I'm making a RESTful web service call in my JavaScript page and get the following warning: "This page is accessing information that is not under its control. This poses a security risk. Do you want to continue?" Now I've read up on this and am aware of the cross-domain, same origin policy. However, I don't get such warnings when I c...
I discovered that it is possible to extract the hard-coded strings from a binary. For example the properties view of Process Explorer displays all the string with more than 3 characters. Here is the code of a simple executable that I wrote to simply test it: #ifndef _WIN32_WINNT #define _WIN32_WINNT 0x0501 #endif #include <stdio.h> #in...
e.g. Make it so that you could limit it to a max 2 connections for a given technical account, the third connection being blocked repeatedly until one of the others is given up ...
I need simple client-server communication with iPhone app, and XML property lists seem like quite easy and simple solution that saves me trouble of dealing with XML parser delegates and building these structures myself. I just wonder is it wise to use NSPropertyListSerialization class with external data? Are there any obscure plist feat...
I'm trying to figure out how to use the System.Net.WebRequest class to send my credentials when the Apache server has a .htaccess file protecting access. It appears to be something to do with the Credentials property (imagine that!) but I am not sure how to create the correct ICredentials object. Sample code = accepted answer. ...
I've been trying to get WCF security working for my project, and have had little luck. I'm trying to create a service that uses net.tcp as the binding, and does both message and transport security. Message security is done using username and password and transport security is done (supposedly!) using certificates. For my development tes...
Even though there are many good CMS tools out there, I've decided to roll my own tools for my website to get some hands on experience. The only thing that is currently eluding me is how to add authentication to secure the administrative tools. I'm the only one who will be using the administrative tools, so I don't need something as comp...
I have used the following code in a number of applications to load .DLL assemblies that expose plugins. However, I previously was always concerned with functionality, rather than security. I am now planning to use this method on a web application that could be used by groups other than me, and I would like to make sure that the securit...
One of my Rails applications is going to depend on a secret key in memory, so all of its functions will only be available once administrator goes to a certain page and uploads the valid key. The problem is that this key needs to be stored securely, so no other processes on the same machine should be able to access it (so memcached and ...
I want to secure events stored in one table, which has relations to others. Events are inserted through windows service, that is connecting to hardware and reading from the hardware. In events table is PK, date and time, and 3 different values. The problem is that every admin can log in and insert/update/delete data in this table e.g...
Hi, I was going to use .htaccess to password protect a directory for a php script I'm writing, as I do not trust my PHP skills to create a secure login, but I found out you cannot use relative paths for AuthUserFile and I could not generalize this. If you could direct me to a secure PHP login script to password protect a directory I wou...
Browsing through Coding Horror, I saw this article on removing the user field from a login dialog. It's an interesting concept albeit an old one from 2005. Nevertheless, I started thinking about it and wondered: How would you be able to do this in a secure fashion? If you identify the user by their password that means all passwords m...
Upfront, I'd like to confess to being a complete newbie to cryptography and password security. I'm trying to store passwords in a database being babysat by ruby. My understanding is that plaintext passwords should be appended to a random "salt" and that whole phrase should be hashed by some hashing algorithm such as: Digest::SHA1....
Are there any security issues keeping the .NET PDB files on the real server? I know that throwing exceptions might take a bit longer , but who throws exceptions during normal execution anyway? :-) But from a security perspective? any issues? ...
The generatePassword method in the asp.net membership provider allows only length and alphanumeric characters to be set. However there is also the property passwordStrengthRegularExpression Does GeneratePassword makes use of the property above. It would be great if it did but I assume it dosn't? ...
Has anyone managed to get BIRT to run under WebSphere with Java 2 Security switched on? Doesn't seem to matter what I put in my was.policy file, I get a huge number of security exceptions when I try to produce a report. Running with Java 2 Security switched off works perfectly, but that's not an option for the production environment. A...
How do I grant access to on an NTFS folder (Win2003) such that when files are added to this folder, they get the same access permissions? My problem is that I have granted read access to the 'network service' on a specific folder but when I add files to that folder (programatically generate the files to this folder), the network service...
One of the security requirements for my web based system is to prevent people logging in as the same user on different machines at the same time. E.g. to ensure that people cant all log in using the same password/share passwords. Is there a way to achieve this using the ASP.NET membership provider. Will I need to manually store info on...
Hi, I have a treeview control which is being used to browse various folder on the users system drive. It can also be set up to connect network folders using UNC paths e.g "\server\files". At the moment I'm getting a list of Directories by using My.Computer.FileSystem.GetDirectories however this obviously fails when the folder is passw...
Recently Aetna suffered a breach where it lost 65,000 SSNs. They never were able to find an audit trail of what happened which probably hints that the attack leveraged XSS or similar technique. Are there specific known attacks that the bad guys are repeatedly leveraging for this type of attack? ...