Hello. I would like to know if there is anyway to know the date at which an application was installed in an Android phone. I would like to know this in order to implement a time limited trial / demo version of an application. I could save the date on the first usage, but a tech-savvy user could use ADB to change the database or delete ...
Hi all, Hoping any Silverlight 4/RIA Services application developers might have seen the behavior I'm seeing and even better yet, have a solution. I have developed a new Silverlight 4 line of business application using the Silverlight Business Project template. The SL app is deployed inside our intranet environment at work and I've con...
How would you implement simple password protection on a Google App Engine application? No users authentication, just simple requirement to enter a password in order to open specific page. The other requirement is that the target page should not be displayed if its URL is entered directly. I'm looking for a solution using Python. ...
Hi guys, i'm trying to secure some WCF services. I'd like to use IIS or the Web.config todo all of the heavy lifting/configuration if possible. I don't want to embed anything in my code - thought I know that may not be feasible. If possible, I'd like to achieve this without having to resort to AspCompatibilityMode :( I'm using a custom...
Can someone confirm this: do I need to provide both a CSRF token and a Captcha in a submission form, or do the two more or less serve the same function (one can be used instead of the other)? ...
In a shell application, I need to be able to load and execute other .NET assemblies at runtime, but without giving them full trust. Essentially, I want to limit them (the loaded assemblies) from touching any system resources (threading, networking, etc), with the only exception being isolated storage. However, assemblies which are from "...
This article talks about the Obama administrations plan to propose a required wiretap backdoor on all communication services like p2p, encrypted communication services, social networking, skype, etc. The article mentions that technology advocates suggest it will make life easier for hackers, which seems obvious. Can someone explain why...
I'm using the following hash with a salt that says 'unique'. I'm not sure if 'unique' is a literal string or an internal zend keyword for Zend to actually generate a unique salt? If it's just a random string I think it's better to change that, so does zend have a random string generation function that could be used to salt this sort of...
Hello, I'm insterested to know the techniques that where used to discover vulnerabilities. I know the theory about buffer overflows, format string exploits, ecc, I also wrote some of them. But I still don't realize how to find a vulnerability in an efficient way. I don't looking for a magic wand, I'm only looking for the most common t...
Is there an online service that can tell me if the file at a given URL is malicious? I'm publishing URLs in my website, and would like to warn users which URLs could contain malware. I'd like to request a report with an HTTP request like: http://www.somemalwareadvisor.com/canitrust?url=... Thanks! ...
We run a website that has a number of public content makers that represent the public faces of our project. One of the people has a previous online stalker who has found her at our site and has immediately started commenting on her posts and content. Aside from tracking and blocking his IP what sort of technical solutions can I be imple...
Possible Duplicate: How serious is this new ASP.NET security vulnerability and how can I workaround it? I just saw this video that shows a vulnerability in ASP.Net. Is there any way that we can block this kind of attacks? POET Attack on dnn ...
Hi, I have been using and learning Servlets and JSP without giving enough thoughts on J2EE/JEE security. Now, I wanted to upgrade my knowledge and add security into the web apps that I am building. I have searched over SO post but cant find enough resource to read on about Security. Can you share me some links or tutorials where I co...
As the title says, will this code work and will it work in major browsers? I ask because currently I have no resources to test it, so I would appreciate some help on this. Here is what I have (not tested): setTimeout(window.location.history.go(-2), 5000); Thanks ...
I'm writing an application for Android that uses symmetric key encryption to protect sensitive data. As far as I can tell, Android only directly supports "PBEWithMD5AndDES". How secure is this algorithm? Also, I've included my code below (non-andriod). Is my code correctly encrypting the data? import java.io.UnsupportedEncodingException...
I'm attempting to work out whether a hardware RNG is actually any safer than RNGCryptoServiceProvider. Given that randomness from RNGCryptoServiceProvider is provided using various system and user data such as the process ID, thread ID, system clock, system time, system counter, memory status, free disk clusters, and hashed user environ...
I am working on an application that uses a private web service. We currently use a bundled client certificate to enable 2-way SSL connectivity however the password for the certificate is in the code and it is a concern that this could be de-compiled and used with the (trivially)extracted certificate file for nefarious purposes. Is ther...
I am making an easy-to-setup, no-database PHP website which stores its data instead in text files. The setup is a Linux/Apache/PHP server. Up to now the information has been non-sensitive, so I store in: ../data/system.txt Theoretically someone could type (url)/data/system.txt in their browser and see the data file in plain text, which...
I'm trying to use Assembly.Load(Byte[]) in a Silverlight 4 app and i'm getting MethodAccessException. As far as I understand that's because my app code is Transparent and this method is Critical. Is there any SafeCritical API to load assembly from byte array? Then I want to create an instance of type (SL app doesn't have a compile time ...
Hello, I like to write a template system in Python, which allows to include files. e.g. This is a template You can safely include files with safe_include`othertemplate.rst` As you know, including files might be dangerous. For example, if I use the template system in a web application which allows users to create their own t...