How to fetch the status of Internet security setting(Display mixed content) using javascript or c# code
Is there any way to detect the internet security setting using javascript or through C# code ...
security
Ajax Log-in or Auto-login with J2EE Container-Managed Security (FORM-based auth)
I have a J2EE webapp which uses standard FORM-based authentication, using a login.jsp page, which works okay, apart from a couple of glitches: If username/password are incorrect, the login error page auto-redirects back to login.jsp, but unfortunately "j_security_check" then appears at the end of the URL - which I know is sub-optimal. ...
How to prevent other users from downloading/opening others files?
I am making a small file hosting website, and each user can upload multiple files, and will have access to just his files and can't access others files, for example by guessing the URL. Is there a way to secure files to have access by just the owner and no body else "may be website administrator also will have access" Update if you can ...
Is it possible to use TrueCrypt through another application? (C#)
I have just started using TrueCrypt and I am wondering if it is at all possible for me to write a console/forms app that will allow me to interact with truecrypt. It would be using C# in Visual Studio 2010 with Windows 7. I am just wanting to know if I can do it. If anyone has done it before or knows if it is possible I would appreciate ...
How should I wall off the dev and/or beta sites -- from the public and search engine bots?
I need dev and beta sites hosted on the same server as the production environment (let's let that fly for practical reasons). To keep things simple, I can accept the same protections in place on both dev and beta -- basically don't let it get spidered, and put something short of user names and passwords in place to prevent everyone and ...
What are the security issues with diaspora?
I heard allot of buzz around the security issues with diaspora, can someone summarize what they were? ...
Bit banging in ruby
I want to create a bit, that will contain security permissions for a given user. In c#, I would do this by creating an enumeration, and then I would do some bit banging on the binary value, by anding '&&' to see if it results in a TRUE value. How can I do this best in Ruby? ...
How is this PHP authentication function hackable?
This is a recursive function I wrote to determine whether or not a given user is authorized to view content on a page. It is called in essentially the following fashion: if(authorize($_SESSION['user']['user_id'], $necessaryClearance)){ //Output restricted content } else{ //Inform user they are not authorized } Every user has ...
Prevent certain properties from being updated?
In rails, when updating a model, how do you prevent certain properties of the model from being updated when using a call like: @user.update_profile params[:user] Since anyone can just create a form input with a name like 'password', how can you filter the set of properties that you are allowing to be updatable? Is this what attr_XXX ...
What security issues need to be addressed when working with Google App Engine?
I've been considering using Google App Engine for a few hobby projects. While they won't be handling any sensitive data, I'd still like to make them relatively secure for a number of reasons, like learning about security, legal, etc. What security issues need to be addressed when working with Google App Engine? Are they the same issues...
Jsf ActionListener for custom security implementation
I've developed custom ActionListener: public class SecureActionListener extends ActionListenerImpl implements ActionListener { private ActionListener _delegate; public SecureActionListener(ActionListener delegate) { _delegate = delegate; } @Override public void processAction(ActionEvent actionEvent) { ...
Flash game hacking
I usually organise tournaments on my site (flash based) and this time I have added a tournament in which users have to complete a jigsaw puzzle and the one who completes it in the least time wins some prize. As the jigsaw puzzle always produces random location, it is difficult for them to hack. They can't even directly download the game ...
ruby1.9, rails & $SAFE=1
Trying to use $SAFE=1 (just wanted to put some processing in a drb server) make rails unusable: it can't load some paths, data recovered from the DB are tainted, etc. For instance: rails console Loading development environment (Rails 3.0.0) ruby-1.9.2-p0 > $SAFE=1; User.first SecurityError: Insecure operation - file? from .rvm/gems/...
Limiting unserialize() to return arrays?
Is there any way to limit PHP's unserialize() to only parse arrays? For security reasons. Suppose there is is an evil __unserialize() magic method in the unserialized object I don't wanna call! ...
How to debug win 32 process to find memory access violation?
I have Agent installed on remote machine, this agent behave like process works in background, the process open socket connection with port number. The problem: this agent was exploited by security company, I am as QA want to find the problem for fix it. I have Perl script that able to connect to the agent by socket connection and send so...
Is CKeditor safe for letting end-users submit content?
I am about to let some users publish articles on my site. To make it easier for them, I was thinking of using a CKeditor, let them have links, images, formating, etc ... However I was thinking of javascript. Can someone inject javascript or will CKeditor clean it up? Do I need my own filtering? ...
How to reset an object's security descriptor to the default?
As part of a testing utility I am creating some registry keys and applying a specific security descriptor to them. Later on I want to reset it to the "default" security descriptor (i.e. inherited from the parent). What is the proper way to do this? I can't save and restore the original security descriptor because this utility may be r...
What is a good browser level encryption product?
I'm looking for a product that can provide browser-level encryption of textual data before it's sent to a backend server. HTTPS can be the secure transport mechanism but we need the packet to be encrypted on the browser first. The data packet must end up in encrypted form on the backend database. Use case is: user fills out form on the b...
How to sanitize user created filenames for a networked application?
I'm working on an instant messaging app, where users can receive files from their friends. The names of the files received are set by the sender of the file, and multiple files can be sent together with the possibility of subdirectories. For example, two files sent together might be "1" and "sub/2" such that the downloaded results shoul...
Building security architecture in web software (creating an API)
I have a set of actions in a database, such as Add User, Edit User, Import Users, Send Invitation, etc. I have attached these permissions to roles. Then I attached these roles to users. Is there a good pattern or API I can create for using this? I do not want to put a bunch of if/else statements in the code to check for permissions. So ...