Problem Using X509 certificate for security
Hi,I tried working on WCF. I am able to find out many things in WCF.I am trying to implement X509 Certificate concept with my code.While downloading through samples from the link: http://www.microsoft.com/downloads/details.aspx?FamilyID=2611A6FF-FD2D-4F5B-A672-C002F1C09CCD&displaylang=en,I am trying to use this Example: "WCF_WF_CardSpace_Samples\WCF\Extensibility\Security\X509CertificateValidator\CS"I am getting some error. The error description is:"The certificate 'CN=' must have a private key. The process must have access rights for the private key"I have gi...How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I
have learned how to protect my PC from the inside out. But what about
security risks to my info 'before' it gets to my computer? Like my mail
box on the server. Could someone hack into that and thumb through my
If so, how would I ever know?
(The short story)
We have a rogue employee at my work who one day decided to run the web
site, she got in tight with the ISP, got tools to set and delete
passwords on a protected directory on the server. Who knows if she has
telnet access to other things, li...security too secure
Summary: security too secure
The security thing won't let me in this sight no matter how I accept,
confirm, get certificate, etc.
Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4
From URL: http://hendrix.mozilla.org/
Note to readers: Hendrix gives no expectation of a response to this feedback
but if you wish to provide one you must BCC (not CC) the sender for them to
...when is secure, secure?
I wrote a custom authentication handler for PureFTPD, using a combination of
authentication methods, for about 4 different types of users.
So far, from testing it, it does look to work properly, and does it's job
pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and
use warnings, and the code returns no errors or warnings when run.
I am right to presume that this basically only really tells me the my syntax
and structure of the application is right? What's a good way to see whether
it is actually SECURE... There is a couple of lines of...When loading gmail must always "reload" once unless using the secure loading site. When using the secure loading site loading takes four times as long. So I don't use the secure loading site, I just
Name: Dwight Metcalfe
Summary: When loading gmail must always "reload" once unless using the secure loading site. When using the secure loading site loading takes four times as long. So I don't use the secure loading site, I just "reload" the other site once automatically just to save time. Hmmmmmmmm.
Only been doing that about a month.
Browser Details: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:188.8.131.52) Gecko/2008092417 Firefox/3.0.3
From URL: http://hendrix.mozilla.org/
Note to reade...How to implement WSE 3.0 SOAP Security Header for Webservice call using .NET Engine
I am using PB 11.5 and trying to call webserice using .Net engine. My
problem is webservice I am calling requires me to populate soap header as
per WSE 3.0. my WSDL doesn't contain any reference to soap header as a
result of this I am not able to populate user ID, password, Token .etc.
I need to populate security header like below.
<wsse:Username>your_id</wsse:U...Anybody using F-Secure Client Security?
Is anybody else using F-Secure Client Security AND Novell
If so, we've isolated a problem where Client Security 7.0.1 causes a
BSOD & reboot when clntrust tries to initially authenticate to the
proxy server. If you're already authenticated to the proxy server,
everything works fine. If you unload clntrust and authenticate
manually, everything works fine. The BSOD only occurs during the
initial connection. It only affects about 10% of our users, but with
that 10% it's *VERY* consistent. So far, the only fix we've come up
with is to back-rev...(IN)SECURE Magazine from Net-Security (PDF download)
A little more light reading :-)
Latest issue, #13:
(86 pages, with ads [not animated ads] - like a printed magazine)
Archives of past issues:
ISSUE 13 (September 2007)
* Interview with Janne Uusilehto, Head of Nokia Product Security
* Social engineering social networking services: a LinkedIn example
* The case for automated log management in meeting HIPAA compliance
* Risk decision making: whose call is it?
* Interview with Zulfikar Ramzan, Senior Principal Re...Security Risks of using built-in security controls?
Hi,Our IT team have a policy whereby a database Server is not allowed on any of our web servers, for security reasons. With the onset of the in-built security controls, the SQL server is automatically created and placed in the App_Data folder which resides on the web site.Could anybody point me to literature that would inform us whether having the SQL server on the web site will compromise the security of our web server, together with any ads or disadvantages of using this system.Also, if SQL server is not allowed on the Web server, is it possible to use&...Securing menu items using PFC Security Service
I am trying to secure menuitems in a PFC based app (PB702) using the PFC
Security Service. I have a master menu in my app called m_pims_master inherited
from m_master in the PFE layer. All other menus, which are associated to windows
in the app, are inherited from m_pims_master. When I scan the app using the
scanner, which is a standalone EXE (no PBDs), I do not see any of the menuitems
that I added to the m_pims_master showing up in the template list as menuitem
objects on windows that have the descendant menus of m_pims_master associated to
them. Shouldn't these menuitems be liste...How secure is AuthenticationTypes.Secure?
I understand that AuthenticationTypes.Secure requests secure authentication using Kerberos or NTLM (??). However, here is a scenario I am trying to understand. Let us say that I am having a regular ASP.NET site - with SSL certificates not installed on the web server. The login sends the request out to an AD server which also does not have certificates installed. However, I have set Secure flag to AuthenticationTypes.Secure. When the username and password data gets transmitted between the application and the LDAP server, how secure are the password and username info? In other words is this in...Intranet Help: Using AD Security for Security Settings
I have an intranet that I plan on upgrading to .NET portal functionalist. First, I am using this sdk as a way of learning.
My question is: how can i authenticate users using AD domain security for a portal? Furthermore, how can i tie their AD login back to as existing database that contains employee information. (It currently does this in old ASP)...Using WebService Security in PB10!?
Is it possible to use WS-Security in PB10? The service I need to access
requires the use of WS-Security, i.e. use of digital signatures and digital
certificates in order to verify the sender an to ensure data integrity.
If PB10 does not natively support WS-Security, is it still possible to
implement this using third party components or tools?
That's coming in 10.5, due for release in less than 2 weeks.
On 3 Mar 2006 01:03:44 -0800, "Nutshell" <firstname.lastname@example.org> wrote:
>Is it possible to use WS-Security i...form security against security
i have a form in my website which is to be filled by user and that form stores in database(sql server 2005).
but someone told me that anyone can run script in textboxes in that form and can damage database,
so how to avoid such security lack.
it is common practice to use parameterized sql statements or stored procs to insure you are protected from sql injections attacks.
if you concatenate user input directly into a sql statement, then you are at risk.Mike Banavige~~~~~~~~~~~~Need a site code sample in a different language? Try converting it with: http://converte...