Hello - There are times we need to create an ODBC connection over the "tubes" to one of our customer sites. We would like to provide as much security as possible to our customers, given we are using ODBC and, well... Anyway, there is a checkbox setting in the SQL Server DSN that says "Use strong encryption for data", but absolutely no...
EDIT -- the solution I posted below probably applies to any server (Nginx/Apache/anything else), because this header is set in Rails itself. Anyone know where the "X-Runtime" header can be removed in Nginx & Passenger? I've grepped the source files and haven't found anything yet, but I'd like to get rid of it for security since it's ...
Hey everyone, as can be seen from two other question I had I am looking for a secure webserver as there where discussion at work how safe tomcat really is. But basically what I found on the net regarding how safe it is is greek to me. So I was hoping, someone could explain to me how safe tomcat really is? Like, is it possible to mess wi...
I have a PHP page that allows people to run htpasswd to update their password. What is the best way to sanitize their input. I don't want to restrict the input to much because I want to allow for secure passwords. This is what I have. How can it be improved? $newPasswd = preg_replace('/[^a-z0-9~!()_+=[]{}<>.\\\/?:@#$%^&*]/is', '', $...
Hi all, I have an application which stores some information in an encrypted state, both on file and in a database. How can I calculate what the length of the resultant cipher text will be based on the plain text input? The encryption operation consists of using the .NET RijndaelManaged class/algorithm and then a conversion to a Base64...
Hi everybody, First time reader, first time poster (woo!) So I've been implementing my login scripts for an informal website. Not likely to be compromised, but just to be safe, I'd like to ask if there's a security risk in having my MySQL database login stored in plaintext in the php code. As far as I know, the code itself is parsed b...
I wanted to create add to my jdk6\jre\lib\security\java.policy file an interdiction to create some classes that are blacklisted by appengine. For example I want my local jvm to throw an exception when the application tries to instantiate javax.naming.NamingException. It is possible? I will try to explain my specific problem here. Googl...
If I create tabs using one of the Grails GUI options (which one should I use), is it possible to turn tabs on and off, based on the current user? For example only users with a role of admin should see the Manage Users tab. And even anonymous users should see the Main Content tab. Ideally, I'd like to use Spring Security ACL. ...
I'd like to know how to integrate Scala with Spring Security (i.e. Acegi)? What are best practices and roadblocks while doing the integration ...
Can i get the requester windows IPrincipal when he comsume WCF service? ...
I need to call a web service running in a Windows domain that is different than the one the (Windows Forms) client is running in. The web service is secured using Windows authentication. The domain credentials for web service's domain are saved in the client's user profile (Saved user names and passwords in XP), but I have not been ab...
Listing all files in a drive other than my system drive throws an UnauthorizedAccessException. How can I solve this problem? Is there a way to grant my application the access it needs? My code: Directory.GetFiles("S:\\", ...) ...
I've a security constraint on my app: <security-constraint> <display-name>users</display-name> <web-resource-collection> <web-resource-name>all</web-resource-name> <description/> <url-pattern>/secured</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> <htt...
Hi, I've got a question about securing emails with SSL. If I get an SSL certificate to secure my email, that would mean that the connection between my mail client and my mail server will be encrypted. So anyone listening in couldn't view my emails or username and password. But what happens between the mail server and the destination ma...
Hello all, I had a project for developing a website for a NGO. I had a doubt: The website is already working with lot of flaws and had very few pages. This website is made in Php and They want me to make it more secure. So i want to make this website using Microsoft .NET Framework. If i make this website from scratch and then...
Hello I have a page in an ASP.NET (website) project that writes a file to the App_Data folder. When I request the page from my browser everything works. When I perform this request from a cron-job scheduled job from my provider I get the following error Could not find a part of the path 'C:\xxxxxxxxxxxxxxx\App_Data\Art_P00004.txt'. a...
I have the following class: [UIPermission(SecurityAction.InheritanceDemand, Window = UIPermissionWindow.AllWindows)] public class PrintData { protected string Data = "secret value"; public virtual void PrintString() { Console.WriteLine(Data); } } Can someone provide an example i...
I'm upgrading an application from an old ejb2 setup to use ejb3's using the ejb3 feature pack on websphere 6.1 I've got a ServletContextListener which does some initialisation when the servlet context starts, part of this initialisation involves calling ejb's. The server is set up to use FileRegistrySample for its custom user registry,...
For example : user "is trying" to enter restricted area ( i.e. admin area on webpage ) , what is better kick him out from there without a single word or inform him that this is admin area and he is forbiden to enter. ...
The subject of how to store web site users passwords in tables has come up several times on SO and the general advice is to store a hash of the password, eventually an HMAC hash. This works fine for Basic authentication or for forms based authentication (really the same thing). My problem is that I must provide also Digest authentication...