I play the online game World of Warcraft, which is plagued by automated bots that inspect the game's allocated memory in order to read game/player/world state information, which is used to mechanically play the game. They also sometimes write directly to the game's memory itself but the more sophisticated ones don't, as far as I know. T...
When our customers install our software, they often opt for a "split install", where the services run on one box and the database is on another box. The services might talk to other services, or the database might contain stored procedures that need to talk to another database. This leads us into the murky world of Kerberos and SetSPN. ...
Hi, I am half th way of my problem,,. Please Help I have succesfuly encrypted the text using public key of digital signatures but while decrypting it. i am getting error Error occurred while decoding OAEP padding my piece of code #region Test Encryption public void a() { using (var rsa = new RSACryptoServiceProvider()) { // This St...
Do you find that when you work with a new technology that you're never quite sure what security gaps your leaving in your code? I've been working with ASP.Net Web Forms for about 5 years now and am fairly confident my code is at least secure enough to stop most known attacks. Looking back a lot of my early code I have unknowingly left ...
I am running a website on a virtual directory. The url for the site is http://localhost/virtalDirectory/pages.aspx I have an image to be loaded on the page from the following directory heirarchy: parent directory ..images ....my image ..myPage.aspx My img tag is <img src="images/imageName.gif" alt="some text"/> When loading in ...
Which method do you suggest to efficiently secure your embedded database in Delphi applications? Here are the methods I've tested: Using Molebox Pro Pros - Fast, unpacking is not child's play, no additional task/coding Cons - Database will be read-only, same drawbacks as exe compressors Using DISQLite3 Pros - Overcome Molebox's r...
I was just about to install a Ruby gem by someone I hadn't heard of. But something made me think "Who is this guy?". Is there any risk of a Ruby gem accessing private data on your machine and transmitting it elsewhere - since the gem system has Internet access? Or are there protections against this? ...
I have classes we wrote for one our customers, to be used in their own iPhone code. We would like to make the classes sealed for observing and prevent the code from being copied like we would do in windows by a closed dll or compiled swf on flash. Any help will be appreciated. David. ...
I'm looking for a server-side implementation to disable a browser from saving invalid login credentials. For example, user "foo" logs in with password "bar". Browser asks foo if he wants to save the password. However, foo's password is actually "baz" and therefor would be saving the incorrect password. I've tried manipulating the HTTP c...
Don't know much about encryption... Say I'm preparing a SAML request to submit to an identity provider. Why would I need to apply an x.509 certificate to this request? Is transmission over SSL alone not secure enough? ...
hi, is there a way for some one to sneak in the to see data if my service is over http and the caller in my case is hosted on http (i.e. service is on secure ssl host while caller is on simple http). is that call secure or not? ...
Harvard architecture computers have separate code and data memories. Does this make them immune to code injection attacks (as data cannot be executed as code)? ...
The value proposition of externalizing identity is starting to increase where many sites now accept OpenID, CardSpace or federated identity. However, many developers haven't yet taken the next step to externalize authorization and use approaches based on XACML. Is the reason lack of awareness or something else? How would you expect to l...
Hi all, I'm producing a dll for a business partner of mine that he is going to integrate into his app. But I also want to somehow lock the dll so it cannot be used by anyone else. The API of the dll is quite straight forward so it'd be easy to reverse-engineer and use it elsewhere. How do I do that? My only idea so far would be to add ...
We have a web page that is configured for Integrated Windows Authentication under ISS. When I access this page via its HostName (e.g. http://MyHost/mypage.htm) it works. When I access this page via the IP address of the host (e.g. instead of MyHost, use MyHost's IP address in the URL), I'm prompted for a username & password. Can anyon...
We have a vendor-provided Jar that contains a class we wish to extends and/or modify via AOP. The default Sun JVM security model does not allow code that is unsigned or signed by someone else to extend classes in a signed jar. We can easily remove the signatures from the jar file, but I would prefer to configure the JVM to ignore jar s...
Is there a guide out there for imitating the Lock/Unlock button and behavior of the secure Apple preference panes? (e.g. Network) ...
Currently, I have some code as follows: protected override void OnLoad(EventArgs e) { if(IsAuthorized(param1, param2, ...)) { //snip } else { Response.Write("Not authorized"); } } protected void MyButton1_Click(object sender, EventArgs e) { //snip } protected void MyButton2_Click(object send...
Hi all, I've reading some books on advanced PHP, and most of the time I find code like this: $classes = array ("MyClass1", "MyClass2"); if (!in_array ($_GET['class'], $classes)) throw new Exception ("Class not found!"); $params = $_GET; $obj = new $_GET['class']; if (!method_exists ($_GET['method'], $obj) throw new Exceptio...
So is there any way to hide X-Powered-By on Nginx? ...