Hi, A few months ago I saw a PHP script built to detect malware injections in files. Basically the script watched for any files on the server to change or for their contents to change, and then emailed an admin if the contents changed. I haven't been able to locate a script that does this but I need one. Does anyone know of a program...
I am developing an ASP.Net application that will need to verify that the user is legit and not a spam. Once the new user enters their first name, last name, email address, my application will send an email to verify the user's authenticity. The email would conatin a link that would confirm the users account. I am looking help on what ...
I have a public facing web site living at www.somedomain.com. This web site renders pages with links to images that live at photos.somedomain.com. All users that view images on www.somedomain.com must be authenticated with forms authentication and they are authenticated by the asp.net membership provider running in the context of the w...
hi dears I am asked to add a new algorithm to ssh so data is ciphered in new algorithm, any idea how to add new algorithm to ssh ? thanks ...
I've heard the theory. Address Space Location Randomization takes libraries and loads them at randomized locations in the virtual address space, so that in case a hacker finds a hole in your program, he doesn't have a pre-known address to execute a return-to-libc attack against, for example. But after thinking about it for a few second...
AFAIK, PKCS#5 is used for hashing passwords. I could not find an example to explain how to use openssl to make a client for hashing the passwords. ...
Hi guys, I am studying the Code Access Security of .NET 2.0. My current understanding is as below: The basic mechanism of the CAS is for the CLR to collect certain evidences from the assembly, and then use the evidence and policy to work out a permission set for the assembly's code. And the assembly's code can do nothing beyond that pe...
Hi friends, I wrote the following code to test the CAS: [SecurityPermission(SecurityAction.Demand,Flags=SecurityPermissionFlag.Execution)] static void Main(string[] args) { Console.WriteLine("hello, world!"); } In the .NET 2.0 Configuration, I use the strong name of the above assembly to create a code group an...
Hi I have a WCF service, and two apps behind the Firewall, and third app connect remotely through internet. I host the service on IIS. If I restrict the IPs to local IP, and that remote server IP using IIS, would that be sufficient? if yes, Is that a bad idea for another reason rather than security. Given that the remote server will ...
Using this code for authentification: HttpContext.Current.User=new GenericPrincipal (new GenericIdentity(user.UserName), roles); FormsAuthentication.SetAuthCookie(user.UserName,false); Problem is - on next request, HttpContext.Current.User.IsAuthenticated is true, but HttpContext.Current.User.IsInRole("admin") is false. There are a...
Hi, This is another Cloud security question, but it relates to the specific types of vulnerabilities that are exposed via a cloud infrastructure. My question is: Assume Company A and Company B have separate virtual servers within the same Cloud-provider's infrastructure (assume they have 2 servers each). Because these four virtual serv...
Hi Why use Windows authentication for WCF service hosted on IIS, if I can limit accessing the IP range to be "localhost", Is there a security hole here. if not, then why Windows authentication is supported by WCF, sense I can restrict IPs for all Intranet scenarios. thanks ...
I've notice some strange behaviour on my Drupal site. I like to understand the data I'm looking at before I take action so that I don't waste time pursuing the wrong measures, but I'm lacking security knowledge to interpret. A single account has made many odd repeat requests, including attempting to reach the edit profile page, logging...
I'm writing a Drupal module to integrate with a custom Java-based REST API for creating, authenticating, and managing user accounts. I'm using drupal_query_string_encode to encode the calls I'm making to the API. Should I also use something like check_plain (or something else) to sanitize username, password, & email values before callin...
Hello guys and gals! Openssl is a great security library and I use it from time to time. When I generate RSA keys I have RSA object with private and public key data. OK. Fine. I'm happy with that. I can print private key to the printer. And here come's the question. Is it possible to create a valid RSA object only from the entered pri...
Hello, I'm running Tomcat 6.0.29 and created a realm and loginmodule of my own. They are defined in server.xml like so: <Realm className="mycompany.tomcat.MyRepositoryRealm" appName="My_Realm" userClassNames="mycompany.tomcat.IdentityPrincipal" roleClassNames="mycompany.tomcat.RolePrincipal" useContextClassLoader="true"/> I have adde...
I have a WCF service hosted in a Windows Service. Clients from various platforms will access the service. Now I would like to add a basic security mechanism. Ideally, the clients should use username/password for authentication. Which binding settings do I have to use in this scenario and how can I authenticate the client? Interoperabil...
Is there any problem with security if I store userid,profileId,username and other such kind information in cookie. ...
In my cruisecontrol build procedure (msbuild) I'm writing to a logfile. This is the error message that gets displayed MSBUILD : Logger error MSB4104: Failed to write to log file "C:\CruiseControl\projects\Framework\Output\Build". Access to the path 'C:\CruiseControl\projects\Framework\Output\Build' is denied. Do anyone know what ri...
Is it possible to detect these for visitors or registered users on my website without using any plugins? I am creating the security features so scouting around for things i can detect for added security alerts. Security is very important with this service due to storage of confidential information so I am trying to use different security...