tagged [security]
iOS9 getting error “an SSL error has occurred and a secure connection to the server cannot be made”
iOS9 getting error “an SSL error has occurred and a secure connection to the server cannot be made” Since I upgraded my existing project with iOS 9, I keep getting the error : > An SSL error has occur...
- Modified
- 9 Feb at 01:35
How to remove ASP.Net MVC Default HTTP Headers?
How to remove ASP.Net MVC Default HTTP Headers? Each page in an MVC application I'm working with sets these HTTP headers in responses: How do I prevent these from showing?
- Modified
- 25 May at 21:47
Best Practice ASP.NET Membership: User tables in the same datastore?
Best Practice ASP.NET Membership: User tables in the same datastore? Is it better to extend my business database with the tables of the ASP.NET Membership Security model. Or should I have a different ...
- Modified
- 16 Feb at 13:53
How do I make the manifest of a .net assembly private?
How do I make the manifest of a .net assembly private? What should I do if I want to release a .net assembly but wish to keep its internals detailed in the manifest private (from a utility such as [il...
- Modified
- 8 Aug at 17:1
How do you configure HttpOnly cookies in tomcat / java webapps?
How do you configure HttpOnly cookies in tomcat / java webapps? After reading Jeff's blog post on [Protecting Your Cookies: HttpOnly](http://www.codinghorror.com/blog/archives/001167.html). I'd like t...
When would you use SSL for a website?
When would you use SSL for a website? Quite simply, what is the criteria a website must meet for it to need SSL certificate? Website is not ecommerce but will take user information, contact details an...
C#.NET: Acquire administrator rights?
C#.NET: Acquire administrator rights? Is it possible in a C#.NET application to request administrative rights on a Windows 7 PC? I want to be able to deploy the application via Click Once and have use...
- Modified
- 27 Aug at 11:0
How to create a password reset link?
How to create a password reset link? Which way would you suggest to create a password reset link in `MVC` and `C#`? I mean, I'll create a , right? How do I encode it before to sending to user? Is good...
- Modified
- 25 Sep at 00:5
How to prevent Iframe hack
How to prevent Iframe hack my site is hosted in lunarpage and it geting hacked in from few month. i have done all things some of site saying (changing password like). finally 2 weeks ago i have blocke...
Who should own the private key used to sign a .NET assembly when its project is open-source?
Who should own the private key used to sign a .NET assembly when its project is open-source? More specifically, a class library assembly. My initial thoughts: - - - Sure, you could just not sign the a...
- Modified
- 7 Jan at 15:51
How to securely save username/password (local)?
How to securely save username/password (local)? I'm making a Windows application, which you need to log into first. The account details consist of username and password, and they need to be saved loca...
How can I rename default session cookie names in servicestack
How can I rename default session cookie names in servicestack ServiceStack has the default cookie names "ss-id" "ss-pid" and "ss-opt" defined in SessionFeature.cs Is there a way to change the default ...
- Modified
- 21 Oct at 13:49
How to obtain the location of cacerts of the default java installation?
How to obtain the location of cacerts of the default java installation? I am looking on how how to obtain the location of `cacerts` of the default java installation, when you do not have `JAVA_HOME` o...
Encrypt password in configuration files
Encrypt password in configuration files I have a program that reads server information from a configuration file and would like to encrypt the password in that configuration that can be read by my pro...
- Modified
- 26 Jan at 23:44
Why is char[] preferred over String for passwords?
Why is char[] preferred over String for passwords? In Swing, the password field has a `getPassword()` (returns `char[]`) method instead of the usual `getText()` (returns `String`) method. Similarly, I...
Passing credentials to service stack rest api through angularJs and $http.get
Passing credentials to service stack rest api through angularJs and $http.get I have a service stack web service with the CorsFeature enabled. I am calling a service through AngularJS's $http.get meth...
- Modified
- 18 Oct at 06:47
How are ssl certificates verified?
How are ssl certificates verified? What is the series of steps needed to securely verify a ssl certificate? My (very limited) understanding is that when you visit an https site, the server sends a cer...
- Modified
- 16 Oct at 20:6
Is it ever ok to store password in plain text in a php variable or php constant?
Is it ever ok to store password in plain text in a php variable or php constant? As per question, is it safe to store passwords on php pages such as If the users can't see it, it's safe, right? EDIT: ...
How do you implement authentication in servicestack.net
How do you implement authentication in servicestack.net I'm investigating servicestack.net - but it's examples and articles don't seem to cover authentication - is this something handled by servicesta...
- Modified
- 6 Jun at 19:45
What’s the purpose of the HTML "nonce" attribute for script and style elements?
What’s the purpose of the HTML "nonce" attribute for script and style elements? W3C says there is a new attribute in HTML5.1 called `nonce` for `style` and `script` that can be used by the Content Sec...
- Modified
- 5 Mar at 15:14
How does the SQL injection from the "Bobby Tables" XKCD comic work?
How does the SQL injection from the "Bobby Tables" XKCD comic work? Just looking at:  [https://xkcd.com/327/](https://xkcd.com/327/) What does this SQ...
- Modified
- 21 Mar at 21:26
Docker and securing passwords
Docker and securing passwords I've been experimenting with Docker recently on building some services to play around with and one thing that keeps nagging me has been putting passwords in a Dockerfile....
What are all the user accounts for IIS/ASP.NET and how do they differ?
What are all the user accounts for IIS/ASP.NET and how do they differ? Under Windows Server 2008 with ASP.NET 4.0 installed there is a whole slew of related user accounts, and I can't understand which...
