I'm building a small web based management app. Within it I need to connect to different servers using different accounts via wmi. What I want is to tell my app: you are now run by user1, do this and this. And then I want to tell it: now you are user2, do this and this. I guess, I'm not all that clear with my question, I'll refactor it....
At the moment, I apply a 'throw everything at the wall and see what sticks' method of stopping the aforementioned issues. Below is the function I have cobbled together: function madSafety($string) { $string = mysql_real_escape_string($string); $string = stripslashes($string); $string = strip_tags($string); return $string; } However,...
Sorry, really newbie question, but if I was to create an ASP.NET website application, such as a calendar of events linked to a database - would the user interacting with this Calendar be using Active X? Don't really know how to put that question any other way. Reason I ask is that my works system blocks Active X controls and therefore t...
Hi, What measures can you take to 'hide' a WCF service from the public? i.e. even if they know the URL, you don't expose the methods etc. ...
The production change implementers for our IT group have been tasked with reviewing the security for all of the various objects in our group, primarily to make sure that people who have left our employ or have transferred to other groups no longer have access to our server shares, web directories, sql databases, etc etc. We recently comp...
(This is in principal a language-agnostic question, though in my case I am using ASP.NET 3.5) I am using the standard ASP.NET login control and would like to implement the following failed login attempt throttling logic. Handle the OnLoginError event and maintain, in Session, a count of failed login attempts When this count gets to [s...
Hi I am using the SharePoint namespace to pull items from various lists throughout the site. My web part works, but only on my account. When I try it on another account it gives me "Error: Access Denied" for the page. I have taken all web parts out and have only this web part on the page. When I remove the following lines the page lo...
I have two different sets of image files that reside in the root images directory of two different web sites on two different web servers. For arguments sake, let's say the first web server is called web1 and has a primary ip address of 111.111.111.111 and the second web server is called web2 and has a primary ip address of 111.111.111.1...
I currently work on a Java web application that has relies on a permissions mechanism to manage user content. This of course means that we need to manage users. Our current user management system is an in house system that manage info about users, groups, and user and permissions in an RDBMS. The system works but is a hassle to maintain....
When music is publicly streamed on a website, most of the time they are just linking .mp3 files. Although that doesn't stop anyone from downloading it. How would you prevent this? I had a few ideas: To have the music be in say directory, /tmp/name.mp3 but have it stream through /music/name.mp3. Use a header to check and see if there ...
The site I'm working on is mid-sized, 3 developers, a few thousand users, and is very critical to the small business running it. So what I'm getting at is, this is not a Fortune 500 company, but is a serious enterprise needing to implement role-based security in a time/budget efficent way that is still pretty simple to use and has a hig...
I'm planning to add some vote up/vote down buttons to a website I run. This seems easy enough but I want to stop people voting multiple times. One solution would be to make them register before allowing them to vote but I'd prefer not to have to force them to register. Is there are a reasonably straightforward way of doing this? Checki...
I have a site i am working on that i would like to display only to a few others for now. Is there anything wrong with setting up windows user names and using windows auth to prompt the user before getting into the development site? ...
When I was a Windows user, I received many times the Virus page in Google. I thought things change in Mac. I received today my first Virus page in Google. I am flabbergasted. The experience raises a question: How can Google know that there is a virus? How does such a "virus" act? How does it determine to send the Virus page? ...
Hello We have a website that emails the contents of a contact form to our client. We would like to change this to make it a bit more secure (sensitive data can be sent over the contact form), we have encrypted the page with an SSL certificate so the only weak link we have at the moment is the email. We already have an SSH connection se...
I recently installed a secure certificate for a web site I help maintain. When I'm at work and on the network where the webs server is I can navigate to secure pages (https) fine. When I try to access the same pages from outside the network (like from home) I get an error. Here is an example page from my web site: https://www.acpe.org/My...
There are a few questions (C#, Java) that cover how one might implement automatic updates. It appears initially easy to provide automatic updates, and there are seemingly no good reasons not to provide automatic updates for most software. However, none appear to cover the security aspects of automatic updates. How safe are automatic ...
We have a locally-developed triple store based on b-trees which I want to use for persistent storage in a number of servlet applications. Rather than embed the b-tree index files in the servlet .war, I would like to store them at a known location and have the servlets access them directly. This all works in Jetty, but raises a security e...
Obviously some sort of mechanism for limiting login attempts is a security requisite. While I like the concept of an exponentially increasing time between attempts, what I'm not sure of storing the information. I'm also interested in alternative solutions, preferrably not including captchas. I'm guessing a cookie wouldn't work due to ...
Hi all, our product is built on a client-server architecture, with the server implemented in Java (we are using POJO's with Spring framework). We have two API levels on the server: the external API, which uses REST web services - useful for external clients and integrations with other servers. the internal API, which uses pure Java cl...