I'm looking for studies on the security effect of frequent password changes, looking at the security benefits / problems from having a mandatory password change every one or two months or similar. Does anyone know of any? ...
I'm writing a self service password reset system in c#, .Net 3.5 - one of the things that I need to do is allow users to authenticate with an expired password and give them the ability to change it. Can you, using the System.DirectoryServices or System.DirectoryServices.AccountManagement namespaces validate an expired password? Is ther...
Question Should autoincremented identity columns have a non-default seed/increment when used in a RESTful web application? Background I'm working on my first ASP.NET MVC application and trying to keep my urls RESTful. There is no separate administrative web site for the application. I use attributes to control who can access what pa...
This should be a elementary question but why is better to use something like this: $pwd = filter_input(INPUT_POST, 'pwd'); Instead of just: $pwd = $_POST['pwd']; PS: I understand that the filter extension can be used with more arguments to provide an additional level of sanitization. ...
I have a Django application I'm developing that must make a system call to an external program on the server. In creating the command for the system call, the application takes values from a form and uses them as parameters for the call. I suppose this means that one can essentially use bogus parameters and write arbitrary commands for t...
Hi I am loading assembly B from assembly A. I am trying to enumerate private members of the type located in assembly B. How do I use ReflectionPermission to accomplish this task? I couldn't find anything useful on the MSDN. Assembly asm = Assembly.LoadFrom("Chapter13.exe", AppDomain.CurrentDomain.Evidence); //AppDomain.CurrentDomain....
I need to create an application "dll, script or exe" which when the user upload on a folder on his server using his ftp, it will automatically run on the current folder and do some image manipulations in the folder images, My Question is how to make something like this, which the user will not need to configure anything on his server, a...
I need to call some semi-trustworthy Java code and want to disable the ability to use reflection for the duration of that code's execution. try{ // disable reflection somehow someObject.method(); } finally{ // enable reflection again } Can this be done with a SecurityManager, and if so, how? Clarification/Context: This is ...
I've seen a few questions and answers on SO suggesting that MD5 is less secure than something like SHA. My question is, Is this worth worrying about in my situation? Here's an example of how I'm using it: On the client side, I'm providing a "secure" checksum for a message by appending the current time and a password and then hashing ...
Hi there, I am interested in learning about how hackers find and exploit vulnerabilities. Specifically about windows hacking and web hacking i.e. I’m NOT interested in linux/unix stuff. Are there any good websites with technical articles about specifically how to find, exploit and block vulnerabilities with code samples and tools used...
I am asking from a "more secure" perspective. I can imagine a scenario with two required private keys needed for decryption scenarios that may make this an attractive model. This is to settle an argument. My vote is that it is not adding any additional security other than having to compromise two different private keys. I think that ...
Imagine a value, say '1234'. I want to map that value to an other value, say 'abcd'. The constrains: The length of the target value is equal to the start value The mapping should be unique. E.g. 1234 should only map to abcd and viseversa The mapping process should be (very) difficult to guess. E.g. multiplying by 2 does count The mapp...
Hi, I have several WCF services hosted in IIS6 (should not affect this issue) on the same host, and I want, for Performance/ Maintanance and other reasons to combine several requests into 1 request using a Facade Service, All done with special Service Contract / Service that has an operation that calls other services for several operati...
Hi, Want to be alerted when a secure remote proxy server stop working; for instance if Apache hangs for some reason. As the remote machine will still be up, will still be able to ping, though this would prove very little. Need to be able to script something that requests a path through the proxy and then returns the result. Investiga...
Is there a way to validate an iPhone device ID? I want to be able to accept device IDs submitted from iPhone users via HTTP request and validate that they are tied to a legitimate device. ...
Hello, In response to a question I asked about a week ago I changed our database engine to only accept Windows Authentication instead of SQL Authentication. Because our code runs in a different user context then that of the database connection we need to specify the username and password information in order for us to connect to the dat...
HelLo Is there any way to password protect an SQL server database without using commercial third party tools? What can help me achieve this? Please help...Thanks ...
I need to make an ajax call from a site to a service exposed on another site and server and I need to make it secure, so that I'm sure that the call is a genuine call from the client site and form. What are the best methods to obtain this? ...
I'm writing a Windows application. How can I tell when a screenshot is being taken of it? I read about how to detect the hotkey being pressed, but I'm more worried about the case where every 100 ms or so another program is taking screenshots of it. Namely, I'm trying to notice when someone creates another program (say a python one using ...
As an assignment for a security class, I am trying to use __asm__("jmp 0xbffff994"); in my code, but when I disassemble things in gdb, the instruction is changed to jmp 0xc8047e2a. Any idea why and how can I jump to a particular address? ...