- Modified
- 20 Apr at 12:38
Hiding a password in a python script (insecure obfuscation only)
Hiding a password in a python script (insecure obfuscation only) I have got a python script which is creating an ODBC connection. The ODBC connection is generated with a connection string. In this con...
Why should I care about hashing passwords anyway?
Why should I care about hashing passwords anyway? If a hacker has access to the hashes in my DB, he has access to the rest of the information in the DB anyways. So why would he bother trying to decryp...
- Modified
- 13 Nov at 17:30
ServiceStack XML Bomb and External Entity Attacks
ServiceStack XML Bomb and External Entity Attacks I read an older article (circa 2009) on MS' site regarding [XML Denial of Service Attacks and Defenses](http://msdn.microsoft.com/en-us/magazine/ee335...
- Modified
- 4 Jun at 13:28
ASP.NET MVC Authorize user with many roles
ASP.NET MVC Authorize user with many roles I need to authorize a Controller in my ASP.NET MVC application to users which have two roles. I am using Authorize attribute like this: > [Authorize(Roles = ...
- Modified
- 14 Jul at 14:15
Transport security has blocked a cleartext HTTP
Transport security has blocked a cleartext HTTP What setting do I need to put in my `info.plist` to enable HTTP mode as per the following error message? > Transport security has blocked a cleartext HT...
- Modified
- 6 Jun at 04:10
How to secure database passwords in PHP?
How to secure database passwords in PHP? When a PHP application makes a database connection it of course generally needs to pass a login and password. If I'm using a single, minimum-permission login f...
How do I use SecureString securely?
How do I use SecureString securely? All of the examples I have seen end up converting a SecureString back to a standard string before using it, defeating the object. What's a good way of using a secur...
Any coding security issues specific to C#?
Any coding security issues specific to C#? In C++ world there is a variety of ways to make an exploitable vulnerability: buffer overflow, unsafe sting handling, various arithmetic tricks, printf issue...
Check if a file exists locally using JavaScript only
Check if a file exists locally using JavaScript only I want to check if a file exists locally, where the HTML file is located. It has to be JavaScript. JavaScript will never be disabled. jQuery is not...
- Modified
- 30 Oct at 18:4
Keystore type: which one to use?
Keystore type: which one to use? By looking at the file `java.security` of my `JRE`, I see that the keystore type to use by default is set to `JKS`. [Here](http://docs.oracle.com/javase/6/docs/technot...
What to use Windows CardSpace for?
What to use Windows CardSpace for? I'm doing some funky authentication work (and yes, I know, open-id is awesome, but then again my open-id doesn't work right at this moment!). Stumbling across Window...
- Modified
- 21 May at 10:6
Insecure deserialization using Json.NET
Insecure deserialization using Json.NET A static security scanner has flagged my C# code on this line: `response` will contain a JSON response from a web API. The scanner has flagged this as "insecure...
Does the Log4j security violation vulnerability affect log4net?
Does the Log4j security violation vulnerability affect log4net? I have recently read about the [zero-day](https://en.wikipedia.org/wiki/Zero-day_(computing)) issue in Log4J. I work with a few applicat...
In .NET/C# test if process has administrative privileges
In .NET/C# test if process has administrative privileges Is there a canonical way to test to see if the process has administrative privileges on a machine? I'm going to be starting a long running pro...
What's the minimal set of characters I need to filter before passing a string to a system call?
What's the minimal set of characters I need to filter before passing a string to a system call? Assume that the following Perl code is given: ``` my $user_supplied_string = &retrieved_from_untrusted_u...
Sanitizing SQL data
Sanitizing SQL data Google turns up all sorts of discussions on sanitizing queries for web access but I'm not finding anything addressing what I'm concerned with: Sanitizing user input data in a c# pr...
Add "Everyone" privilege to folder using C#.NET
Add "Everyone" privilege to folder using C#.NET I have used the code below to allow Everyone access to a folder: ``` System.Security.AccessControl.DirectorySecurity sec = System.IO.Directory.GetAcce...
- Modified
- 30 Jun at 15:55
Authorization Asp.net web.config
Authorization Asp.net web.config I have an application that has a backoffice. This backoffice was isolated with the use of roles like this: But now we have another type of role that needs access. T
- Modified
- 13 Mar at 12:46
MSTEST PrincipalPermission
MSTEST PrincipalPermission How do you unit test code decorated with the PrincipalPermission attribute? For example, this works: ``` class Program { static void Main(string[] args) { AppDomain...
- Modified
- 9 Jul at 20:21
Accessing Active Directory from ASP.Net MVC using C#
Accessing Active Directory from ASP.Net MVC using C# I need to access Active Directory to get information about groups that customers belong to. The project I have is an ASP.Net MVC application using ...
- Modified
- 2 Jun at 12:14
Remove Server Response Header IIS7
Remove Server Response Header IIS7 Is there any way to remove "Server" response header from IIS7? There are some articles showing that using HttpModules we can achieve the same thing. This will be hel...
Does SecTrustEvaluate() look for root certificates in the application keychain?
Does SecTrustEvaluate() look for root certificates in the application keychain? The docs say: “If not all the certificates needed to verify the leaf certificate are included in the trust management ob...
JWT authentication for ASP.NET Web API
JWT authentication for ASP.NET Web API I'm trying to support JWT bearer token (JSON Web Token) in my web API application and I'm getting lost. I see support for .NET Core and for OWIN applications. I'...
- Modified
- 29 Jan at 09:57
How to solve "Kernel panic - not syncing - Attempted to kill init" -- without erasing any user data
How to solve "Kernel panic - not syncing - Attempted to kill init" -- without erasing any user data I was trying to update libc in our Ubuntu server but it failed and now when I reboot the server I ge...
- Modified
- 8 Jul at 08:39