I want to make a secure website using ASP.NET, but when I publish it, the domain administrator can see all the data stored in my database (SQL Server). I want to hide my data and code from the domain administrator too. Are there any procedures to do that? Please give me the address of a good domain I can use, which will give me all admin...
1) What kinda projects do web dev's work on? 2) What languages should you know? (in order of learning first) 3) Whats the field like? How much money would you make versus just securing websites (web security only)? ...
Can anyone suggest some good resources, preferrably free, that I can read to thoroughly understand the basics of getting my web app secure? It is being written with a Rails back-end, and regular HTML, CSS, jQuery front-end. For instance, the proper security practices for handling users login. To storing info in the db, to anything else...
I am looking for an implementation similar to that of what is seen on banking sites. If a user comes to the site I want them to have to pass some form of registration IE (answer a question or enter in some key). If the user closes the browser and comes back to the site again from that machine they would just be able to provide login cr...
Hello everyone, I've been searching online for a secure way to load files in php but I couldn't find any convincing solution. What I'm trying to do is loading a curriculum vitae by form uploading. This file should be viewed only by the website admin (the form will mail him the link) and obviously the form should be secure (even thought t...
How can i find the original IP address of a spoofed IP address?Is there any tools to find out? ...
Please recommend. I'm an ASP.NET MVC developer so would like technology-specific and high level books and also links to resources would be warmly received. Thanks ...
In a web application, if the user forgets his password, its fairly common practice to send an email to the user with a temporary link or password that expires after a given amount of time. Most of the posts I read on SO suggested expiring the link after 24 to 72 hours, but it seems to me that it would really only be needed for about 10 ...
I just got an automated response email from a company that had someone elses registration info in it. The person that responded to the email expressing my concerns refuses to acknowledge that there is a problem. I've think i've heard you are legally required to hash certain sensitive information (credit card info for example) even if...
Hi, I have a page with two textareas, where registered users can fill them with HTML codes. First one has TinyMCE (so HTML is cleaned up), but the other one does not, since I expect the code to be inserted as embed codes from other sites (mostly sites that provide maps, e.g. Google Maps, MapMyRace.com, etc). But problem is that those ot...
Can .NET or one of it's many languages enforce the cleaning of untrusted data... or prevent accidental variable use in the wrong locations? One example of this is when a user POST's data and the "raw" response is used within a SQL transaction. This could cause anything from a client-side scripting vulnerability to the entire server bei...
We have an idea of creating a page which would display information about all currently loaded DLLs (name and version). Is there any risk in terms of security, i.e. can a malicious user compromise the site security knowning the dll name and version number? ...
I have an internal ASP.NET MVC 2.0 web application that employees can upload documents to. I am then copying these files to another server for processing. Currently the web application (IIS 7 .NET 4.0) is running under an application account we set up (i.e. WebApp => Basic Settings => Connect as..). This application account has read/writ...
We have recently implemented htmlpurifier in our web-based application. Earlier we used to have regexes to match commonly known XSS injections (script, img, etc. etc). We realized that this wasn't good enough and hence moved to htmlpurifier. Now given that htmlpurifier is slow in working (very slow compared to the regex method we had ear...
Ok guys, So I was watching inception yesterday and I had this idea. I dont know too much about network security or the internet really. So thats what you guys are for, tell me if this is secure or even possible.Its to send secure data over the web by the way. My Ideas takes the data needed to be send and encrypts it. The data is then sp...
how to minimize threat on website?can u list the way to minimize that problem? ...
I am currently doing a website in php, we are using a Session variable to store the permission level of each user. For example, if any one of you would go on the website, you would automatically get a session variable with a value of "member". What I am asking is: Is it possible for an attacker to go on the website and modify the value...
The website i worked was recently attempted to be hacked by the following SQL injection script boys' and 3=8 union select 1, concat(0x232425,ifnull(`table_name`,0x30),char(9),ifnull(`table_rows`,0x30), char(9),0x252423), 3,4,5,6,7,8,9 from `information_schema`.`tables` where table_schema=0x62646B3032 limit 44,1 -- And '8'='8 Thi...
What is the point of doing this? I want a reason why it's a good idea to send a person back to where they came from if the referrer is outside of the domain. I want to know why a handful of websites out there insist that this is good practice. It's easily exploitable, easily bypassed by anyone who's logging in with malicious intent, an...
I have an html page with a textfield for the user to put expressions like these: (x+23)*2 ((x-y)*(x+y)) x*2/z+y The user enters them and I use the 'eval' method to execute them. Before calling eval I make a check that there is nothing dodgy (like attempting to define a function or similar). It seems to me that I should be fine. But...