Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://mysite.com/Content/MyFlashApp/myflash.swf cannot load data from http://www.mysite.com/Home/SaveData. at Main/encodeAndSave() ...
Hello If I were to host a web service on the same machine as my web site, and pass sensitive information to it, do I need to call it using https? For example, I would reference it using localhost, so won't this information be secure as it's not being transmitted across an insecure channel? EDIT: I should mention that this web service ...
In php, is there any way to clear/remove all previously echoed or printed items? For example: <?php echo 'a'; print 'b'; // some statement that removes all printed/echoed items echo 'c'; // the final output should be equal to 'c', not 'abc' ?> My script uses the include function. The included files are not supposed to echo anyth...
Hi, I want to upload a file to a website via a desktop app and then take the user to the website. The website has a web service, but requires authentication as does the web site. Is there a way to do this without forcing the user to authenticate twice (once in the desktop app and once in the web browser)? Unfortunately, you can't prefi...
What is the SQL Server equivalent to Oracle's Virtual Private Database (VPD)? ...
Would you consider the use of caching products in the category of data at rest? ...
Hi Can anyone tell me what permissions I need to give to the Content Crawl Account in MOSS 2007? When I run a crawl of the content I get an error telling me that it does not have permission and to give it full read to the web application, which I tried to no avail. All the best ...
What's a good way to manage and maintain SQL Server logins, server roles, and individual access rights across multiple databases that exist in multiple environments? What are your best practices? Some info about my situation: SQL Server 2005 We have N amount of "client" databases with identical schemas (in theory, at least) We have a ...
To protect a web application from query string manipulation, I was considering adding a query string parameter to every url which stores a SHA1 hash of all the other query string parameters & values, then validating against the hash on every request. Does this method provide strong protection against user manipulation of query string va...
I'm writing a simple iphone application that brings a particular website experience onto the rich world of the iphone. The website currently doesn't talk to any clients other than browsers, so it doesn't have an API. I'm trying to design an API for consumption by my iphone app as well as other rich clients. With REST and Xml/Json form...
I'll be inserting content from remote sources into a web app. The sources should be limited/trusted, but there are still a couple of problems: The remote sources could 1) be hacked and inject bad things 2) overwrite objects in my global names space 3) I might eventually open it up for users to enter their own remote source. (It w...
I want to sharpen my skills in terms of gnu/linux and get a better understanding of how servers work. So I thought I'd set up an apache webserver with ftp, ssh, svn etc. Since I use Adobe products everyday in my line of work installing a linux dist. straight on my machine isn't an option. Yes, I could probably do a dualboot with linux an...
Hi all, I have been issued a PKCS#12 certificate to be used for accessing a simple xml-based web service. When I load the PKCS#12 file into Windows (Vista), I can access the service using my browser. Trying to access the service through an application, without loading the PKCS#12 into the OS Certificate collections , I have written the...
is there any webservice. i send web page resources to scan for vulnerability.(Trojen+spy+xss+sqlenjection etc.)Like that Scanner(source) Scanner(source) { CallService(source) } OR Scanner(webpagename) Scanner(string webpagename) { // webpagename: www.xyz.com CallService(webpagename) } ...
Hello all, I make an AJAX request to see if a sesion variable has been set. I make a GET request to this script: <?php session_start(); while(true){ if(isset($_SESSION['screen_name'])){ return true; break; } } ?> Clearly there are problems with this script and I wanted to solve these problems such as the continuou...
Applications send out emails to verify user accounts or reset a password. I believe the following is the way it should be and I am asking for references and implementations. If an application has to send out a link in an email to verify the user's address, according to my view, the link and the application's processing of the link shoul...
I have couple of reports that i developed and are sitting on http//localhost/reports. I have everything else setup including sql server 2005 config tools. The reports run fine when i run them on my own machine, where IIS and sql server 2005 are both loaded. But they dont work when i try from other computers. I have the dir security to wi...
I'm trying to find a secure way to do the following: Users enters value into html form. Form is submitted. PHP uses submitted value as the argument for the "scandir" function. My theory is include logic in the php script that forbids absolute paths and requires the directory name to include a certain value. My concern is that a hack...
Hey Everyone, I am working on a security project at my university for open source software. I am trying to build freemarker from source, but I am running into some problems. Everything that I can find online says that simple running 'ant' in the root directory should build the project. The only requirement is that you have ant v1.7.0 in...
hi there i need to connect to two different domains from a single flex application. the problem is the domain other than the current hosted domain is unable to login. letz say i hosted the application at LOCAL server. im able to login to the local server . From the existing application i need a login to the MAIN server too. The problem...