Right now the only way I can get the RijndaelManaged algorithm to work on a computer with the Local Security Setting for FIPS turned on, is to disable it. It is a government computer, so I'm not sure how that will fly. I've seen posts on the msdn blog sites that say they are working on an AES FIPS compliant version, but I cant seem to ...
Are there any thoroughly tested .NET libraries out there to sanatize input from things like script/sql injection? ...
Is is possible to use the password element in html input type="password" in a mode whereby one dosn't show the characters types as asterixes/circles but as spaces/nothing so noone would know the length of the password. ...
We have a thick-client that needs to access resources on a share where a client may not be logged on. The client might be on a Windows domain or it could be a mixed environment without a domain, so the user would have to log on to the server locally. In the past, one work around was to create a shortcut on the user's desktop to the share...
OS: Vista Business 64-BIT Coding: .NET and 3-rd party EXE Issue: Security I have downloaded curl.exe to assist me in loading Product information from Amazon. Curl.exe has been pre-compiled and is NOT a .NET app, so I do not feel comfortable in making any changes to the build of curl. On to the problem. When I execute CURL I get thi...
The Situation I have a very compressed time schedule to write a simple (basically write-only web app). The app is to be a mostly jQuery-driven question tree. The questions and tree will probably need to change both before and after the site launches. The answers will get emailed... I probably don't even need to store them, but I'm g...
Does anyone know of an open source database proxy where it can serve as an intermediary between a closed-source client application and either a SQL server and/or Oracle database? ...
Are there any general security risks associated with having MSDTC enabled? I was told, by one of my team members, that there are security risks involved with enabling it, but I would like to know what they are, if any. ...
I want to set my FormsAuthentication cookie to timeout BUT VIA CODE. I know I can do this in the web.config but I want to configure at the database. Is this possible via code? <system.web> <authentication mode="Forms"> <forms timeout="50000000"/> </authentication> </system.web> ...
Quick Question. Eval in JavaScript is unsafe is it not? I have a JSON object as a string and I need to turn it into an actual object so I can obtain the data: function PopulateSeriesFields(result) { data = eval('(' + result + ')'); var myFakeExample = data.exampleType } If it helps I am using the $.ajax method from jQuery. T...
I'd like to know if it's possible to execute more than one SQL statement within a single execute() or do() call using DBD::Oracle via Perl DBI. Example: # Multiple SQL statements in a single query, separated by a ";" $sql = 'UPDATE foo SET bar = 123; DELETE FROM foo WHERE baz = 456'; $sth = $dbh->prepare($sql); $sth->execute; # ...or...
I am building an application in ASP.Net MVC to log tasks. A user can delete only their own tasks. Is there a standard way to prevent a different logged in user, from simply typing in the delete controller url, with an [id] parameter of a task that belongs to another user, thus deleting another users task? Example: User A has a task wi...
I have a web app that requires a user to have an account. This user can then vote 'once' on a specific item. However, some users are signing up for lots of accounts to 'game' the system. Does anyone have any ideas how you can restrict this type of thing? Could I restrict number of signups per day per IP address? (what are problems with...
I'm installing the ASP .net on Win7, and I need give permission to ASP .net to use the project folder. I have tried Network Service and didn't work; Win7 didn't find that user. I know that previously the user was ASPNET and later is Network Service, but now, something changed or I'm doing something wrong. Please help me. Edit: *I lear...
We have a strange problem in Safari. When the user logs out of our Web Application we expire the forms authentication with the following FormsAuthentication.SignOut(); Session.Abandon(); This works fine in IE and Firefox (when the user hits the back button they are presented with a page expired message and are forced to login) but ...
I think the answer is an admin login and then check if the user has an admin flag, but I also thought of some other related questions. Is it better to have an admin flag (attr_protected) in the same user table as non admins? or should i have an admin users table? Should I create a separate rails application for the admin users? This mi...
I'm using Mysql and I was assuming it was better to separate out a users personal information and their login and password into two different tables and then just reference them between the two. Note : To clarify my post, I understand the techniques of securing the password (hash, salt, etc). I just know that if I'm following practices ...
I have a LOB application in SL, one of the aims is to save partially entered data to persist user's state. for example, you start adding a new employee to system, close the browser (or it crashes), next time you open the browser, you have whatever data you had entered before. the saving and loading is easy, I was wondering if there is a...
How to make security authentication for a web application that is using servlets and .jsp. I want to make authentication using tomcat. Can anyone explain steps I need to take in servlet and jsp for FORM authentication. Servlet is taking care of .jsp page that needs to be secured. ...
What Javascript security techniques, issues, and limitations should be part of a programmer's skill set for solid web development? ...