I'm looking to put together the simplest online software purchasing system that could possibly work. My plan is to allow website visitors to download the software freely from my site. The software will contain a 30 day expiry trial period, this can be removed by entering a product key. (I know this will not stop determined hacker...
As a response to the recent Twitter hijackings and Jeff's post on Dictionary Attacks, what is the best way to secure your website against brute force login attacks? Jeff's post suggests putting in an increasing delay for each attempted login, and a suggestion in the comments is to add a captcha after the 2nd failed attempt. Both these ...
Hi All, this isn't asp.net specific, some of these apps are WinForms, also will be adding some Wpf and possibly some silverlight apps in the future. I’ve a requirement to put role & permissions based access security into a new app we’re developing here. The .net RoleProviders in general, and SqlRoleProvider in particular seem to have e...
Hello, I try to encrypt simple text with RSA algorithm. I have a problem with my code. RSA *_RSA ; unsigned char text[2560] = "A"; unsigned char sectext[2560]; unsigned char decrypttext[2560]; int i = 0; _RSA = RSA_generate_key ( 1024, 65537, NULL, NULL ); i = RSA_public_encrypt ( 1, text, sectext, _RSA, RSA_PKCS1_OAEP_PA...
We are developing an application for a banking client which includes transactions and the site should be very secure. The business process is finalized. Then we decide on the technology. We suggested .NET 3.5 framework with C#. The client replied for security reasons and ease of use we are going to Java. Also many of the banking sites ...
My Controller class is decorated with an AuthorizeAttribute to protect the actions: [Authorize(Roles = "User Level 2")] public class BuyController : Controller { ... } Anytime an action is invoked but the user is not in at least the role "User Level 2" he is automatically redirected to the login page with a url like this: http://...
Hi folks, I'm currently setting up a commercial SFTP server and I'm just looking for some of your opinions on the set-up I'm currently thinking of implementing, as well as a recommendation as to what commercial Secure FTP server software would be best to suit. Bear in mind that the data i'm responsible for is highly sensitive so any com...
It seems to me that any interception of this could provide instant trouble because anyone could just send any HTML/script back to the client. The only reason I'm interested in doing this is because of the huge pain it is for front-end developers every time there's a DOM structure/CSS change so you now have to go figure out where in the ...
You've all encountered the various websites that force you to have a password that is 6 characters long, must have 1 number, and must rhyme with 'annoying.' Obviously there are legacy reasons why sometimes this is necessary but other times it's all for security. I find that it's rather annoying because I have a standard set of passwords...
I'm working with a start-up, mostly doing system administration and I've come across a some security issues that I'm not really comfortable with. I want to judge whether my expectations are accurate, so I'm looking for some insight into what others have done in this situation, and what risks/problems came up. In particular, how critical ...
My application has a plug-in model that allows third-party developers to write assemblies that will execute in the main application. Up until now, the practical use has been to allow only trusted developers to provide add-ins. I'd like to expose the framework to untrusted developers. To do that, I'd like to restrict the assemblies to in...
I have stumbled in this phrase in the web: "C# is probably not the best choice for a system-level application like this. I believe plain C++ is much better here as you will need to do lots of low-level API calls." I was searching about security programs made using c#, like firewal, parental control, anti-virus, anti-spyware, etc. So, ...
For an ASP.NET C# application, we will need to restrict access based on IP address. Edit: I liked @Mitch Wheat's answer. Will use this in our implementation. Thanks. ...
what are the benefits of using HTTP authentication with PHP (HTTP 401 headers) instead of using a normal form submit authentication?? ...
I am creating a program that needs to store the user's data in encrypted form. The user enters a password before encryption and is required to supply the password again to retrieve the data. Decryption takes a while if there is a lot of data. Now, I want to check that the user has entered the correct password before doing the decryption...
Hi, Do Pagemethods and Json have security risks?(I dont use cookies).Forexample i have a pagemethod and i am sending user id as a parameter but i dont want to show it to user.Can user get user id from pagemethod? ...
I've thought about this too much now with no obviously correct solution. It might be a real wood-for-the-trees situation, so I need stackoverflow's help. I'm trying to enforce database filtering on a regional basis. My system has various users and each one is assigned to a regional office. I only want users to be able to see data tha...
I am developing an application where the security requirements for data transferred and access are fairly high. As I understand, Windows authentication is the preferred method for TCP over an intranet. How do you deal with situations where Domains are not used and only simple workgroups are available? (Some customers will not be using d...
I'm using ASP.NET MVC Framwork and trying to grok the ASP Membership 3.5 stuff. What is the best way to add the first administrator user without having to log in? I've been staring at the membership starter kit's source without finding it. ...
I want to protect my database.yml file by keeping it out of version control. Thus, I have two tasks in my Capistrano deploy recipe: task :copy_db_config do # copy local config file if it exists and is more # recent than the remote one end task :symlink_db_config do run "ln -nfs #{shared_path}/config/database.yml #{release_path}/...