tagged [security]
Cannot use a leading ../ to exit above the top directory
Cannot use a leading ../ to exit above the top directory I have a asp.net web site with it we have admin area with login page for admin only and all site is allowed for all - i need to ask how to defi...
- Modified
- 18 Jul at 11:10
Network Security
Network Security I have been a .net developer for the past three yrs. Just curious to know about the network security field. What kind of work does the developers working in these area do? I really ha...
- Modified
- 13 Apr at 02:47
WCF Transport vs Message
WCF Transport vs Message i was reading about WCF security implementations and found out that there are 2 types of security: `Transport Mode and Message Mode (or both)` If i used HTTPS for Transport ...
- Modified
- 15 Apr at 06:50
How to deny reflection using ReflectionPermission
How to deny reflection using ReflectionPermission I am trying to add addons in my application, but I don't want the addon to use reflection at all, the addon code can be sandbox using Application Doma...
- Modified
- 5 Sep at 04:57
How to allow http content within an iframe on a https site
How to allow http content within an iframe on a https site I load some HTML into an iframe but when a file referenced is using http, not https, I get the following error: > [blocked] The page at {curr...
How to suppress "An application is requesting access to a protected item" popup
How to suppress "An application is requesting access to a protected item" popup I'm getting a pop-up when trying to use a certificate to decrypt data. I'm creating a self-signed certificate, and I'm u...
- Modified
- 15 Jan at 14:28
How to deal with a slow SecureRandom generator?
How to deal with a slow SecureRandom generator? If you want a cryptographically strong random numbers in Java, you use `SecureRandom`. Unfortunately, `SecureRandom` can be very slow. If it uses `/dev/...
- Modified
- 1 Oct at 04:51
How do you create the hash of a folder in C#?
How do you create the hash of a folder in C#? I need to create the hash for a folder that contains some files. I've already done this task for each of the files, but I'm searching for a way to create ...
How do I detect if a function is available during JNLP execution?
How do I detect if a function is available during JNLP execution? I have an application which should be installed, but does work fine when deployed using JNLP. However, it would seem that some Java fu...
- Modified
- 9 Sep at 09:43
Servicestack security over mvc on n-tier layer application
Servicestack security over mvc on n-tier layer application One of the biggest disadvantages of .net security is that the security annotations does not live outside of the mvc controller. `CustomerCont...
- Modified
- 2 Jul at 19:42
Removing the remembered login and password list in SQL Server Management Studio
Removing the remembered login and password list in SQL Server Management Studio I've recently used our company's spare laptop (that has a general user set up) while mine was being repaired. I've check...
- Modified
- 24 Oct at 07:5
Does using parameterized SqlCommand make my program immune to SQL injection?
Does using parameterized SqlCommand make my program immune to SQL injection? I'm aware that [SQL injection is rather dangerous](http://xkcd.com/327/). Now in my C# code I compose parameterized queries...
- Modified
- 24 Aug at 11:59
Why is JsonRequestBehavior needed?
Why is JsonRequestBehavior needed? Why is `Json Request Behavior` needed? If I want to restrict the `HttpGet` requests to my action I can decorate the action with the `[HttpPost]` attribute Example: W...
- Modified
- 16 Mar at 20:58
Best way to store encryption keys in .NET C#
Best way to store encryption keys in .NET C# In our application we have a lot of sensitive configuration settings, which we are storing in a xml file which is again encrypted. This secure file has to ...
- Modified
- 11 Feb at 09:17
How to disable 'X-Frame-Options' response header in Spring Security?
How to disable 'X-Frame-Options' response header in Spring Security? I have CKeditor on my jsp and whenever I upload something, the following error pops out: I have tried removing Spring Security and ...
- Modified
- 5 Nov at 11:41
Config your IIS server to use the "Content-Security-Policy" header
Config your IIS server to use the "Content-Security-Policy" header I need to add custom headers in IIS for "Content-Security-Policy", "X-Content-Type-Options" and "X-XSS-Protection". I get the procedu...
Is there a reason why software developers aren't externalizing authorization?
Is there a reason why software developers aren't externalizing authorization? The value proposition of externalizing identity is starting to increase where many sites now accept OpenID, CardSpace or f...
How to use NSURLConnection to connect with SSL for an untrusted cert?
How to use NSURLConnection to connect with SSL for an untrusted cert? I have the following simple code to connect to a SSL webpage Except it gives an error if the cert is a self signed one `Error Doma...
- Modified
- 12 Sep at 15:53
How to forbid calling a method C#
How to forbid calling a method C# I want to allow calling the method only from the particular methods. Take a look at the code below. I need only AllowedMethod could call TargetMethod. How to do it us...
- Modified
- 23 Apr at 07:16
How to apply Windows group policy using .NET?
How to apply Windows group policy using .NET? Is it possible to apply (and remove) Windows group policy settings using .NET? I am working on an application that needs to put a machine into a restricte...
- Modified
- 18 Feb at 18:4
How do I deny access to a specific URL in my rails app?
How do I deny access to a specific URL in my rails app? I have a rails app that has a private component and a public component. www.hostname.com/ is private and should only be accessed from inside ou...
- Modified
- 13 Apr at 16:57
How to create and add users to a group in Jenkins for authentication?
How to create and add users to a group in Jenkins for authentication? I choose to use "Jenkins's own user database" security realm for user login as I couldn't use LDAP in my company. And Google's Ope...
Securing ServiceStack Services
Securing ServiceStack Services So I have read through the extensive documentation [here](https://github.com/ServiceStack/ServiceStack/wiki/Authentication-and-authorization) about Authentication and Au...
- Modified
- 5 Oct at 17:38
When you use 'badidea' or 'thisisunsafe' to bypass a Chrome certificate/HSTS error, does it only apply for the current site?
When you use 'badidea' or 'thisisunsafe' to bypass a Chrome certificate/HSTS error, does it only apply for the current site? Sometimes and especially very often when developing a web-application Chrom...
- Modified
- 23 Jan at 13:37
What is the best way to implement "remember me" for a website?
What is the best way to implement "remember me" for a website? I want my website to have a checkbox that users can click so that they will not have to log in each time they visit my website. I know I ...
- Modified
- 16 Aug at 12:20