What is the best function to run my strings through to ensure that MySQL injection is impossible? Also, will it require running it through another function on the way out to make it display correctly? See also Are Parameters really enough to prevent Sql injections? C# Parameterized Query MySQL with in clause Can I protect aga...
A workstation is scanning ports in the LAN; however virus scan have not picked anything up (McAffee, Sophos, MS). Is the only option to clean the hard drive? Are there any new malware of this description that have not yet been picked-up for scanning by the anti-virus software vendors. ...
I've been analyzing my next project and writing up requirements, one of the things I'd like to do involves me communicating over 64 serial ports (16 ports x 4 windows pc's) The best was I can think to do this is a master/slave application model where the master application is controlled by an operator and the slaves simply execute comma...
Is there a way to get URI based access control directly in IIS that works with static content, ASP, WCF services and anything else that comes in looking something like an HTTP request? Particularly I want the access control to be a bullet proof as possible preferably making the decision before IIS even tries to figure out what to servi...
A company I know is in discussions to firm up its password security policy across all its web application products. Right now they are sending username / password authentication in POST forms over HTTP, and thus, they are being sent plaintext. The simplest solution to the problem is simply to require HTTPS for logon across all our appl...
I'm currently reading for the mcts exam and struggle a little with the chapters on security. How common is it to use the CAS-features? For what kind of application is it used? I can't say that I have missed the opportunities this system provides when developing native applications. Is this kind of security more important for managed app...
We are doing a security evaluation. There is a chance that a malicious user can inject arbitrary css into another user's web pages, although we are not sure it can actually be exploited. I understand he could totally change the page look, even causing nothing to be displayed at all. Is that all? What is the worst that could happen? Can...
Our build script creates a HTML log with some embedded javascript. When I open that in Internet Explorer, I get the yellow warning bar that IE has blocked running "scripts or activex controls". Since it is a local file, I cannot add it to trusted sites (IE expects a domain here). I do not want to change security settings for the defau...
1) i have several users who have different KPIs 2) i am developing the performance management app in performancepoint planning. 3) i DONT want to create multiple scorecards for each user as this could run into a lot of reports.. 4) i want to direct all the users to ONE scorecard but it will only show them the relevant KPIs 5) how can i s...
I'm modifying my WCF API to include a new service that should be exposed to internal IP addresses only. All of the services in my API are available in SOAP, POX and JSON. What I'm looking for is a behavior or something that allows me to implement a simple IP address filter, to process requests from internal IP's and deny everything els...
My internet sites are at the folder public_html I noted that www/ seems to have a symbolic link to public_html. I do not know why we need the www/ -folder, when we have public_html. Perhaps, it is a security reason. Perhaps, the name of the folder where websites are should be hidden. Why does www/ -folder point to the folder publ...
I have a Joomla site www.siteA.com and another Joomla site www.siteA.com/siteB. I have a .htaccess -file at siteA, but not at siteB. Is it a security risk not to have a .htaccess -file at siteB? ...
It is pretty standard practice now for desktop applications to be self-updating. On the Mac, every non-Apple program that uses Sparkle in my book is an instant win. For Windows developers, this has already been discussed at length. I have not yet found information on self-updating web applications, and I hope you can help. I am building...
Hi all, Im actually new to using this function.. and was using preg_replace and addslashes previous to finding it. I'm mostly curious, because Im about to go through, and tighten security in the posting areas in my first large app, and wanted to know the best instances where this function is effective, and highly recommended. I've seen ...
I have a web service that is outward-facing, however I need to generate a verification system to ensure that a request came from a valid client. Let's say the original web service is defined as follows: [OperationContract] public void Service.RequestMethod (string clientId, int reqNumber, string reqText) { // do stuff with the ...
Hi StackOverflow, My friend and I were arguing whether having Certified Ethical Hacker certification (CEH) is useful for a developer. It would be interesting to know the opinions that StackOveflow users have on this topic. Here is our question: Would obtaining CEH makes a difference for a developer (a recent university graduate) when ...
We have a heavy Ajax dependent application. What are the good ways of making it sure that the request to server side scripts are not coming through standalone programs and are through an actual user sitting on a browser ...
I need to filter out characters like /?-^%{}[];$=*`#|&@'\"<>()+,\. I need replace this with empty string if it is there in the query string. Please help me out. I am using this in ASP pages. ...
Working in an asp.net 2.0 (VB) environment, I already have code that can generate an excel file from a database for a particular "user" of the website. I want to be able to launch this report generator on demand, and then after the file has been generated, allow the user to download this file. How can I do this securely, and not just ...
Im currently trying to secure my classic ASP application from XSS. I came across the AntiXSS from MS on the net and i was wondering if this would work with a classic application? If not do you have any ideas how i could go about sanatizing the strings? Any help at all would be brilliant. Thanks ...