I'm developing an application that allows users to input into VARCHAR(255) fields in mySQL, so security is a major concern. I am having trouble understanding quote(). If I use quote('test'), the data returns as '\'test\'' on SELECT, which is undesirable. How do I unquote this data? If I bypass quote(), I can peek into phpmyadmin and...
I'm working on a Google chrome extension that basically hits our API to do a search and lists the results. We'd like the extension to have elevated API privileges (i.e. so it has access to data a regular user doesn't, and doesn't have the usual 200/requests a day limit), but we're not sure how to secure the API key used by the extension...
Alright I am working on a system for managing a bunch of vps. This includes mundane maintenance tasks as well as resource allocation. In order to accomplish this my control server will need to be connecting to the various servers. I regularly use ssh public/private key and this seems like the most logical way to connect from the control...
Hi, Is there any quick-to-grasp article about the concepts such as "Windows Session", "token", "Windows identity", "impersonation", "default computer account", etc. I want to know how different types of applications run on windows in different sessions with different identities. (Hope I make myself clear.) Many thanks... ...
I have an existing Spring application which I wish to also allow users to register / sign in through facebook. The facebook sign-in is working fine, and is currently executed from the client using the Actionscript-Facebook API ( which is essentially a wrapper for the Facebook JS API). However I'm unsure as to what is an appropriate app...
I searched all over the internet trying to get a guidance about the security practices for a really secured site like an online banking site and didn't find any. My interest is to know what practices you are using in following areas: Communication: definitely using SSL ... any extra tips to protect against "man-in-the-middle" attacks....
We have a repository running on subversion 1.6.6 on Ubuntu server. While adding a new file to the working copy and committing it to the repo, we get the error Can't open file '/var/svn/mobilesync/db/txn-current-lock': Permission denied What is the issue and what can I do about it ? Is it a matter of a lock created by a previous proces...
Anyone know of any guides for this? I'm a complete newbie to weblogic and to container-managed security. What I've done already is: setup an LDAP authenticator in Weblogic created a simple webapp in Eclipse Configure web.xml: Added security-constraint, security-role and login-config elements. The realm name used is "myrealm" which alr...
Hi, I am using JSON for data exchange between my mobile client and the server. I am using that for some sensitive data transfers. However is their any risk in this data format or any security consideration using JSON format? Also the communication is done in HTTPS. Also I need to know whether we need to apply basic encryption standard...
All, One of my clients is requesting that all of it's technology vendors have taken a course in "secure coding practices." That's obviously an enormous topic - not something you can master in a short class. However - it's still probably a good idea to learn about some of the more obvious issues and vulnerabilities. So, can anyone rec...
Hi there I am aware of timeout settings for certain executions over the internet. My iphone application is downloading videos over the internet via a wifi router connection. I've heard that a connection like this shouldn't be open for more than 240secs? Is this true? What dangers/security threats/issues/etc will I encounter the more ...
I have an offline kiosk computer that will be running a LAMP web server and hosting a form for people to walk up and fill out. The data they submit will be encrypted and stored in a MySQL database (all stored locally on that machine). The concern is that if the entire box was stolen, someone would potentially be able to get into the cod...
I need to "password protect" my application but need advice on where to store the password securely. How I intend to do this: The first time the program is run, I will prompt the user to create a password. The password will be salted and hashed in SHA-256 then stored in either the Registry or a file. The Problem: If I store the hashe...
For the iPad/iPhone can I detect when the user has the keypad lock turned on for inactivity protection? If you have sensitive information in an application you will still often cache username/password and it is too disruptive to ask for a full username/password challenge after each period of inactivity. I want to ensure that if the...
Hi all, I'm currently in the process of migrating an application from Spring 2.5.6 to Spring 3.0.4 and Spring Security 3.0.2 and I was wondering if there was some kind of execution flow for both of these framework so that developpers could know what is being called before what. For those of you who are doing this kind of migration, I ca...
We're developing a REST API to be consumed by a couple of mobile applications. It's important that we're able to trust the identities of these mobile applications. In our current design, each API call is authenticated with an "API Key" parameter and secured with HTTPS. My concern is that the API Key is embedded within each copy of the ...
Every time I try to go to Art School on Home Page and put it the correct username/password I get a server error. Yes this is homework, and yes it is my first time doing anything related to this type of setup so any help would be appreciated. All the various instructions that I found listed this as the correct way so I'm sort of stuck. ...
I am using Visual C# built in feature Settings to save some of my program's options. I also want to store one password, but then it comes public... is it possible to encrypt the password before saving it using this settings method and then decrypt it back? ...
Hello, I'm making a wxpython app that I will compile with the various freezing utility out there to create an executable for multiple platforms. the program will be a map editer for a tile-based game engine in this app I want to provide a scripting system so that advanced users can modify the behavior of the program such as modifying p...
Through COM, one can potentially gain absolute control over a target system. For example: using javascript's ActiveXObject object in IE, one can create certain objects which were designed to have direct access or interaction with system properties and files. One would think common sense dictates users disable ActiveX features in IE imm...