Is it better to extend my business database with the tables of the ASP.NET Membership Security model. Or should I have a different datastore where I only manage Identities and Roles... Basically 1 or 2 databases? ...
Hi , I have an application which embeds a xulrunner based browser. I have to load some flash content in it which talks to some javascripts to update the browser title. The flash content works fine when launched from Firefox but not inside my app. I tried a sample html file which has some javascripts and they work fine. It even work...
I'm developing a application that needs storing secrets in a database. I need a portable database (like Firebird, Sqlite, etc) where the data will be stored encrypted or password protected or both... Let's take as example that I want create a password manager. I will need store that passwords in a database. I'm accustomed to use Embed ...
In my last question "Portable database for storing secrets" the best answer until now tell to use sqlite-crypt. Reading sqlite-crypt docs, the new param for open the database is the pass-phrase. Of course, I don't want hardcode the password, so I was thinking what the best, simple and fast method to store that password? ...
I have this java swing application that I intend to sell over the internet. At the moment I'm leaning towards deploying the application using java webstart. The product will be licensed for the user to use the program on one computer at a time only. I am concerned about piracy with this model. I would like to install some security fe...
We have a web service that we will be hosting on a public web server and it will be contacted by web services hosted on web servers within the walls of a hospital. We have written both pieces of the software so we have complete control over what is implemented. We would like to secure communications between the two web servers. Curren...
Background: I'm rewriting a VB6 app that used MS Access for data storage to one that uses VB.NET and MS SQL Server. I'm curious as to the best way to pass a connection among the different forms in my application that need a connection to the database. Right now I've built a class to manage the connection string to pass that between f...
I would like to set up a web application on my company's Linux box for enabling secure file exchange with our customers. I'm looking for an open source application, preferably with a large user base, that supports these features: works over HTTPS (so SFTP or other similar solutions are out of the question) allows users to upload files ...
I'm wondering what techniques you use to store the database credentials for your application. I'm specifically concerned with java webapps, but I don't think there's any need to limit the questions to that. things to consider: Do you use property files,xml configs, other? Is it bundled into your application(ie in a jar file) or store...
I'm not sure if it will bring anything beyond saving on traffic through the removal of long-worded names, but I would definitely want to hide my system of namings, declarations and their organization. The thing is that manual Find&Replace is going to take a very long time, and each slight modification could probably require the process ...
I created a custom Membership provider (Membership ToolKit) and added methods like: public MembershipUserCollection GetAllUsers(string applicationName, int pageIndex, int pageSize, out int totalRecords) { // Returns MembershipUserCollection } Methods like these help in managing the entire Membership data storage for all applicati...
I have a Silverlight control on a web page and would like to pass the username and the hashed password to this control as part of the InitParams. What are the security concerns with doing this? The user has to log in to get to this page. However, I'm guessing that the browser might cache the page with the Silverlight control and this w...
In the DynamicsSecurityConsole (for administering the Dynamics Web Services), I'm having an issue trying to add users to new Role Assignments. Though my windows user is part of the Security Administrators defined at the top of the tree, I get an error trying to do anything with users, groups or roles. Each time I get an error message tha...
JSON allows you to retrieve data in multiple formats from an AJAX call. For example: $.get(sourceUrl, data, callBack, 'json'); could be used to get and parse JSON code from sourceUrl. JSON is the simply JavaScript code used to describe data. This could be evaled by a JavaScript interpreter to get a data structure back. It's genera...
I don't know if jssh has any security built-in. While testing web apps, I would only like to be able to connect to jssh from localhost. I added the following lines to iptables : iptables -A INPUT -p tcp -s 0/0 --dport 9997 -j LOG iptables -A INPUT -p tcp -s 0/0 --dport 9997 -j DROP will they provide the security I need? EDIT : this ...
We've developed a bespoke ASP.NET application for use on our customer's intranet. It appears they're unlikely to pay for it, so our boss would like us to introduce a time bomb. [Edit:] Technical responses only please! Whether this is a good (or legal) idea is a question for CEOoverflow.com ;-) All pages in the application inherit from...
What are the pros and cons of using your databases primary key as a URL identifier? As an example, http://localhost/post/view/13 - 13 being my primary key for my posts table. Some sites like reddit use what I assume is a unique id that is not the primary key but still unique to help identify the link: http://www.reddit.com/r/funny/com...
Down at that to bottom of this essay is a comment about a spooky way to beat passwords. Scan the entire HDD of a user including dead space, swap space etc, and just try everything that looks like it might be a password. The question: part 1, are there any tools around (A live CD for instance) that will scan an unmounted file system and ...
It seems Suhosin patches and extends the PHP core as a means to protect users from flaws in the core. It also seems some smart people are using this system. Since it appears to be a good thing, I'm curious as to why its not part of the PHP core to begin with. Anybody know? Update: Apparently some distributions of Linux also package PHP ...
As per question, is it safe to store passwords on php pages such as $password = 'pa$$w0rd'; If the users can't see it, it's safe, right? EDIT: Some people actually suggested using hash, however, there would be a problem with database server connection password, wouldn't it? ...