hi, My company has multiple vendors that all have their own websites. I am creating a website that acts as a dashboard where customers can access all of the vendor's sites. I wanted to know what is the best option for doing this? Here's what I have so far: Iframe Can bring in the entire website Seems secure enough (not sure if I'm ...
In response to this, what are the security considerations when using the content-disposition HTTP header? ...
I have a asp.net app (uses windows authentication for access) which (stipulated by the security team) needs to connect to a remote SQL Server 2005 using integrated security.Because of the fact that it is remote SQL server I needed to impersonate a custom account (impersonating the original caller would not work) via : <identity imperso...
On this help page for Adobe Acrobat 9: Automate Password Entry for a Batch Sequence The instructions are wrong. Pasted below: """""""""""""""""" Before you batch process PDFs that are encrypted or password protected, you can set your digital ID to enter the required password automatically. 1 Choose Advanced > Security Settings. 2 Sele...
It's consistent on certain documents too. The only solution I have at the moment is to print a PDF of the document and then secure that version of the document. That seems to bypass the issue. But I have 5000 documents I'm batch processing and I'd rather not have to mess with such things.. ...
I'm developing custom client/server application that requires client to log in with their username and password. The user accounts are not related to Windows/AD accounts in any way. After login, client application will request other services from server system. My question is what is the best way to implement this? What kind of archite...
What security protection does HTML.Encode() afford me when I'm dealing with user input, specifically scripting problems? ...
I am developing a web application that uses Amazon Web Services. I am using ASP.NET MVC. I also use several Amazon Web Serivces including S3, EC2 and SQS. I am planning to hire freelancers to help the development. Now I put the Amazon Web Service key and secret in the web.config file and it is connected to my credit card. I am using host...
When trying out http://www.feedly.com/ I noticed it automatically recognized my Twitter-name. How? ...
Is there a Java equivalent to PHP's mysql_real_escape_string() ? This is to escape SQL injection attempts before passing them to Statement.execute(). I know I can use PreparedStatement instead, but let's assume these are one shot statements so preparing them will result in lower performance. I've already changed the code to use Prepare...
I've noticed that some web applications return AJAX responses with JSON data embedded within a comment block. For example, this would be a sample response: /*{ "firstName": "John", "lastName": "Smith", "address": { "streetAddress": "21 2nd Street", "city": "New York", "state": "NY", "postalCode": 10021 }, "phon...
I am using C#'s Identity and Principal objects for role based security, and I am at the step of modifing controls shown based on roles the current user has. My question is what the recommended method is for enabling/disabling fields in a WPF window - showing/hiding fields dependent on Identity.IsInRole type calls. Can this be done in X...
If too many images are being loaded from the server at once (or over a period of time) will it slow down the website for users? What about saving images to the server? Would a website that puts a lot of stress on the server makes the website more vulnerable to DOS attacks? If our website needs to save and load mass amount of images, i...
Hi, I'm working on a project in C# on Windows XP where we have to capture a file dialog which allows users to select mulitple files (such as shown here: http://www.uploadify.com/demo/). Is it possible somehow to restrict access to local drives, such as C:, etc...? So the list of available drives would only contain drives that aren't e...
I want to create a Web app which would allow the user to upload some C code, and see the results of its execution (the code would be compiled on the server). The users are untrusted, which obviously has some huge security implications. So I need to create some kind of sandbox for the apps. At the most basic level, I'd like to restrict a...
This is something that's been bugging me for many years: why most online services highly value the entropy of a password, citing it as a security measure, and enforcing it when users select a password? I decided to come out with this question after reading the paper "Do Strong Web Passwords Accomplish Anything?" (and, of course, classic...
Please don't respond with "a lot less malware/viruses for OS X". And please no hype and no fan-boy answers. The reason why I am asking this here is because I want feedback from developers who write software for both systems and have intimate knowledge of the security restrictions in which to operate. Using both Windows and OS X concurre...
What are the different approaches to securing a directory? including an index page so contents can't be viewed the problem with this is that people can still access the files if they know the filename they're after including an htaccess file to deny all this seems to be the best approach, but is there any case that an htacces...
I have a public facing web page in .Net that I would like to put anchor tags in that go to a web page produced by a Java server in my distributed system. For example, Bob logs in from the WWW and goes to the home page. I would like to have a link to http://javaserver/form.jsp?username:Bob in the home page. But that would be insecure i...
It appears there there were interesting things going on in cryptography: the first homomorphic encryption scheme appeared recently (explanation, HT). Roughly speaking, it is a way of encoding x into f(x) such that you can compute f(x+y) easily knowing f(x) and f(y) even though you can't easily restore x and y (and same for f(x*y)). What...