The idea is to produce utility class , so that whenever the guys hack the best currently known algorithms and new one comes to the market the only think that the Developer would have to do is to add the NewHighTechEncryptingAlgorithm_Encryptor class and change a global application setting for NewHighTechEncryptingAlgorithm_As_String so ...
I have an MVC controller base class on which I applied the Authorize attribute since I want almost all of the controllers (and their actions along) to be authorized. However I need to have a controller and an action of another controller unauthorized. I wanted to be able to decorate them with the [Authorize(false)] or something but thi...
What is the easiest and most elegant way to log into a fluxbox session automatically (with no action necessary, no keypress or anything) on system startup as a certain user. [Edit 2] Not even a shell login should be necessary for the user, always the preset user should be logged in graphically. [/Edit 2] There are some setups where this...
How do I create a MS SQL server user that only allowed to read certain views of a particular database? ...
I am supplying the correct password Set objExcel = CreateObject("Excel.Application") Set objWorkbook = objExcel.Workbooks.Open("H:\M\X\C.xls", 0, , , "password") 'any of these lines cause the error mentioned Set vbcomp = objWorkbook.VBProject.VBComponents(modname) objWorkbook.VBProject.VBComponents.Remove vbcomp objWorkbook.VBProject...
I'm investigating encryption algorithms - can someone give me a quick rundown of the differences between Rijndael and AES? ...
I'm in the process of building a test plan for validating the security of our Flex/J2EE application. I believe we have some issues with trusting the Flex application too much, but I need to be able to quantify those issues. The ideal way would be a way to show me making data service calls outside of the application. Are there tools or i...
I need to store passwords in NSString objects; however, I would like some way to obfuscate them, so they cannot be read directly from memory. This is a Mac OS X (10.5) application, but a solution that also works on iPhone would be much appreciated. ...
Do you guys know fine tutorials, sample codes for SSL socket programming with Jetty? I am going to implement some secured applications with Jetty.. :) ...
The organisation for which I work has an international WAN that connects several of its regional LANs. One of my team members is working on a service that receives un-encrypted messages directly from a FIX gateway in Tokyo to an app server in London, via our WAN. The London end always initiates the authenticated connection, and at no poi...
I need a way to protect a private key on a mobile device. I know in "Writing Secure Code" chapter "Protecting Secret Data" says "Windows CE" cannot be used in secure environments. But the book is many years old now, 2003. Is this still the case? Tell me it ain't so. There has to be a way to secure a private key today. ...
I wanna allow users to embed videos freely in the application in developing, but do not want to expose then and the application to malicious uses. With that in mind, what are the main security concerns (XSS, etc) in allowing users to embed videos from external sources, like YouTube, Vimeo, etc. In which way this exploits could be used? ...
I need to write a java program to connect to a HTTPS server (DoD website). The website requires CAC (DoD common access card) authentication. If you access this site via browser, you insert your CAC first, and then enter a PIN. I need to accomplish the authentication process programmatically in java (kind of acting like browser). How do ...
I am sorry if this is a dumb question but if I didn't ask I wouldn't know. I don't really understand how cURL works, can it read the unparsed php code from a php file? If so, what is to stop some hacker from reading the script that connects to my data-base and stealing the login info? Thanks. ...
If a user clicks on a button that does a post (lets say it has UserName and Password in the post) and those credentials get authenticated successfully. If I did a redirect to a completely different application (so I can't carry session, etc) and I use a GET with the Username and Password in the querystring (I could even use basic encryp...
How can I see the contents of a file with 111 permissions? A thing called Y-combinator, as an input, prints the content of a file. My instinct says that you can run it with 100 permissions. However, I know only the theory, not the practise. Which is the lowest permission level to see a file with Y-combinator in Bash? The user nobo...
Please pardon my non-understanding here. I have a local mysql server and I need to be able to access that data over an encrypted channel from a java web application running on a web host. Can anyone recommend the best way to do this? Thank you! Joshua ...
I'm moving my dedicated server to another provider and I'm migrating everything over to the new server. One thing that I haven't been able to figure out is how to save ACLs (access control lists) from an existing system into another. I have 3 different local user accounts that I use on IIS to isolate each web site access from the other...
When I did the command above, X11 opened. I am perplexed. Did I run it? How can I be sure that I do not run any program when looking at things? I really hate the idea that reading a text file may execute a program. How is it programmable possible to make programs that executes when running a simple cat-command, or similar command? ...
I have been reading about Security of Design. I noticed a tip of lowest permission level. So I did the above code to my junk files. Unfortunately, the junk-folder seemed to contain some server files. A few sites become forbidden. The folder contained stuff such as "Mail", "dev" and "Public". The reason for junking them was that they are...