in asp.net mvc, if u create a simple site, some security code will be inserted automatically and role base security (via attributes) can be applyed to site (u can define roles in web configuration), but i have a windows application and i want to apply this role base autherization and authentication in my application on my methods and ......
How can a website build in PHP (like Facebook) can be so fast and (sorry if I'm wrong) secure ? Do they use their own compiled version ? What kind special techniques do you guys think they use? What config do we need to have to make PHP viable for huge scale project? ...
Hi, I have an asp.net application having a class library referenced in the web project i.e.I am calling a class library method with the parameters (file path in the server machine). I tried accessing the path from the class library. I am getting the error saying "" I am using windows server 2003 machine and I have given permissions to ...
Hello, I am developing an application that involves some sensitive user information. I retrieve this information via a private web API. I am trying to determine the best way to get this data into my app. Right now I'm exploring creating a content provider that can do so; my hesitation is in making it secure. I want this data to be usabl...
I need to connect to an ASMX secured web service over HTTPS using Silverlight 4. I have been able to connect to the service using a WPF application using the following configuration: <binding name="wsSomeWebService" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies...
I had some problems where RSA keys created using the Security.Cryptography.RSAParameters were working only most of the time with RSACryptoServiceProvider.ImportParameters. After a bunch of debugging it appears that the properties of that object want very specific byte buffer sizes. My ASN.1 parsing code has zero-byte-prefix elimination....
If I have a sitemap_index.xml file and have it in root of my website. Then I have a sitemap.xml file located a couple of directories down, which I referr to in the sitemap_index.xml file. Will I be able to have urls inside the sitemap.xml file which are on higher levels than itself is, for example in the root directory? Thanks EDIT: ...
What permissions should I set on the sitemap_index.xml and sitemap.xml on my server? Thanks ...
I am trying to allow someone from outside of our AD to access a private message queue for reading and another one for sending. I don't want to add them to our AD. Is something like this possible? ...
I'm trying to secure my application by running the bits of code that deal with user-provided content under a very restrictive SecurityManager. It's AccessController.doPrivileged() turned on its head - normally this is used to provide a block of code with extra permissions but I'm using it to constrain a block of code to a very small san...
I am about to finish up my dynamic classifieds website (php) and have some problem with figuring out how to write the meta and title tags. I have read mixed articles about the & sign, and how to use it in the title or meta tags properly. What role does the document encoding have and does the DOCTYPE have anything to do with this also? ...
I've been using PHP's crypt() as a way to store and verify passwords in my database. I use hashing for other things, but crypt() for passwords. The documentation isn't that good and there seems to be a lot of debate. I'm using blowfish and two salts to crypt a password and store it in the database. Before I would store the salt and the e...
I need to make sure that PHP sites that I administrate, don't have any common PHP flaws, like SQL injection, wrongly configured permissions to files and folders etc. By site I mean for example Joomla site with plugins and modules. Making this security check manually can be time consuming and automated test could be run on daily basis to ...
Microsoft released their out of band release to fix the security flaw in ASP.NET the yesterday. What methods did Microsoft use to end the viability of this vector? ...
I've looking for a way to store a given AES key so that it can't be retrieved, but it can still be used for encryption and decryption (using C#). I think the equivalent for asymetric key storage can be found here, but I'm looking for something that can be used for symmetric encryption. Does it exist in a managed form (pre .Net 4)? ...
Hi, I'm coding an application where I want to let the user learn javascript in this way: The user write javascript code on the browser like in an IDE. The user saves it and the code will be saved as a string in my backend No-SQL database (MongoDB/CouchDB). The user opens the application some days later and I pass that string to the we...
Can anyone recommend me a way to encode files of sensitive data so that no one can crack them? I will be the only who knows the password. I am thinking of using GPG but I know next to nothing about security. Any suggestions which algorithm from GPG to use for encryption? Thanks, Boda Cydo. ...
Could someone help me with the precautions that are to be taken to keep the asp.net / cloud website secure? ...
In our application logs must be signed in order to prove that they have not been changed after they happened. This means that they must be signed using some sort of timestamp that links the signature with the time at which the log was written and signed. This way the log cannot be modified and signed again without changing that timesta...
Hi all, I'm trying to think of how to validate that a web service is only accessed by an authorised client software. Now I don't mean that I only want the web service open to authorised users, I only want my web services open to clients that I deem acceptable. Lets take a use case. I have a web service that I provide, and software th...