I'm currently working on desktop application which calls third party API. After authorizing against their "web service", a kind of user token is returned which should be stored locally (even if user closes application). So I'm looking for solution to encrypt this token with user specific key. Does Windows (and .NET) provide some stand...
Question: Is it possible to construct a web page that has a script to turn off XML data-binding in MSIE? The ideal approach would be to code an HTML page and instruct all people in the office to visit the page with a button that says "turn off data-binding". Rationale: The desktop sysadmin is not available at this time and the goal is t...
I have a web service (WCF or ASMX doesn't matter)... I have made a Console application, right-clicked, added service referrence. So far, so good. However, I cannot for the life of me pass "security" credentials across to my service. This is my client code: var client = new MyClient(); client.ClientCredentials.UserName.UserName = "bob"...
How would I only allow users authenticated via Python code to access certain files on the server? For instance, say I have /static/book.txt which I want to protect. When a user accesses /some/path/that/validates/him, a Python script deems him worthy of accessing /static/book.txt and redirects him to that path. How would I stop users wh...
I am taking in a string from user input, and splitting it on whitespace (using \w) into an array of strings. I then loop through the array, and append a part of the where clause like this: query += " AND ( " + "field1 LIKE '%" + searchStrings[i] +"%' " + " OR field2 LIKE '%" + searchString...
The ISO C committee (ISO/IEC JTC1/SC21/WG14) has published TR 24731-1 and is working on TR 24731-2 (the second part is still under development). From the web site: TR 24731-1: Extensions to the C Library Part I: Bounds-checking interfaces WG14 is working on a TR on safer C library functions. This TR is oriented towards modifying exi...
Perhaps not directly programming related, but definitely product / commercially related. And I can't find a dupe, so I thought I would ask. I have had a bit of trouble trying to figure out what best to say to people who have called and asked for advice. The Microsoft message is a bit worrying - basically, be worried, lock up everythin...
I'm using php and I have the following code to convert an absolute path to a url. function make_url($path, $secure = false){ return (!$secure ? 'http://' : 'https://').str_replace($_SERVER['DOCUMENT_ROOT'], $_SERVER['HTTP_HOST'], $path); } My question is basically, is there a better way to do this in terms of security / reliabilit...
I really don't understand what the problem is with those people who ask you not to use JavaScript on your site. I went through all sorts of trouble trying to remove a couple of JavaScript scripts I used on one of my sites to appease a couple of "complainers". A month later, after a relentless attack by spam bots, I decided I better a...
Hi All, It's been a long while since I looked at SQL Jobs on SQL Server 2000. On SQL 2005, if I want to allow a user to create jobs etc I add the requisite login to msdb and assign one of the roles SQLAgentUserRole, SQLAgentReaderRole or SQLAgentOperatorsRole role. No problem there. Perhaps someone can help me jog my memory about rig...
I have a MOSS 07 site that is configured for anonymous access. There is a document library within this site that also has anonymous access enabled. When an anonymous user clicks on a PDF file in this library, he or she can read or download it with no problem. When a user clicks on an Office document, he or she is prompted with a login bo...
I have a ASP.NET page which allows an administrator to change the password for a user. Since the administrator does not know the user's password, I am using the following: MembershipUser member = Membership.GetUser(_usernameTextBox.Text); member.ChangePassword(member.ResetPassword(), _passNewTextBox.Text); -- as described by this SO ...
Hi, My windows service is creating a directory on a shared folder, and I am getting a error: at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.Directory.InternalCreateDirectory(String fullPath, String path,DirectorySecurity dirSecurity) at System.IO.Directory.CreateDirectory(String path, DirectorySecur...
Opinions: I want to disallow direct invocation of certain scripts, that have functionality accessible from a menu, via Web at the OS level (linux). I was hoping to call a authorize.pl script that checks the session validity, checks user privileges etc. Then it will redirect to the target script. Does this get around permissions? ...
I'm implementing a JAX-WS webservice that will be consumed by external Java and PHP clients. The clients have to authenticate with a username and password stored in a database per client. What authentication mechanism is best to use to make sure that misc clients can use it? ...
What is the advantage of doing a logical delete of a record (i.e. setting a flag stating that the record is deleted) as opposed to actually or physically deleting the record? Is this common practice? Is this secure? ...
Hi, I want to store the username/password information of my windows service 'logon as' user in the app.config. So in my Installer, I am trying to grab the username/password from app.config and set the property but I am getting an error when trying to install the service. It works fine if I hard code the username/password, and fails wh...
All-- I am writing code that checks for the permission to write to and delete from certain directories. The first is fairly easy. To whit: FileIOPermission writePermit = new FileIOPermission(FileIOPermissionAccess.Write, _ArchiveHome); writePermit.Demand(); But, how do I do the same for permission to delete from a given directory? T...
We have a tech support website/database at work that we use to record our interactions with customers. Our tech support people are not capable of creating their own accounts. We also use Mantis on the same server as a way to keep track of bugs. Inside the tech support site we would like to have a link to Mantis so that our tech support...
Hi, I get the above error when trying to run the code from Microsoft's Secure SOAP sample http://msdn.microsoft.com/en-us/library/s2ya483s.aspx The call, from M'soft's code, seems to be correct: Status = g_Sample_SecurityInit._SecurityFunc.AcquireCredentialsHandleA( NULL, // Name of principal UNISP_NAME_A...