if my webserver just serves static pages and my html pages allow users to run any javascript. Can a 'bad' user do any damage to me ? p.s. There are lots of talk about watching out about XSS and what I am doing is even worse. I am letting the user to inject his/her javascript. what I don't get is what damage can they do ? Thanks ...
Hi there guys. Today I came up with a question about the web application conventions. For the sake of security, if we store passwords of our users, most probably we are encrypting it (with MD5, SHA-1 etc.) and storing digested-hash in order to make them difficult or impossible to reverse. Today there are many Rainbow Tables that are lo...
In the video below, at time marker 21:40, the Microsoft PDC presenter says it's important that all JSON be wrapped so it's not a top level array: http://www.microsoftpdc.com/2009/FT12 What is the risk of an unwrapped top level array? How should I check and see if I'm vulnerable? I purchase many components from 3rd parties and have ex...
Hi! I've been trying to figure out why I can't add a website record to my domain on WebsitePanel. The server is running `Win Server '08 R2 with IIS7.5 EDIT 1: Having tried going over this since before the OP date, I've downloaded the source for WebsitePanel and I've determined that the group that it can't find is in fact IIS_IUSRS. An...
Apparently I'm able to net use * http://servername.com and this concept is completely new to me. Does this mean I'm using WebDAV? What are the security implications? How can I read/write files in this manner? Why doesn't it work for every website? Is it possible to write files using this method? ...
I am starting to build a SaaS line of business application in ASP.NET MVC2 but before I start I want to establish good architecture foundation. I am going towards a shared database and shared schema approach because the data architecture and business logic will be quite simple and efficiency along with cost effectiveness are key issues....
According to old AntiXss article on MSDN AntiXss.UrlEncode is used to encode link href (Untrusted-input in the following example): <a href="http://search.msn.com/results.aspx?q=[Untrusted-input]">Click Here!</a> My understanding was, that UrlEncode should be used only when setting something to URL, like when setting document.locati...
There is an integration with an API for conducting live online classes. The API wanted us to post a form to their site along with a parameter called customer_token as an input field. It is used for authentication by the API and every customer site is assigned one token. The customer token is actually some hashed value of the domain name...
hi, I'm wondering if I have a web service like this: Login(username, password) or a page like login.aspx?u=username&p=pass If they were called from a desktop app, which would be more secure. From what i've read a sniffer can read the request and figure out the url. I AM hashing the passwords before putting them in the request, bu...
I'm using the IIS 7 rewrite module to redirect a page to use https if http is detected. Is it possible that the rewrite module can be bypassed? Would be overkill to also put in an https check in the page_load code as well? ...
I need to secure a Solr/Tomcat instance running on Windows 2008. All read/write clients are within the LAN, so I have followed the Tomcat instructions here and the Solr instructions here. I am unsure that is enough, could you offer me any additional suggestions? or share how you go about securing Solr/Tomcat+Windows. I also would appr...
I want to provide a url to an requested user through email for a download request. The url is valid for a minutes, when user tries to access that url after a minutes the web app should redirect him to another page. what is the best logic to go about!!.kindly let me know your views. ...
Is there a way of detecting if a Controller is getting posted to directly, or the action is a result of a previous form being posted? ...
Hi, I am using the get method to perform some operation like, approve, markasspam, delete, for commenting system. i know it is highly insecure to go this way but i cannot help it out. because the reason for using $_GET method is to perform the operation within the page itself using PHP_SELF, and FYI i am using the post method using chec...
I have a ASP.NET MVC site with a private site administration application secured with ASP.NET sql-backed authorization. I need to add a login for the public site to allow visitors to sign up for an account. I am thinking I should create totally seperate storage for the public site, rather than extend the existing user db and rely on rol...
Hi there, this question had been evolving in my mind, how do i totally stop the users from entering some crazy SQL injections. isn't mysql_real_escape_string powerful enough to stop it? i followed some guidelines though there were some users in here who criticized my code and gave me thumbs down for the security. i was unable to underst...
Many lost password workflows usually result in a page which is reached by a temporary link emailed to the user. This link then takes them to a page that asks for a new password. Upon entering the new password should a user be forced to logon manually, or should the password reset page authenticate the user automatically which would redu...
I'm fetching data from different RSS / ATOM feeds and sometimes the HTML data I receive contains HTML tags but they dont have close tags or some other issues and it screws up the page layout / styling. Somethings there is class name / id clash. Is there any way to sanitize it? If anybody can point me to some reliable Javascript / Java ...
Recently I posted a question about whether it was a good idea to use seperate databases for administration and public logins in an ASP.NET SQL authorization database to prevent compromises to the public site from spilling over into the admin side. I think I was really asking a bigger question though--when securing an application, should...
Hi guys, I've just read on the net about a newly discovered security vulnerability in ASP.NET. You can read the details here. The problem lies in the way that ASP.NET implements the AES encryption algorithm to protect the integrity of the cookies these applications generate to store information during user sessions. This...