I'm creating a watch dog service that will be monitoring other services on various remote servers (all in the same domain). The user that I'm using to connect to the remote servers is not an admin. When I try to enumerate the services in the Win32_Service class, I get an access denied error. I've given the user 'Remote Enable' & 'Ena...
Hi All, We are developing client application for our solution. Its a desktop client. We are using flex for same. (Although I know flex is meant for web application and air application is best suited for desktop clients, but due to some build issues we can't go for air applications). Now according to our use case we required to read file...
I'm doing a gig where there is a need to write a few simple VBA macros for Word and Excel. This is a skill I haven't used in about 8 years -- and things have changed! Aside from the little detail that VBA is clearly in legacy mode, with minimal support, there's all the new security measures designed to close VBA as a malware vector. Mos...
Just need to secure the directory with possibly a prompt box or something. Sorry, i am nublariffic. ...
I have an application that connect to my website to verify user data (hardware id), but if somebody puts a line in the windows hosts file, it could be relayed to another site. Then it gets bad data and my app gets cheated (cracked). So, how to detect if my website is relayed through the hosts file or another application? ...
I have inherited a website which is build entirely in Flash and the main swf is 4.5MB large (ouch!). As you might guess this has caused a large hosting bill for my client. To solve the issue somewhat I want to move this monolithic swf to Amazon S3, however, this is causing security issues. This is how the larget swf is currently being ...
I was discussing this with some friends and we began to wonder about this. Could someone gain access to URLs or other values that are contained in the actual objective-c code after they purchase your app? Our initial feeling was no, but I wondered if anyone out there had definitive knowledge one way or the other? I do know that .plist ...
Hi, I am trying to build a simple username-password-role based security object model for my application. The requirement is that user will enter using username and password and he/she will have enable and disable access to the part of the system depending upon whatever role they fall into. which I think is fairly simple idea. Now here...
For data security and privacy reasons I want to know why Magento uses two cookies for one frontend session. All I know is that one of them is being set in Mage_Core_Model_Cookie::set(..) and the other one in Zend_Session::expireSessionCookie(), but still I can't seem to figure out what they are used for. I just can't think of any reaso...
Some weeks ago I've asked a question regarding best practice on how to secure a Business Layer. In the meantime I have something based on PrincipalPermission and some custom code for specifics checks. But I'm still not really happy about that solution and struggling how to make it better. What I'm still trying to achieve: Ensure that...
hi i want to create an application that logs these items: windows turn on, turn off time log in, log out time hibernate time restart time in windows 7 'Admin event viewer' log most of above item but in windows xp there is not a clear log. in addition, the user can change event setting how i can do this with fully trust. Thank yo...
Hi experts, Here is my security-context.xml file <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://www.springframework.org/schema/security" xmlns:aop="http://www.springframework.org/schema/aop" xsi:sch...
Hello. I have two computers in my house, both with Windows 7 Ultimate 64 bits. I also have installed a Team Foundation Server 2010 on one of them. I want to access TFS 2010 from the other PC but I can't because I don't have a valid user to access. When I try to add that user to TFS 2010 I can't because I can't see the users from the o...
Has anyone used command line to run fortify? I tryin to incorporate fortify run in my CI build and I dont know how to do it. ...
Is there an easy way to do this? ...
On my elmah exceptions i keep getting exceptions of what appears to be googlebot but what I imagine is someone impersonating themselves trying to download what appears to be wares and other dodgy software from my server. Here are just a few of the attempts and the software they are trying to get. The controller for path '/download/msj...
What kind of potential security risk it raises if I left $update_access_free = TRUE in Drupal on a production environment? In that case, everyone can run update.php. Assuming there are no updates available, what can an attacker do? ...
Hello Everyone, I have an AJAX Function that calls a PHP Script and displays the result on a page. So, i have two pages, say: form.php - This is where the Input is gathered and displayed process.php - This is the php that is called and result from this is displayed on form.php Now, here is my AJAX Function: function showList(str) { ...
After moving my web site from my local development environment to a shared host I get: Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust leve...
I just recently finished reading Secure Coding in C and C++ by Brian Seacord, who works for CERT. Overall, it's an excellent book and I would recommend it to any programmer who hasn't yet read it. After reading it, it occurs to me that for all the various types of security vulnerabilities (such as exploit code injection, buffer overf...