers. How can I verify that my application is running on the server I installed it on? I do not want any substantial lag in th...
I try to execute this code in Silcerlight 4 contol hosted in webpart: clientCtx = new ClientContext(ApplicationContext.Current.Url); clientCtx.ValidateOnClient = true; clientCtx.Load(clientCtx.Web); clientCtx.ExecuteQueryAsync(updateConnectionStatus, Failed); but it fails and go Failed method and I recive error: "The security validat...
In a client-server application how can the server know that a request comes from a genuine application and not from a tampered copy of it? I still haven't developed neither the client nor the server application. The solution may be plain socket, wcf, IIS hosted or whatever. ...
Hi, I'd like to know which are the security risks of running an asp net application with an administrator account. I might end up doing this and I'd like to be aware of the known security wholes I would have. I'm connecting to a sql server using sql authentication so excessive privileges to execute queries is out of the list. ...
Hi, I have a php application in which we allow every user to have a "public page" which shows their linked video. We are having an input textbox where they can specify the embed video's html code. The problem we're running into is that if we take that input and directly display it on the page as it is, all sorts of scripts can be insert...
I'd like to see advice on how the security template should be configured to permit CAN controller access from an application. Thank you. ...
I am having a Password textbox which will have empty value. when the user clicks on it and enter password, onblur of the textbox, the password will be updated the database. I have done that using ajax but i want to know whether any security hole in this script. am afraid the data we are sending from ajax() function can be changed using...
Hi, I have built a win application with C# framework 3.5 sp1 When I publish the project and install it on other machine (with framework 3.5 sp1) I get "application attempted to perform an operation not allowed by the security policy..." After learning about this a bit I found two leads: "Administrative tools-->microsoft .net configu...
I have an application that relies heavily on authorization of users. Within it, I am using IPrincipal.IsInRole() to check whether users are in the correct groups: IPrincipal principal = Thread.CurrentPrincipal; bool inRole = principal.IsInRole("mydomainname\some role with a long name"); This works fine for the most part, but fails (re...
I've got a web application, deployed on GlassFish 3.0.1, which is using container managed security. It's a simple, standard form based implementation using j_security_check against a JDBCRealm. Everything to do with securing the application is fine (and I can't believe I've rolled my own security systems in the past). What I can't seem ...
Hi all, I have domain Classes "Project" and "User" and need to implement authentication using Spring Secutity plugin. The default implementation of this plugin provides us to create ROLES that are User specific. But in my project I need to create Project specific ROLES for the USER and need to authenticate them. e.g. User-A can be an...
This question is somewhat of a follow up to How serious is this new ASP.NET security vulnerability and how can I workaround it? So if my question seems to be broken read over this question and its accepted solution first and then take that into the context of my question. Can someone explain why returning the same error page and same st...
Hello, I have an ASP.NET 4.0 MVC web application running on IIS 6.0 with a webconfig custom error section of: <customErrors mode="On" redirectMode="ResponseRewrite" defaultRedirect="/Home/Error"> <error statusCode="403" redirect="/Home/Error"/> <error statusCode="404" redirect="/Home/Error"/> </customErrors> and an error.aspx page...
Hello guys, In my project I have to apply security based on a dimension attribute. I think the best way to explain my scenario is with an example, if you need more info please request me and I'll love to told you if it will help me find a solution. I have some main dimension, the dimcustomer, dimseller, fact, data and geographic. The f...
I have a Dispatch MessageInspector which is deserializing a SAML Token contained in the SOAP message header. To do the deserialization I am using a variation of the following code: List<SecurityToken> tokens = new List<SecurityToken>(); tokens.Add(new X509SecurityToken(CertificateUtility.GetCertificate())); SecurityTokenResolver outO...
Possible Duplicate: How can I stay up-to-date on computer (especially software) security? I want to ask about some good security magazines and websites that keep me in touch with the latest computer security issues which I am interested in as a programmer (news, articles, tools,internet security, Hacking and Defence...etc). ...