web-security

Securing Plugin Data in WordPress From Access by Other Plugins?

There probably is some solution to this, whether it involves code running on just the wordpress installation or a combination of a wordpress installation and a master server I am not sure yet, but please remember not to have tunnel vision and consider any and all possible solutions: The scenario is this: A WordPress plugin (plugin-A) th...

Is it possible to get a list of running processes using an applet?

Hello, I'd like to get the list of running processes using a java applet running in a browser. My understanding is that, as long as the applet is signed, it will be able to get this information. Is this accurate? Is this possible with an unsigned applet? Finally, are there any FOS applets available that I could take a look at? Than...

ActiveX control not accessing filesystem when page is generated programmatically

We are working on using a 3rd party's ActiveX control within a web page. Our page includes JavaScript to access and manipulate the control. Part of the control's functionality requires it to access files on the local filesystem. If we generate the page programmatically, this functionality fails - the ActiveX control appears unable to ...

asp.net mvc, IIS 6 vs IIS7.5, and integrated windows authentication causing javascript errors?

This is a very strange one. I have an asp.net MVC 1 app. Under IIS6, with no anon access - only integrated windows auth - every thing works fine. I have the following on most of my Foo pages: <% using (Html.BeginForm()) { %> Show All: <%= Html.CheckBox("showAll", new { onClick = "$(this).parent('form:first').submit();" })%...

Should I be concerned with infected zip files?

I'm writing a ASP.NET application to process user submitted zip files and limiting my extraction of files from it to only the extensions I want. I've heard of infected zip files attached to emails and I was wondering if I should be concerned about extracting data from infected zip files in my application. I don't plan on executing the ...

best way to switch between secure and unsecure connection without bugging the user

The problem I am trying to tackle is simple. I have two pages - the first is a registration page, I take in a few fields from the user, once they submit it takes them to another page that processes the data, stores it to a database, and if successful, gives a confirmation message. Here is my issue - the data from the user is sensitive ...

CSharpCodeProvider - Is it abusable?

Apologies for the shortness of the question, however I don't think it needs much elaboration. Any there any security implications caused by using the CSharpCodeProvider and could it open a server up for attack? ...

PHP OpenID doesn't work with Google/Yahoo and 'hacks' fix it... are they safe?

I've been experimenting with OpenID, and have set up a sample web page to access using my OpenID account. I'm using the Php OpenID Library by Janrain and it wasn't working with my Google Account. A little research led me to this question, which suggests the problem is that Google uses https and... ... it's likely the setup for making...

Form Bot Countermeasure Testing

I am a web developer for a web site that is occassionally plagued by form bots. Recently I received an error notification of a problem with the form submission that should be impossible for a human user. You cannot submit the form without JavaScript enabled but the server side script received a form field value that the JavaScript valida...

auth-constraint element in web.xml

Let's say I have 3 sercurity-constrant elements defined in web.xml, everyone pointing to same url-pattern. And I have these 3 auth-constraint element separately defined in each of them: <security-constraint> ... <auth-constraint>Role1</auth-constraint> </security-constraint> <security-constraint> ... <auth-constraint>Role2</auth...

mysqli_stmt_bind_param SQL Injection

Is there still an injection risk when using prepared statements and mysqli_stmt_bind_param? For example: $malicious_input = 'bob"; drop table users'; mysqli_stmt_bind_param($stmt, 's', $malicious_input); Behind the scenes does mysqli_stmt_bind_param pass this query string to mysql: SET @username = "bob"; drop table users"; Or do...

Will my site be secure?

Hello all! I'm just about to release a website I've designed into the wild, but before I do, I would love some help determining whether I have made any silly security mistakes. Since I'm using shared hosting rather than dedicated, this is a very important concern. After much research and tutorial-reading I've done the following: All P...

Preventing man in the middle attack while using https

Hi, I am writing a little app similar to omegle. I have a http server written in Java and a client which is a html document. The main way of communication is by http requests (long polling). I've implemented some sort of security by using the https protocol and I have a securityid for every client that connects to the server. When the ...

Reliable method to block spammers in Rails App?

I'm receiving many failed login requests from spammers/bots that are trying to brute-force the credentials, also I'm receiving many requests to pages like /forum/index.php. I wrote a script to parse the IP's of those attackers from production.log: #!/bin/bash # Failed Logins grep "Failed " ~/app/log/production.log | egrep -o -e "[0-9]...

How to prevent HTTPS man-in-middle attack from the server side?

In the HTTPS security model, the weakest part is the list of trusted CA in the browser. There are many ways that someone could inject addition CA to the list that users will trust the wrong guy. For example, a public computer, or PC in your company. The administrator could force you to trust a CA issued by himself, it could be very inse...

Login requiring only specific characters

A good security practice is never to maintain a database of login passwords for your system but instead to maintain a database of hashes of passwords (using some suitable hash function) and at login compare the hash of the password provided with the information stored in the database. However, I am increasingly seeing examples of logins...

Web Security in a Rich Client

Hi I'm currently building an web application for a customer that uses a rich client. (Flex) In this application, a user has a password, as well as a couple of other key attributes that are used throughout the system for identification purposes. (Eg., things like mothers maiden name). A user logs on with their password initially. Th...

Minimum requirements for escaping HTML output

What are the characters that are required and suffice when escaping user-generated content before output? (in other words: what are the characters web developers should escape when outputting text that previously came from an untrusted, anonymous source?) ...

CSRF vulnerability / cookies question

Just want to get input from people who know. I was considering CSRF vulnerabilities, and the seemingly the most popular method I know to fight against it. That method is to create a token in the returned html and adding a cookie with the same value. So if a script tries to do a post they would have to guess the token thats embedded in th...

Forms based authentication

If I wanted to make sure that AUTHENTICATED users were denied access to Enroll.aspx and UNAUTHENTICATED users had access how should my "allow/deny users" tags be set in the web.config? <location path="Enroll.aspx"> <system.web> <authorization> <allow users = "?" /> <deny users = "?" /> </authorization> ...