I have a window containing an iframe, containing an iframe, like so: +---------------+ | Top | | +-----------+ | | | Middle | | | | +-------+ | | | | | Inner | | | | | +-------+ | | | +-----------+ | +---------------+ Top and Middle are on the same domain, but Inner is on a different domain. I need Inner to communicate w...
I have a website that requires a user to authenticate themselves with a user name and password. I would like to use SSL, but I don't have an SSL certificate. But I do something else that I think is okay. My site is primarily AJAX based and requires JavaScript, otherwise nothing will work. When the user tries to login, I query the data...
I'm building an intranet ASP.net web application that unfortunately cannot use the built-in membership features because all the users and logins are stored on the company database. It will use Windows authentication and match against this. I'm planning to have my own "users" table in a separate database that will handle access privileg...
Hi, I want to upload a file to a website via a desktop app and then take the user to the website. The website has a web service, but requires authentication as does the web site. Is there a way to do this without forcing the user to authenticate twice (once in the desktop app and once in the web browser)? Unfortunately, you can't prefi...
my site is hosted in lunarpage and it geting hacked in from few month. i have done all things some of site saying (changing password like). finally 2 weeks ago i have blocked all ranges of Chinese ips. but today it again hacked. is there is any way to prevent Iframe hack? ...
I want to block access of my site from one particular IP address, how can i do that.? using htaccess or ? ...
Lets say I have "admin" folder in my public_html and I don't want anyone except me to be able to access it. What if instead of password protecting it (using apache htaccess) I just rename it to "admin-7815696ecbf1c96e6894b779456d330e" and leave it open (with disabled folder indexes of course)? People usually freak out from such "soluti...
What does verifyClient in <cffunction> actually do that makes it secure? secure from what? Doc said: A Boolean value that specifies whether to require remote function calls to include an encrypted security token. For use with ColdFusion AJAX applications only. encrypted security token? who generates that? Client-side by ...
We have had a external company produce security risk report on our web app and they stated that allowing cacheable HTTPS responses is a 'moderate' security risk. Would people agree with this assessment? ...
The company that I work for is wanting to provide a means of allowing our client to provide links to our site for the purposes of allowing their own clients to schedule a payment to them through us. We want the solution to be as seemless and easy to use as possible. Our clients are not likely to have the ability to do any sort of progr...
in my application i am open a word document and work on document events. like Documentbeforeprint,documentbeforesave .. etc. All are working fine in devolopment server(prot :1926...) . but i am run my web application in ISS word document is open but in documentbeforeprint event handler Word.document Doc throws an error. error is: Funct...
I am trying to read get parameters in such a way that will not open up potential security issues. What I was thinking was matching the request parameter explicitly to what I expect and then setting a default for anything that doesn't match. For example: if ($_REQUEST['media'] == "video") $sort = "video"; elseif ($_REQUEST['media']...
I'm tying to send POST data from one site to another (both sites have been developed by us). The problem is that the POST variables are not available if the page is requested from another domain. Even if I test it locally, but specify the complete url, the POST data is gone. So, this will work: <form method="POST" action="test.php"> ...
Quite simply, what is the criteria a website must meet for it to need SSL certificate? Website is not ecommerce but will take user information, contact details and event information. Even if not technically required does SSL just provide users with added 'trust' in the site? Cheers ...
The vulnerability is documented here. The patch is supposedly a 1-line replace as documented here in line 190 of branches/2.8/wp-login.php - the new patch should look this (check line 118) - my question is - is this patch enough? If not, any suggestions? ...
I searched online a bit and couldn't find anything that really nailed the spot or covered the bases how to go about setting up users/roles on a database. Basically, there would be a user that would be used to access the database from the application (web application in this case) that will need access to database for the regular databas...
Reason: We have a new client that wishes for the database containing all their info to be stored on their own personal database server. However the web server will be located at another location. Question How can you secure the data from the time it is inputed until the time an external database saves it? Through some reading it seems...
I'm working on a user authentication thing for a web site. Having read the book Innocent Code, I have followed its advice for storing passwords as hash(username+password+salt). The theory being that hashing the password alone is not secure (subject to dictionary/rainbow table attacks, and potentially not a unique hash on any given site ...
I have a GoogleAppEngine application that is required to connect to another localhost server, but when I'm trying to do this from the server code, I get: java.security.AccessControlException: access denied (java.net.SocketPermission localhost resolve) I know that I can specify my additional security grant by using java virtual machine ...
I have a website where users are going to submit files (pdf, doc, xls). What do I need to do to ensure that the files are secured during submission? What type of security I need to put on my server to ensure that the files are going to be secure/hacker proof? What's the technique that you recommend to re-set passwords to allow the user...