The title says it all. This is one of my assignments and I need some help in getting started. The basic idea behind the assignment is that I have to design a self destructible email program that is capable of destructing the message after (n) time duration. Speaking about self destructible emails, there are quite a few ones on the inter...
What are the risks of using Javascript and how to avoid them? ...
We're planning to build a web application that needs to be highly secure because a lot of money and reputation is at risk. Therefore I'm looking for tools and technologies that help in that endeavor. The tools and technologies should help prevent things like SQL injection, cross-site scripting vulnerabilities, remote code execution etc. ...
Hi everyone. Now I know that I should not try to reinvent the wheel and try to write an authentication system, since I don't understand the security issues well enough. However, I need to add a basic authentication system to my site, so I can limit access to certain resources. How do you recommend that I do this? Edit: I am not trying...
Are there any differences implementing Flex application security in a clustered Java environment (such as Oracle Application Server/OC4J or a JBoss cluster) vs a single application server environment? (And/or does it depend on the specific environment software?) What considerations are there in a situation where you need to authenticate...
Its easy enough to install/configure something like ShareThis but what about the social "log-in" plug-ins that are increasingly popular? e.g. "sign in with"... Facebook Twitter OpenID My questions are this: Does the development of each of these three have to be done separately or can it essentially be replicated for each. If a us...
I use phpmyadmin, and when entering this adress: www.mydomain.com/phpmyadmin a login page appears. Is there any way of disabling it, so it doesn't appear/exist? Thanks ...
Hello, I have a problem, i have a file who opened other process and this process defined in CreateFile non file sharing, then i have other application and i want read data from this file in same time, but how to do. I can't change file sharing in first application. I can reach computer administrator right's, i can do changes in system,...
The title says it all. This is one of my assignments and I need some help in getting started. The basic idea behind the assignment is that I have to design a self destructible email program that is capable of destructing the message after (n) time duration. Speaking about self destructible emails, there are quite a few ones on the inter...
I want to allow the logged in users to view any 3rd party content via an IFrame. Something like allowing Gmail users to view any Web Calendar they want inside an IFrame. Is allowing the users to set the IFrame Src Url a security problem? What security issues will I face? Any other need to know Tips for using IFrames will be welcome. ...
How do you handle keeping a user logged in or updating a cart when you can't use sessions? adding the userId or cartId to hidden input fields feels like a security flaw ...
The situation is this: A payment is made to one server, and on completion, it must notify another server securely. What I am trying to do is actually quite similar to a notify_url of a payment service. I.E. paypal receives a payment, and then notifies the origin through a long URL. How does one verify the data being passed. Any useful l...
Is it possible to establish an SSL connection from a Socket in Flash? ...
I load swf files continuosly, but if one of the swfs has some defective code such as Mouse.hide() the mouse disappears when the swf is loaded. I want to constrain such malicious code in loaded swfs. There is also another problem related to contraining loaded or loading swfs. When I load a swf which loads another swf to operate, It does...
Sorry if this question is a little off topic, but I noticed people are discussing WMI here and thought that maybe this as good a forum as any, and better than most. I wanted to configure a port for my SQL Server, and it turned out that my mis-configured or corrupt WMI installation is creating an obstacle. I've tried numerous things to ...
I Upgrade a small Ms Acces Desktop application to VB.net SqlServer Express 2008 R2, this application run on different clients LAN Networks ( about 50 ) with one dedicated Windows Server 2008 R2 and two or trhee PC-Clients. All installations have SqlServer sa password and nobody knows the password, this sa login is only for administrati...
I am trying to wrap my head around symfony's user authentication. Need advice on best practices. apps/frontend/modules/mymodule/config/security.yml edit: is_secure: true credentials: owner all: is_secure: false When and where do I set $this->getUser()->addCredential('owner')? In a filter of the filter chain? If I set it there...
Hi I am looking for advice regarding protection and testing against attacks on your php website. I have found some advice myself by searching around and I hope the more experienced developers have more suggestions and can fill in the blanks. please help out if you can so we can make safer and better websites. Firs...
Im doing research on the capabilities of static analysis and at the moment I'm in the process of gathering code-snippets which contain subtle vulnerabilities. By that I mean not the obvious XSS and SQLI, but more subtle ones like below: $url = htmlspecialchars($_GET["url"]); echo "<a href=$url>Click here to continue</a>"; $url = htmls...
I created a class "String" and placed that in package "java" [ actually i wanted to create java.lang to see which class is loaded by classLoader as Once a class is loaded into a JVM, the same class (I repeat, the same class) will not be loaded again quoted from oreilly ] . But that thing later, why on running this class i a...