Is there a good library in CPAN for filtering out cross-site scripting (XSS)?
Is there a good library in CPAN for filtering out an textfield for all the bad things, like xss? ...
security
Should I pass sensitive data to a Process.Start call in .NET?
I'm working on a .NET Windows application that will use Process.Start to launch another internally developed .NET application running on the same PC. I need to pass database connection information, including a user ID and password, to the target application. I'm trying to determine whether I need to encrypt the information before I send ...
An algorithm for distributed or decentralised reputation/trust
Does anyone know of an algorithm for computing how much you 'trust' another user (their reputation) in a decentralised system. Sites like this one use a centralised authority to track reputation points, but when you can't trust an authority to maintain this list impartially, or the infrastructure doesn't exist, how can you rank your pee...
Allow logout while multiple large files are uploaded
I have been asked to implement a file upload program. The program is a Java Web Start application responsible for uploading the contents of a CD to a web application. There are two requirements here: The uploader should operate in the background with minimal interaction (No rich GUI). Users may not want to watch the file being upload...
How do you use .pem files to authenticate a WCF request?
I'm trying to utilize the Amazon Product Advertising API. They provided me with a .wsdl file which I consumed and generated wrapper classes for via Visual Studio 2008's "Add Service Reference" option. This wrapper class works just fine as is and I've been successfully sending requests and receiving responses from Amazon. However, they...
Updating Active Directory from Web Application Error
I am receiving an error a web based application that allows corporate intranet users to update their active directory details (phone numbers, etc). The web application is hosted on IIS6 running Windows Server 2003 (SP1). The IIS website is using NTLM Authentication and the website has integrated security enabled. The IIS application po...
What are all needs to be covered in Security Architecture?
What is the best book for security architecture? is there any security architecture blueprint available? I am looking from very broad perspective, not just simple authentication, authorization part. Any suggestions? ...
Secure data on server
Hi, I am setting up a server where some important code will reside. I want to make sure the code is unreachable, in case the HD is stolen. Well I know you never can be sure, but reasonably secure. Which method could I use? How to i.e. mount a crypted filesystem at bootup without human interaction? Thank you very much for your help. ...
What is Public key infrastucture
I need to know what is public key infastructure. I need to know is this related to sending requests and response as like WsHttpbinding in WCF. ...
How can I get a signed Java Applet to perform privileged operations when called from unsigned Javascript?
Signed Java Applets have the same security clearance as a normal Java application running on the client. For a particular project, I need these permissions, and I need to perform privileged operations as a result of a JavaScript call. Now, the problem is that, at least for Firefox 3 in Ubuntu (target browser and platform), when an apple...
Secure my web services
I have some web services. They are used by a silverlight application and on their own by other apps. What is the best way to secure these so that hackers cannot access them directly? Currently they are blocked to localhost only then the silverlight application calls the web application and the web application calls the web services it...
ASP.NET website attack: How to respond?
This is the first time I have been faced with someone trying to penetrate a website I have created. What can I do to put a stop to the attempts? As a side note, their sql injection stands no chance of ever working and there isn't any data that we have that isn't already available by anyone using this site normally. Appended: I think...
Allowing oracle db login only to specific application?
We want to allow DB access (Oracle) to our users only through our own application - let's call it "ourTool.exe", installed locally on the users computers. Currently, the users must provide username/password whenever they start "ourTool". The provided password password gets decrypted and we use username/decrypted-password to finally log i...
Ms Sitelock 1.15 and VS 2005
Hello Folks, I'm trying to implement the MS Sitelock template into one of my Active-X Controls. I've downloaded the sitelock 1.15 sdk and I'm stuck on the very first step. Including the sitelock.h header file causes a bunch of compile errors that have to do with the sal.h header file. It looks to me like sitelock.h wants to use attr...
How secure is a HTTP GET when the data is URL Encoded?
If the data is Url Encoded, is it secure enough to send login credentials over HTTP GET? ...
How secure is a HTTP POST?
Is a POST secure enough to send login credentials over? Or is an SSL connection a must? ...
Securely using exec with PHP to run ffmpeg
I would like to run ffmpeg from PHP for video encoding purposes. I was thinking of using the exec or passthru commands. However, I have been warned that enabling these functions is a security risk. In the words of my support staff: The directive 'disable_functions' is used to disable any functions that allow the execution of system ...
Prevent direct access to JSON Web Service
I have a webservice that is used by inserting a piece of javascript into the page. The Javascript scans the page for a certain string and makes a request to my ASP.NET JSON WebService. The javascript then uses the JSON to display some content. What I would idealy like to do is prevent anyone from accessing my JSON service directly. Th...
Update Java security policy at runtime?
Is there a legal way to add/remove permissions to Java security policy at runtime? ...
How do I secure a production server after inheriting it from the previous development vendor?
We received access to the environment, but I now need to go through the process of securing it so that the previous vendor can no longer access it, or the Web applications running on it. This is a Linux box running Ubuntu. I know I need to change the following passwords: SSH FTP MySQL Control Panel Admin Primary Application Admin How...