We have an embedded device that needs to interact with an enterprise software system. The enterprise system currently uses many different mechanisms for communication between its components: ODBC, RPC, proprietary protocol over TCP/IP, and is moving to .Net-implmented web services. The embedded device runs a flavor of *nix, so we're ...
What's the best practice for setting up a subversion repository on a linux development machine. External users need to be able to access a specific repository, but nothing else on the machine. I know one answer is to set up a dedicated repository, but I'm looking for a single machine solution: location of repositories, accounts, backup...
What are the best practices for implementing temporary transaction password feature for website? For e.g in banking/finance scenarios like - While transfering funds from one account to another, a transaction password is required - While commiting a trade, a transaction password is required - etc. The password should be temporary and ti...
Hi I'm trying to create a SharePoint web part that will display all the users in a certain active directory or SharePoint security group. So for example on the home page for a department called Human Resources, the web part will list all the people who belong to the AD or SharePoint group called HR. It's been suggested to me that ther...
I am writing a web application that works with exchange, and so needs to impersonate an account that has admin rihgts to Exchange. This account is specified by the user on setup. What is the best way to get impersonation to use this account, obviously hard-coding this into the web.config won't work as it needs to be able to change, but ...
I have two strings and I would like to mix the characters from each string into one bigger string, how can I do this in PHP? I can swap chars over but I want something more complicated since it could be guessed. And please don't say md5() is enough and irreversible. :) $string1 = '9cb5jplgvsiedji9mi9o6a8qq1';//session_id() $string2 = '...
I have installed .net 3.5 on a windows 2003 system. I notice that in addition to the latest .net 3.5 level, previous levels of .net such as 1.0 and 2.0 are automatically installed also. These older versions have security issues that I assume are corrected in .net 3.5. Is this correct or do the relevant security patches for these older .n...
I use Django for my website and I want to know whether there is a work around for testing secure pages in Development server. As a temporary workaround, I wont use HTTP to check the webpages in dev server, which I think is not a correct way? What do you think? ...
I'm trying to find out current user name for my sharepoint application. There are more that one way how to do this. However the sharepoint way returns misleading value. System.Security.Principal.WindowsIdentity.GetCurrent().Name // returns MY_COMPUTER\\my_user HttpContext.Current.User.Identity.Name // returns MY_COMPUTER\\my_user Htt...
I was having a discussion with coworkers. We have to implement some security standards. We know not to store 'sensitive, addresses, date of birth' information in hidden fields but is it OK to use hidden fields for your application, in general. For example: action=goback It seems like it would be safer to use hidden fields for that k...
I'm aware of the risks of rolling your own user authentication scripts, but I'm also wary of using packages that don't seem to be actively maintained: the current version of PEAR LiveUser is almost a year old. Please recommend (and argue the case for) an actively-maintained user-authentication library which can be integrated into an exi...
I have an old program written in Actionscript 1, compiled in Flash 6. It loads 10 other modules, of which 3 are written in Actionscript 2, compiled in Flash 8. The original program is embedded into an html and works perfectly when the html file is run on a webserver. But if I just drag the html file to my browser, the 3 AS2 modules will ...
How can I determine if a user, in say Access, is a member of an Active Directory Security Group? I'd rather not build a whole authentication system into my little Access DB. Thanks ...
I'm looking at this from the perspective of the plugin developer not the user of the browser, so I'm interested in what developers think is the ideal interface for plugins to a browser. For example: Plugins can reorder, create and destroy Tabs, Plugins can draw behind and in front of Browser pages etc. I'm particularly concerned about...
An error was discovered processing the <wsse:Security> header This is a WS-Security question btw... I can't see anything wrong with my WS endpoint (apart from the fact that it's running in a TIBCO BW engine!). Does someone have any 'prior' with this kind of error? I realise that the WS-Security Header could be broken anywhere presuma...
Hi, I have an application which makes decisions based on part of URL: if ( isset($this->params['url']['url']) ) { $url = $this->params['url']['url']; $url = explode('/',$url); $id = $this->Provider->getProviderID($url[0]); $this->providerName = $url[0]; //set the provider name return $id; } This happens...
I have been a part of so many web applications but have never used CAS, perhaps have also never felt the need to use the same. When is the need to use CAS? Do people actually use it in their applications? ...
I'm looking at implementing some form of anonymous user system in Rails. I need to let people do things (creating records, looking at what they've created, etc), without actually creating an account. Once they create an account, everything persists without risk of losing it by clearing cookies or something. Right now, I'm thinking it's ...
I have seen some guidance which recommends that you secure a database by layering all data access through stored procedures. I know that for SQL Server, you can secure tables, and even columns against CRUD operations. For example: --// Logged in as 'sa' USE AdventureWorks; GRANT SELECT ON Person.Address(AddressID, AddressLine1) ...
I'm surveying a wide array of web frameworks, and the majority don't mention security as an issue on their websites (eg scriptaculous, jQuery, Prototype, Rico) Does anyone know of any that are more or less secure than the others? (ignoring the usual security holes that using JavaScript provides e.g. XSS) ...