I realize that the answer to this question is likely quite obvious (if somewhat inconvenient to me), but I'm hoping someone will have an ingenious solution. I'm slowly building an application in my free time that I hope will be useful at work. It's a simple tracking application for the assignment of peer reviews. Basically, I'm just try...
I'm working on a web application which involves connecting to Gmail on behalf of a user to check for new messages. Is there a way to securely store the user's credentials so that they can still be recovered for the login, or is there some way to obtain a token for Gmail to use in connections? EDIT: The application is meant to be used mo...
I gave a site full trust however I am still getting some security exceptions. How can I confirm a website has full trust? ...
I want to know which database is more secure: mysql or pgSQL. Which ones support stored procedures? What are the advantages of one over the other? ...
If a web service is using an assembly for its implementation, what's the difference between giving the website/webservice full trust in web.config versus giving the assembly full trust using a tool like caspol? ...
I'am writting voting web aplication and I'm not sure how to implement it. One user can vote for many pictures but he can't vote for one many times. What should I save in database or in cookies? I'm using ASP.NET MVC. Users are NOT authenticated. ...
I have 'stdout' under display_errors in my phpinfo. What does it mean? Where can I find the documentation about it? I could not find one in http://php.net/ I read here telling that it should be off for the security reasons. Thanks in advance. ...
I currently work as a PHP/MySQL programmer for a track and tracing company. I love the job and I learn more and more every day. I have a wide range of responsibilities going from programming to application support, stretching out to system administration(Linux) and networking. I already ordered a load of security related books, and the ...
I have a PHP page I need to limit execution access of to only clients inside our firewall. How would I write a php-script that can look up the clients ip-address and match it to a ip-range (for instance 10...* or 200.10.10.*). ...
I've been messing with this for about a day and a half now sifting through .NET reflector and MSDN docs, and can't figure anything out... As it stands in the .NET framework, you can demand that the current Principal belong to a role to be able to execute a method by marking a method like this: [PrincipalPermission(SecurityAction.Demand...
I have a database that I'm publishing to a remote site using Snapshot replication (only method that will work given the application and database schema). Because the replica database tables are unavailable while the database is refreshing, I am taking and delivering snapshots twice daily. For the target user population this is okay 99%...
Imagine this simple scenario for full text search: Articles with Comments. I want to search articles also by text in comments. That alone is fairly simple to implement. Not all comments are visible to all users though. User that writes comment can also restrict it's visibility to concrete Role (so comment has 2 fields: text and role). ...
There are some applications in Silverlight 3 and WPF which communicate with data web services (based on WCF). It is necessary to protect data web services. Only known users should have access to the data. Solution will work in local network without access from outside. Client connects first to authentication web service (providing user...
I'm creating a very simple django upload application but I want to make it as secure as possible. This is app is going to be completely one way, IE. anybody who uploads a file will never have to retrieve it. So far I've done the following: Disallow certain file extensions (.php, .html, .py, .rb, .pl, .cgi, .htaccess, etc) Set a maxim...
Hi, Using t-sql, how can i find if all SQL Logins have strong passwords on SQL 2000 and 2005 servers? Any help, much appreciated. Regards Manjot ...
I'm trying to enable and disable certain access privileges on a file. I figured out that to do this, you have to mess with DACLs. I'm using the following code to modify the file's DACL: void set_DACL_for_object(const char *object, SE_OBJECT_TYPE object_type, int access_perms, int access_mode) { PACL pDA...
I'm using Oracle for development. The password for a bootstrap account that I always use to rebuild my database has expired. How do I turn off password expiration for this user (and all other users) permanently? I'm using Oracle 11g, which has passwords expire by default. ...
I am experiencing assembly binding failures due to insufficient permissions to the Temporary ASP.NET Files folder. The application uses (web.config) Forms authentication with Impersonate = True and IIS Windows Integrated Authentication. According to ASP.NET Identity Matrix, this means that the WindowsIdentity resolves to Domain\UserNam...
I have a Java web application running in JBOSS with Tomcat with two web applications (contexts) running on it. A button press on one of the applications opens runs a javascript command to open a new window with a page from the other. The problem I seem to be having is that this raises a security alert in IE. with the following message:...
Let's say I have a table of users set up like this: CREATE TABLE `users` ( `id` INTEGER PRIMARY KEY, `name` TEXT, `hashed_password` TEXT, `salt` TEXT ) When a user is created, a randomly-generated salt is produced and stored in the database alongside the results of something like get_hash(salt + plaintext_password). I...