Do any version control systems allow you to specify line level security restrictions rather than file level? I know it would be horrible to maintain. If I wanted to never allow certain strings into the database should I be looking into the notion of hooks and manage all the very sensitive information in that hook layer? How do hooks g...
What protocol should I use to secure a webservice. I'm considering CHAP, but I cann't find much about it in relation to web services. SubAuth and OAuth is more about giving web services acces to something else, so that's not what I'm looking for. I need to authenticate a user without sending it's credentials over the line. I've read the...
Hi guys, We have been using nhibernate for almost a year now. I wuld like to know that are there any vulnerabilities that could be injected(like SQL injection etc.) using web application. I just want to secure any nhibernate injection through web application if there are. ...
I'm having a bit of difficulty getting an understand of key length requirements in cryptography. I'm currently using DES which I believe is 56 bits... now, by converting an 8 character password to a byte[] my cryptography works. If I use a 7 digit password, it doesn't. Now, forgive me if I'm wrong, but is that because ASCII characters a...
Hi all, I have been asked to look at how to restrict read access on certain VOBs in ClearCase, for compliance reasons (so this needs to be auditable, etc, etc...). I have found a solution so far, that I will post here, but I still have questions, so any help would be appreciated. Especially as the devil is in the details, I think. For ...
So I'm trying to write a php SOAP client that requires the user to pass their login credentials for the remote SOAP server. Here is the set-up/dilemma: User logs into local site using local credentials and goes to page with SOAP client. User is now prompted for credentials for remote Soap server, which, by the way, are the same as the ...
Here's my scenario... SQL Role Staff_User Scheme People Tables People.Persons People.PhoneNumbers Views People.vtPersons - The vtPersons view filters the data from the Persons table showing only that which belongs to the currently logged in user. People.vtPhoneNumbers - The vtPhoneNumbers view filters the data from the P...
I have written a application which resides in a subdirectory of the parent, or root application. The root application uses a custom membership provider, but all the code for it is in the App_Code directory, and it's compiled deep into the Temp files for ASP.NET. Therefore, it complains that it's missing a reference to the provider when...
I have always used the Scriptmanager to handle all AJAX calls, but I am starting to expand and am playing around with using jQuery and JSON to consume an ASP.NET 3.5 Web service. I am using standard jQuery calls as you can see below, which is working wonderfully. I am concerned about security and how to ensure that I am not opening any d...
Is there really a problem running a application under full trust as long as it is possible to control the configuration of the machine? ...
I have a encryted database and decryption key. How to keep decryption key away from hacking(Both database hacking and unauthorizated accessing PC.)? Hardcode in assembly. keep in registry. keep in RAM. Moreover, I need algorithm for encryted data. What's the best algorith for doing this in security per decryption time term? RSA AES...
What are anti-spam measure i should consider before launching my user content website? Somethings i have considered Silent JavaScript based captcha on the register page (i do not have an implementation) Validate emails by forcing a confirmation link/number Allow X amount of comments per 10mins and Y per 2hours (i am considering excited...
We have a requirement from a client to protect the database our application uses, even from their local administrators (Auditors just gave them that requirement). In their requirement, protecting the data means that the Sql Server admin cannot read, nor modify sensitive data stored in tables. We could do that with Encryption in Sql Ser...
Is there a simple way using powershell to show all Local Windows Groups that are active on a machine and the users that are part of those groups? A second part of this question would be if it can be extended to look at more than one machine at a time. ...
My company provides third-party customer service for a Big Communications Company (hereafter BCC). Our employees must log in to BCC's site to help customers. I have also created some intranet resources for them to use. If they are signed in to BCC's site, my intranet site will not load in another tab or window - it says "Internet Explor...
From my last question, I have new idea for database protection. The following ports will be connected via SSL only. Is it possible to hack this database server? Http Port for sending & receiving data via WCF Services or Web Services. Ftp Port for updating above services. PS. This question is not include SQL injection problem. Thank...
Since I run my stuff in a VM I like to save my data on shares on the host. But then running and debugging (web) applications and tests from within Visual Studio has problems. How can I configure everything to run with FullTrust when it's started in Visual Studio? Or how to just configure full trust for all network drives? I have turne...
I have some code and i wonder how it would stand up against bots. Is there a way i can either run a bot to check the strength of my site or to set real live spam bots on it in a prerelease test? (i can use something.noip.com as a dummy domain) ...
HI guys, I don't know whether this question has been asked earlier or not. But i want to encrypt the connectionstrings in my web.config. And my application will be deployed in web farm. I tried reading some blogs about this, but got confused. Can somebody tell me a link which they have really tried and got succeded. ...
Can two MethodSecurityInterceptor beans be defined as follows? <beans> <bean id="moduleOneMethodSecurity" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="accessDecisionManager"><ref bean="serviceAccessDecisionManager"/></property> <property name="authenticationMa...