I have already created a user database file using Apache's htpasswd command. This file is now used by several other application like apache and subversion. Users in are created like this: htpasswd /path/to/users.htpasswd peter This user file is global, not per directory. How I can make Tomcat 6 use this same file as a security real...
We've been discussing about a client-only solution in javascript that provides means for a site visitor to annotate a page for printing and it's exploitability in terms of XSS or similar attack vector. Rationale: There's a potentially long process choosing what data to display. In order to document the steps taken, a textarea (without ...
I currently have a roll-your-own application security service that runs in my enterprise and is - for the most part - meeting business needs. The issue that I currently face is that the service has traditionally (naively) relied on the user's source IP remaining constant as a hedge against session hijacking - the web applications in the...
Hi I have created a jar file to load a native library ( using System.loadlibrary() ) and configured this as a shared library within WebSphere ( v6.1 ). The server has to run with Java 2 enabled ( it's the law ... ) When I try to access the library I can see that the correct classes are being loaded from my jar file, but the attempt to ...
Has anybody gotten any type of security to work with WCF on Azure that would be compatible with Silverlight? I have already tried transport security on basic http binding, but it does not work. ...
I would like to programmatically login another windows user in interactive mode. I've created new Windows user account and would like to switch system to that account without of user interaction. Could you please point me to some API commands or MSDN pages? Thanks ...
I have a dynamic data ASP.NET application with a requirement to give some users tables X, Y, and Z and others only X and Z. All 3 of these tables are using the standard ListDetails page templates, and we really want to avoid creating custom pages for x, y, and z. What is the best way to handle this security? All of our permissions are...
I want to write a PHP application that is going to do some checks first, to ensure an optimal and secure environment. I'm sure I alone can not think of everything, so what am I missing? Ensure MySQL username/password can SELECT, INSERT etc Update PHP timezone Check for register_globals and warn if enabled Ensure /install is deleted If ...
I have been Coding in C# for about 3/5 Years in School. the problem is that i want to learn how you code such things as Keylogger and things like that. in School it most Problem Solving to learn us to think like programmers. so how shall i learn to code Network/Security tools. Shall i buy a book about Network programming in C#? Or do ...
Hi, I'm building a streaming video site. The idea is that the customers should pay for a membership, login to the system, and be able to view the videos. I'm going with FlowPlayer for showing the actual videos. The problem now is, the videos need to be stored somewhere publically and the url to the .flv files needs to be passed to flo...
I'd like to generate a secure one-click-access type of url similar to the examples below. I'll be using PHP but that is irrelevant as I'm just looking to understand the underlying concept. Some answers suggest using a GUID, but I don't think that will give me an absolutely unique, secure URL like below. # Google Calendar 3qq6jlu04ptl...
I am trying to debug a WCF service. This client has been able to connect in the past, but now I cannot connect. The service is deployed to a server. I can hit the server's service page with the browser and I see the instructions for generating a client. I re-generated the client proxy and configuration file using svcutil. The client sta...
Can someone explain SQL injection? How does it cause vulnerabilities? Where exactly is the point where SQL is injected? Duplicate http://stackoverflow.com/questions/332365/xkcd-sql-injection-please-explain Too many to list (Google link) ...
I have tried to make backup cron job on my webserver running FreeBSD. Currently it looks something like this: /usr/local/bin/mysqldump --opt --single-transaction --comments --dump-date --no-autocommit --all-databases --result-file=/var/backups/mysql/all.sql It works fine when I run it as root (since root has a .my.cnf with the use...
I have an upload form created in php on my website where people are able to upload a zip file. The zip file is then extracted and all file locations are added to a database. The upload form is for people to upload pictures only, obviously, with the files being inside the zip folder i cant check what files are being uploaded untill the fi...
Dear All, I am using Jboss application server. I have implemented the whole website on ssl (https), the site is working fine on internet explorer browser but the site displays the below information on Mozilla/Konqueror browser but only on a particular page. Security Warning : Although this page is encrypted, the information you hav ene...
I have a C# web application on .net 2.0 being hosted on server A. The web application allows users to upload files using <input id="File1" name="filMyFile" type="file" runat="server" /> to server A. This all works just fine. I am now being asked to modify the web application to allow pages being served by A to allow uploading directly...
What is the best way to implement security using active directory roles on an asp.net dynamic data site? I would like to restrict certain views (and the related links) to certain roles. i.e. user A can only view list actions for table x and user B can only view list actions for table y ...
Hi im thinking about developing a sort of File Transfer program and was wondering if i want as good encryption that i can get what should i use? ill be developing this with c# so i got access to the .net lib :P having a certificate with me on my usb to access the server is no problem if that would increase the security! ...
Im using jQuery validate plugin and every form has multiple validation levels. level is by validate plugin level is: data is submitted to site I get a reply if everything is ok -> JS redirects to url if there is an error, it shows warnings Now I wonder, is it safe to send login info via ajax? I know that with addons like firebug,...