I have an ASP.Net Web Forms application in which I'm using forms-based authentication with Membership and Role providers, which is fine for authenticating and controlling access to directories and/or files. Now I find myself needing to control read, write and delete access on individual entity instances, for example being able to update ...
I'm looking at some code that converts user names to lower case, before storing them. I'm 90% sure this is ok, but are there systems out there that actually require case sensitivity on the user names (specifically in the health industry)? Note: my particular code is not at the point of entry. We are taking user names from other systems...
I have a server written in C# that makes use of impersonation. I would like to know how I can change the security attributes of a file so that any user can delete it. My server impersonates a user and then creates a temporary file. Later on I need to delete the file but at that point, I am no longer impersonating the user that created ...
Security always tends to take the last place in a new project. Or you use a framework like Spring where security is already build-in and can be switched on easily. I try to find an open security framework that can be plugged-in to both Swing and Web applications (and JavaFX?), maybe easy to digest. I looked at plain JAAS, JGuard and JSec...
Under the Java security model it is possible to block most dangerous actions from untrusted classes, but the last time I checked (a few years ago now) it was still possible for untrusted code to perform a denial of service attack by continually allocating memory until the JVM crashes with an OutOfMemoryException. Looking now, I can't see...
I want my application to save the password encrypted in a DB or in a text file. How can I do that assuming that the DB or text file can be open by anyone. Duplicate http://stackoverflow.com/questions/287517/encrypting-hashing-plain-text-passwords-in-database Not duplicate I'm asking for code specific for .NET EDIT: I'm saving the...
Let's say I need to access a web service from an iPhone app. This web service requires clients to digitally sign HTTP requests in order to prove that the app "knows" a shared secret; a client key. The request signature is stored in a HTTP header and the request is simply sent over HTTP (not HTTPS). This key must stay secret at all t...
I have been working to automate some deployment processes using just Nant for the time being. Once the Nant script scripts are fairly stable and proven, I'll be looking to incorporate CruiseControl.net or similar product. With that being said, I ran into a snag today. I have a Nant script that will copy files from a network share th...
I've built and successfully deployed a ClickOnce application. The repository url is at http://mywebsite.com/Install The application successfully updates when needed, and everything works fine. However, I don't like the fact than everybody on the internet can access the files freely (even if he's not one of my customers) Since I have o...
Hi, I need to write a script in python to check a webpage, which is protected by kerberos. Is there any possibility to do this from within python and how? The script is going to be deployed on a linux environment with python 2.4.something installed. dertoni ...
Hi. I have Web Service deployed to JBoss 4.2.2.GA environment and need to consume its methods from .NET application on WindowsCE 5.X. The problem is that I'm not able to consume service's methods when security is turned on (@SecurityDomain("java:/jaas/JBossWS") on class and @RolesAllowed(value={"friend"}) on method declaration. I tried ...
Hello all, for a service facade implemented in .NET, is there a posibility (e.g. a 3rd party library) that can be used to perform some security checking? I mean, a kind of access controll list based checking for every method, based on the roles. Thanks, Lucian ...
it seems there are 2 options when dealing with security permissions for views in mvc: either handle the permissions control logic in the controller and direct the user to the appropriate view... Or implement some form of security-aware HtmlHelper extensions that render (or not) appropriate form fields/data am i missing any other op...
My co-workers and I are having a problem using Firefox 3.0.6 to access a Java 1.6.0___11 web application we're developing. Everything works fine anywhere from 1-30 minutes into the session...but eventually, the connection fails and the following error appears: Secure Connection Failed An error occurred during a connection to 10.x.x.x...
Greetings - I've got an ASP.NET application that is trying to delete a file on a network share. The ASP.NET application's worker process is running under a domain account (confirmed this by looking in TaskManager and by using ShowContexts2.aspx¹). I've been assured by the network admins that the process account is a member of a group t...
I'm building a website that will be an open-source, user-contributed content kind of thing, and I think if developers had access to nightly production SQL dumps, they'd be more likely to check out the code from github and play with it. In line with that idea, I'm considering either: Not collecting private user information at all, usin...
I'm working on a Windows Service that one of its tasks is archiving files on remote machine but I've a problem regarding access privileges in case of Workgroup. ...
As stated in the title, what is the best language for coding hacker tools? For example, brute forcers, vulnerability scanners, and others. ...
Because form_authenticity_token is used to validate requests, is it redundant to use it when you're already checking whether a user is logged in? I.e., is form_authenticity_token really intended only for forms which are available to anyone, as opposed to forms exclusively for logged-in users? ...
Hello, I need to implement a simple and efficient XSS Filter in C++ for CppCMS. I can't use existing high quality filters written in PHP because because it is high performance framework that uses C++. The basic idea is provide a filter that have a while list of HTML tags and a white list of options for these tags. For example. typical H...