Hey, Me and several other people all have FTP access to the same folder. We're working on a website together but I don't want to give the other coders complete access to my site. I only want them to be able to create files and edit their own files that they create. For example I want to give everyone access to public_html/pages but th...
Possible Duplicate: What's the shebang (#!) in Facebook and new Twitter URLs for? #! What does it mean in a URL ? I found it in facebook & twitter url ! http://www.facebook.com/#!/ http://www.facebook.com/#!/?sk=messages http://www.facebook.com/#!/?sk=ff&ap=1 http://twitter.com/#!/messages http://twitter.com/#!/BillGates...
There is the following design: the back-end implemented as WCF, the public front site and two intranet sites (all three talking to the back-end). I believe that authentication on the sites is not enough (i.e. passing ClientID to WCF in each request as a parameter) and i want to protect my back-end (WCF) with authentication to perform dou...
This question is similar to Exploitable PHP Functions. Tainted data comes from the user, or more specifically an attacker. When a tainted variable reaches a sink function, then you have a vulnerability. For instance a function that executes a sql query is a sink, and GET/POST variables are sources of taint. What are all of the si...
I am doing a internet cafe sweepstakes slot game in vb.net. I want to show the objects based on the payout and the prize money for paylines in the slot game. I tried using MT algorithem but it basically random number based. the final output should not be radom. Inputs Points Ex. 18 or 50 (2 entries) 9 or 25 (1 Entry) prize (from datab...
I was trying to go to http://lustiges-taschenbuch.de which is a valid comic book site. I mistyped the address as http://lustigestaschenbuch.de and was surprised to see my own apache localhost directory (!). This happens on two computers in Windows 7. I checked my c:\windows\system32\drivers\etc\hosts file but it has nothing listed. I...
I have a database that will be holding sensitive data, so it should be encrypted in the database. Basically the sensitive data are credentials to another web site. So I want to encrypt them with the users password + salt. To decrypt the credentials one would need the password. I see two ways: On login, I could decrypt the credentials...
Here's my scenario - I have the credentials for a couple of websites that need username and password to login. I would like to programmatically do this but just don't where to strrt. For example, say the website is www.mywebsite.com and the the U: UserID and P: admin. I am thinking something like this (this is of course pseudo-code)...
I have a user on website A and I need to log him to website B (not under my control) but without jeopardizing his password on website B. Website B doesn't have an API which is what's making this more complicated than should be. My first option is to render my own form on website A, user enters his website B password into my form, and I...
Until the recent Bond movies James preferred British made gadgets. The classic for me is from "You Only Live Twice", as there is real British gyro-copter nicknamed Little Nellie which (in the movie) shipped in 4 suitcases. In the action scenes Little Nellie took on several helicopters. This nifty British made gadget got me wondering ...
This is a walkthrough on how to make a user login on prestashop without passing through the login screen. This is helpful if you do not want the user to login again like when you want to transfer his session from one website to prestashop. Step 1 Eliminate the need for password salting. Under config/settings.inc.php, set _COOKIE_KEY_ t...
I have a classifieds webbsite, and users have the option to change / remove their classifieds. I am working on a "edit.php" page where all this can be done. Basically it is setup like this when you click on "edit/remove classified": A new page appears, with a form, where user may chose from "REMOVE" and "CHANGE" through radios. The us...
i am trying to demo metasploit on my Ipod Touch.i have jailbreaked the ipod and downloaded metasploit from cydia.but now i dont know which commands to run so as to demonstrate exploits. i have basic knowledge about linux commands.Please help me on how to go ahead and complete the demo ...
Hi all, i'm running a niche website for a very conservative group and one request they have is that we need to make it as difficult as possible for users to save images of other users. i know there is no way to satisfy this requirement 100% but at least i can make it difficult for people to save images off the site. The only thing i've ...
We have an API that will be only used by our new website for now. I would like to get an input how what stackoverflowers think about the security in place for this api. 1)SSL protected 2)When logging in, the user's "IP" is sent as well as user and password. The API is then attached to the session and the session token is sent back. Whe...
From http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php I got: SQL injection refers to the act of someone inserting a MySQL statement to be run on your database without your knowledge. Injection usually occurs when you ask a user for input, like their name, and instead of a name they give you a MySQL statement...
Is it safe to store a password in a sessions variable? For example, usage would be in a form which is submitted to itself. For example a change classifieds page, where users first enter a password, and then if pass=ok, show the form to change the classified. All on same php-page. But Whenever a picture is uploaded in the "change" part...
Possible Duplicate: Store password is ok in php Session variable? I have a "change classifieds" section where users may change their classified information, pics etc. Each classified has a password, which the user must enter before being able to change. The problem occurs when the PHP-page gets submitted to SELF, for example...
I'm having a lot of trouble finding information about securing remote functions on Coldfusion CFCs for AJAX calls. Lets say you're retrieving sensitive information for a user after the user logs in to the site via an AJAX call. You call something like this: https://www.mySite.com/pathToCFC/MyCFC.cfc?method=getBankInfo&userID=2343 ...
Hello, I have an application running on remote systems. The remote systems are an embedded computer built into a kiosk. As a result, they are somewhat "untrusted," in that the physical security for them is rather lax. However, these kiosks can be credit card processing, etc. via a WCF service to my server. Using machine certificates, e...