I need to access a third party application that requires a JKS Certificate (which I have). My client application is an ASP.NET one. How do I go about this? (I would have liked to provide more information, but unfortunately I have none!) ...
I have a PHP page that needs to make a call to a external web service. This Web service call takes a bunch of sensitive data from a html form on the PHP page, e.g. SSN, and returns info related to that person. The problem is that the web service call should be made as soon as the customer fills in the SSN field and the field loses focus...
I'm doing a web application that utilizes an external web service. This external web service requires me to sign each of my requests. So I'm using WebServicesClientProtocol class and .NET 2.0 by first consuming the external web service and then manually edit the Reference.cs file and change the extended class from System.Web.Services.Pro...
I am using the Process class in my application, right at the beginning of the static Main method. I am using the Process class to know if another instance of my application is currently running. If my application is already running, I will exit. i am not looking for a way of change this, this has been working for years But recently thi...
I must be missing something... So I am in the process of figuring out the best way of encrypting the database connection string and sql session state connection info in web.config. I quickly find a walk through on msdn explaining using protected configuration to encrypt parts of the web.config: MSDN walkthrough on using Protected Config...
I am designing an API, and I'd like to ask a few questions about how best to secure access to the data. Suppose the API is allowing access to artists. Artists have albums, that have songs. The users of the API have access to a subset of all the artists. If a user calls the API asking for some artist, it is easy to check if the user is ...
I'm using SqlMembershipProvider and trying to get information about users using the GetAllUsers's method of the System.Web.Security namespace, but it doesn't retrieve any online user. I'm logged into the application, but my user appeared as offline too. Why could this happen? ...
Could someone point me in right direction for where an example of setting up WCF on IIS using just HTTP and POST (so that Flash can call the service) I was hoping this could be a solution: client calls my ASPX page which has MembershipProvider. Flash game is on the ASPX page and any calls to my WCF IIS service from the Flash game also p...
I've been doing a lot of studying and work recently related to WCF, web services and distributed computing in general, but most of the security concepts go over my head. Transport security, message security, encryption, certificates, etc. I understand the basics of symmetric and asymmetric encryption, but I don't really understand the re...
I would like to improve security on a current application regarding session management and I want the users to be logged in until they explicitly logout. How does one implement that securely? Keep session information in database, like sessionid, ip, useragent? Please provide the requirements, possibly a database layout, do's and don't...
I am building a server application that will maintain connections to other applications by initiating TCP connections out through a firewall that is only open for outbound traffic to the relevant IP's ports that the application will connect to. What is the risk of someone having taken over the machine(s) we connect to being able to expl...
Could someone please point me to a good beginner guide on safely running SQL queries formed partly from user input? I'm using Java, but a language neutral guide is fine too. The desired behaviour is that if someone types into the GUI something like very nice;) DROP TABLE FOO; The database should treat it as a literal string and sto...
If a user logs into the site, and says 'remember me', we get the unique identifier for the user, encrypt this with RijndaelManaged with a keysize of 256 and place this in a httponly cookie with a set expiration of say.. 120 days, the expiration is refreshed each successful request to the server. Optionally we generate the initialization...
Hi guys, my proble is to avoid that users upload some malicious file on my web-server. Im working on linux environment (debian). Actually the uploads are handled via php by this code: function checkFile($nomeFile, $myExt = false){ if($myExt != false){ $goodExt = "_$myExt"."_"; }else{ $goodExt = "_.jpg_.bmp_.zip_.pdf_.gif_.doc_.xls_.csv...
Here's the situaiton. I'm working on developing a new website to access an old database. This is a DoD installation so there's lots of security around. The current application is written in classic ASP, VBScript and some javascript. The new systems is ASP.NET. Accessing the database in the old system meant hitting the server with yo...
This flickr blog post discusses the thought behind their latest improvements to the people selector autocomplete. One problem they had to overcome was how to parse and otherwise handle so much data (i.e., all your contacts) client-side. They tried getting XML and JSON via AJAX, but found it too slow. They then had this to say about load...
I have an asp.net (dynamic data) website set up as an application in a subdirectory of another site. This site requires different security settings from the top level site. Something like: <authorization> <allow roles="ADMIN"/> <deny users="*"/> </authorization> These settings are ignored in the sub site. However...
Basically I'm trying to open a URL in my .NET application. This can be achieved easily by doing : Process.Start("http://www.google.com") However in my case the URL can be controlled by external users, therefore I don't want them to execute commands in the system by injecting meta characters etc. So safe way would be : Read registr...
Anyone have information on hardening/configuring TFS for secure environments? ...
I just wrote one of my first web applications (Linux, Apache, MySQL, Django), and would like to launch it publicly. It's a webform-based task disguised as a game; I intend to eventually put it on Amazon Mechanical Turk and give small bonuses to people who achieve certain scores. Even though this app does not have a tremendously high sec...