Hi folks, I'm implementing an API using Django. One 1 service should be able to access 1 API url. I am wondering if there are any popular security practices that go beyond using username/password and SSL? Is using sequential signature generation a popular practice? ...
I have an assignment called "Write a client server socket program in Java in which server will authenticate client using authentication algorithm." How do I get started? Which are the prerequisites of knowledge of computer security and socket programming to implement this? Any links to good tutorials? EDIT: Using Caesar Cipher ...
Theft proof means i can detect that this is coming from different client IP/ or over different route (when client is behind proxy or something) temper proof mean i can detect that cookie is not valid and not sent by server!! ...
Hi guys, ive recently installed apache2 on my Ubuntu machine and have a few questions about security and user permissions. I know how to listen on other ports, hide indexes with -Indexes and how to create/disable new Virtual Hosts on the same machine, but there is a lot of user options already preset in the standard install config I am u...
I recently took over the development of a CF site and am having some trouble obtaining the login and password to the Admin for CF. I was hoping another StackOverflower may haave some insight on obtaining access. We have access to the FTP and any other hosting related details. Any helpful insight will be greatly appreciated. Thank you...
Hi, On my page https://ol-shop.at/index.php?route=account/login it seems to be that there are insecure objects. Could someone please help me, taking a look on the source code. I don't know which url or object could be insecure. Thanks. ...
I recently found out that there are several vulnerabilities in the linux kernel that allow for privilge escalation, that have not been patched yet in the major distributions, and have public exploits on the usual sources. For example, I could get root on any of my completely up to date Ubuntu 10.04 systems using this very simple exploit....
When using the Ecommerce methods in Google Analytics do you also make calls to the normal tracking methods as well? When we first added GA too our site a few years ago we left it off of the sales pages as we wanted to be careful about what information might be sent to Google. But now that I'm adding Ecommerce tracking to these pages I'm...
I want to give my application data folder kaspersky antivirus like security. Where I can add a folder but cant change any content or create any file. I even gave the current user full control security privilege but it just does not working only for this kaspersky data folder. I can only modify data when I turning off "Self protection opt...
I have this in my htaccess: Options +FollowSymLinks Options -Indexes RewriteEngine On RewriteRule ^annons/([a-zA-Z0-9_]+)$ ad.php?ad_id=$1 [NC] ErrorDocument 404 /404.html This all works, except for one problem. When I write an adress that doesn't exist like this: http://www.domain.com/some_adress_that_doesnt_exist then the 404...
I am not a PHP developer but I'm assessing the security of a PHP5 application. The author relied on extract($_POST) and extract($_GET) in some places, outside of functions. My suggestion is to call extract($_POST, EXTR_PREFIX_ALL, 'form') and change the code accordingly, but his stance is that any variable is being redefined inside sub...
How can I protect my implemented JS methods from user? So that no one could copy these methods. Normally, User can see JS methods in firebug easily. I want to hide methods in firebug also. Is there any trick to hide methods from users? Note: I don't want to use Eval method. so please don't suggest me to eval based tricks ...
In the robots.txt file, I am about to disallow some sections of my site. For instance, I don't want my "terms and conditions" to be indexed by search engines. User-agent: * Disallow: /terms The real path to the file is actually /data/terms_and_conditions.html But I have used .htaccess to rewrite the URL. Now to my Q, should I ...
I have switched our internal codebase to use Mercurial, with a hosted remote repository. I've read that using Mercurial over SSH instead of HTTPS is faster because the data is compressed before it is sent. But... compared to HTTPS, it's quite a pain to set up, especially on Windows. For those of you who have used both regularly on lar...
Hi, How would I apply SSL HTTPS to my PHP Login system. My login system is basic here is how it goes: Fetches session and user then checks if its correct. I'll need some kind of SSL/HTTPS checking. Any examples? ...
So, if this question has been asked before, I'm sorry. I'm not exactly sure what to search for. Introduction: All the domains I maintain now are hosted on my server, so I have not ran into this problem yet. I have created a structure, similar to WordPress, for uploading and editing images. I regularly create changes in the functions...
Hello everyone, I am going to build a Site in PHP. But now a days there are many crackers who crack our sites. To stop them or to secure our site from them How can i manage the security of my site.The site is based on an Institute. Please Give me some tips and references. Thanks In Advance. And sorry for my poor English. ...
If I have a sitemap_index.xml: http://www.domain.com/sitemap.xml 2010-09-28 And I change the content or update the page, and then change the lastmod, will I then have to submit it again to the search engines, for example in google webmaster tools (the section where you submit sitemaps)? Thanks ...
How do I check if the action I am calling was secured in security.yml? security.yml myAction: is_secure: false filter.yml myFilter: class: myFilter Now inside myFilter i want to check if the action was secured or not. class myFilter extends sfFilter { public function execute($filterChain) { if ($this->getContext()->is...
Hi all, Are there any known security issues with compiling against an older JDK? For instance lets say Oracle decides to change something in one of their implementations that was to close a security vulnerability. If we compile against the older JDK would we still be vulnerable? EDIT We are running against JDK 6 and we compile ag...