tagged [security]
Restrict access to a specific controller by IP address in ASP.NET MVC Beta
Restrict access to a specific controller by IP address in ASP.NET MVC Beta I have an ASP.NET MVC project containing an AdminController class and giving me URls like these: > [http://example.com/admin/...
- Modified
- 20 Jun at 09:12
Auto update: Is this secure?
Auto update: Is this secure? ## Dot Net Auto Update I felt like .net was lacking a simple secure automatic update library so I've implemented something and put it up [here](http://code.google.com/p/do...
- Modified
- 20 Jun at 09:12
How can bcrypt have built-in salts?
How can bcrypt have built-in salts? Coda Hale's article ["How To Safely Store a Password"](http://codahale.com/how-to-safely-store-a-password/) claims that: > bcrypt has salts built-in to prevent rain...
How to securely save username/password (local)?
How to securely save username/password (local)? I'm making a Windows application, which you need to log into first. The account details consist of username and password, and they need to be saved loca...
Is this use of System.Security.Principal.WindowsIdentity reasonably secure?
Is this use of System.Security.Principal.WindowsIdentity reasonably secure? Is [System.Security.Principal.WindowsIdentity](https://msdn.microsoft.com/en-us/library/system.security.principal.windowside...
(ServiceStack) Location of business logic in a message based architecture
(ServiceStack) Location of business logic in a message based architecture What is the best practice for placing business logic in message based design? Im using servicestack for building my api. [The ...
- Modified
- 20 Jun at 09:12
Disable-web-security in Chrome 48+
Disable-web-security in Chrome 48+ I have a problem with the `--disable-web-security` flag. It is not working in Chrome 48 and Chrome 49 beta on Windows. I've tried killing all of the instances, reboo...
- Modified
- 26 Mar at 03:21
OAuth2 and Google API: access token expiration time?
OAuth2 and Google API: access token expiration time? We have a standalone Java application (see ["Installed application"](https://developers.google.com/identity/protocols/OAuth2#installed)) which runs...
- Modified
- 6 Mar at 15:53
What’s the purpose of the HTML "nonce" attribute for script and style elements?
What’s the purpose of the HTML "nonce" attribute for script and style elements? W3C says there is a new attribute in HTML5.1 called `nonce` for `style` and `script` that can be used by the Content Sec...
- Modified
- 5 Mar at 15:14
IDX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifier
IDX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifier What might the reason be that I get the exception below when trying to validate a token. ``` TokenValidationParameters va...
- Modified
- 20 Feb at 09:33
Why does Google prepend while(1); to their JSON responses?
Why does Google prepend while(1); to their JSON responses? Why does Google prepend `while(1);` to their (private) JSON responses? For example, here's a response while turning a calendar on and off in ...
- Modified
- 3 Jan at 22:3
What is token-based authentication?
What is token-based authentication? I want to understand what token-based authentication means. I searched the internet but couldn't find anything understandable.
- Modified
- 25 Nov at 15:20
Creating Headers (wsse) Section of WCF Client Programmatically in C#
Creating Headers (wsse) Section of WCF Client Programmatically in C# how do make a the following section of Service Settings of app.config in C# programmatically: ```
- Modified
- 16 Nov at 11:59
Convert Certificate and Private Key to .PFX programmatically in C#
Convert Certificate and Private Key to .PFX programmatically in C# I have a .cer file output from a successful LetsEncrypt certificate request. I have the original Private Key used to create the Certi...
- Modified
- 14 Nov at 03:45
How to fix Hibernate LazyInitializationException: failed to lazily initialize a collection of roles, could not initialize proxy - no Session
How to fix Hibernate LazyInitializationException: failed to lazily initialize a collection of roles, could not initialize proxy - no Session In the custom AuthenticationProvider from my spring project...
- Modified
- 8 Oct at 07:56
How to hash a password
How to hash a password I'd like to store the hash of a password on the phone, but I'm not sure how to do it. I can only seem to find encryption methods. How should the password be hashed properly?
- Modified
- 5 Oct at 15:16
Difference between Role and GrantedAuthority in Spring Security
Difference between Role and GrantedAuthority in Spring Security There are concepts and implementations in Spring Security, such as the `GrantedAuthority` interface to get an to authorize/control an ac...
- Modified
- 3 Oct at 07:15
How to get active user's UserDetails
How to get active user's UserDetails In my controllers, when I need the active (logged in) user, I am doing the following to get my `UserDetails` implementation: It works fine, but I would think Sprin...
- Modified
- 3 Oct at 05:58
How to deal with a slow SecureRandom generator?
How to deal with a slow SecureRandom generator? If you want a cryptographically strong random numbers in Java, you use `SecureRandom`. Unfortunately, `SecureRandom` can be very slow. If it uses `/dev/...
- Modified
- 1 Oct at 04:51
How can I implement ISerializable in .NET 4+ without violating inheritance security rules?
How can I implement ISerializable in .NET 4+ without violating inheritance security rules? Background: [Noda Time](https://nodatime.org) contains many serializable structs. While I dislike binary seri...
- Modified
- 10 Aug at 12:26
Failed to load ApplicationContext (with annotation)
Failed to load ApplicationContext (with annotation) This is my class for test. ``` @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(classes = AppConfig.class, loader = AnnotationConfigCon...
- Modified
- 1 Aug at 13:5
Store sensitive information inside keepass database from c#
Store sensitive information inside keepass database from c# I have a project where I have to handle sensitive data. How do I open a `keepass` database from C# to use the data? I have downloaded the so...
How can I sanitize user input with PHP?
How can I sanitize user input with PHP? Is there a catchall function somewhere that works well for sanitizing user input for SQL injection and XSS attacks, while still allowing certain types of HTML t...
- Modified
- 26 Jun at 18:34
Where does ServiceStack publish vulnerability information?
Where does ServiceStack publish vulnerability information? If a vulnerability were to be discovered for any versions 3/4/5 and a patch were to be released - where would ServiceStack publish vulnerabil...
- Modified
- 14 Jun at 12:28
SQL injection that gets around mysql_real_escape_string()
SQL injection that gets around mysql_real_escape_string() Is there an SQL injection possibility even when using `mysql_real_escape_string()` function? Consider this sample situation. SQL is constructe...
- Modified
- 4 Jun at 09:43