Hello, I want to know how block the acess to futon (_utils) in couchdb for readers, allowing the access only for admins. I need to do this why if a reader user acess the futon he can see the name of all my databases and how many documents there are. My application should let a reader acess an document only if he have the id of them. ...
Hi, I was reading wikipedia, and it says Cryptographic hash functions are a third type of cryptographic algorithm. They take a message of any length as input, and output a short, fixed length hash which can be used in (for example) a digital signature. For good hash functions, an attacker cannot find two messages that p...
I want to encrypt my USB HDD. And i want to do it with open source software. And i want to use only password for decryption. And i want to decrypt it using an Ubuntu 10.04 LiveCD, with no internet-connection. And i don't want solutions using e.g.: DES with 56 bit. At least AES 256 bit please! What is the solution? Thank you! ...
Hi, I am having a problem in understanding the security issues with the following scenario. I have a site that has user registration and they can create events by logging in. If I am logged in as a user and i am in a url like http://abc.com/index.php?page=edit&pageid=45. I am seeing this page after logging in other wise it will show...
first of all, the question from a naive point of view: I've got a WebApplication with a URL to a product like Products?id=123. Let's say I've got an administration page reachable from Products?id=123&editable=true. If I consider that no one will ever try to enable the editable parameter, and thus don't need any further security mechani...
i am running a test server locally that is also broadcasted (for education purposed) on a mac and i ran a software called acunetix (www.acunetix.com) and from another computer and it was able to detect the technologies used on the server. how can i block anything from viewing this information? ...
Playing with windows server 2008 and IIS 7 I encountered a weakness which allows running an executable on the web server. I tried my friends VPS server and it seems working on at least web and enterprise editions. I'm not a hacker and just found it accidentally when I was testing my web application. The question is how can I report it a...
I am fairly new to sessions. I have a classifieds website, and users may chose to "EDIT" their classifieds. All they have to enter is a password which they chose when creating the classified. In the "edit.php" page, if the password is correct, the classified details show up. There is a picture upload tool, which reloads the page but u...
Hello all I have desktop application that using Youtube Player API to stream video to the application but each time The player loads I have the security warning , is there any way to overcome this ? maybe setup simple web server in my application This is the last option for me . ...
I have this regex: var alphaExp = /^[a-zA-ZåäöÅÄÖ\s]+$/; This is for a name-field in a form validation. I need to make it possible to type names like this "Anna-nicole" (note the minus sign). Currently the minus sign causes error. I need to remake this regex so that a minus sign can be included in the name, preferrably make it so ...
I have a picture uplaod tool which reloads the page (which contains a form) whenever a picture is chosen. I have this code to "remember" the drop list options selected, so basically I am creating options using php: $posted_type=$row['9_type']; //From mysql db $types = array('Clothes', 'Bags', 'Others'); $category_table .= "<select nam...
Out of curiosity. I've been thinking about the different access models often seen in *nix and the one seen in windows nt based systems. Is there any command or api to check if a file is readable, executable etc for a user different than the logged in user. For instance something like: http://www.php.net/manual/en/function.is-executable...
How can protecting my server from malicious activity when accepting and executing uploaded, untrusted code? The users should be able to implement my interface and given data, perform some calculations and return data. No I/O operations are required and certainly no thread/process manipulation or other tomfoolery. Using the java.policy ...
I need to load YouTube video with the YouTube API in desktop application Im using Qwebkit. But when I load the html code that links to the YouTube player im getting the security warring How does application that are desktop can overcome this? For example : Miro,SongBird ...
I just explained packet sniffing, ARP injection, and session hijacking to my non-CS roommate using analogies and a simple language, and he completely understood it. He thinks it's really interesting (and pretty straightforward at its core), and he wants to learn more. What books / material can I refer him to that explains these sorts o...
hi, What do we mean by secure Linux distribution and securing Linux kernel? Abdul Khaliq ...
I have this regexp: var desExp = /^\s*([\wåäö][^\w]*){3}.*$/gm; This is for validating a textarea. Currently, you cant use the three Swedish language letters in the beginning. The letters are å, ä, ö, Å, Ä, Ö. Also, I would like it to allow the minus sign and the star (multiplication) sign: - and * Is there any remake to allow ...
Consider the following implementation of Web app and Client - that uses Spring/Hibernate for the web app. The Application container is Tomcat Web App 1 (Primary) Web App 2 Web App 3 Web App 1, 2 and 3 expose services that talk JSON The Client is a normal browser, say there are 3 clients Client 1 Client 2 Client 3 The requirement of ...
I am building a Windows (Service) application that, in short, consists of a "bootstrapper" and an "engine" (an object loaded by the bootstrapper, which transfers control to it, and then performs the actual tasks of the application). The bootstrapper is a very basic startup routine that has few features that are likely to change. But the ...
I've been developing a multi-tier application using the following: ASP.Net - UI Layer WS - Business Service Layer WS - Data Service Layer SQL - Database Layer Is the security the responsibility of the Architects, Developers or Infrastructure? More specifically the security from layer to layer. I guess the answer will be all of the ...