when is secure, secure?
I wrote a custom authentication handler for PureFTPD, using a combination of
authentication methods, for about 4 different types of users.
So far, from testing it, it does look to work properly, and does it's job
pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and
use warnings, and the code returns no errors or warnings when run.
I am right to presume that this basically only really tells me the my syntax
and structure of the application is right? What's a good way to see whether
it is actually SECURE... There is a couple of lines of...security too secure
Summary: security too secure
The security thing won't let me in this sight no matter how I accept,
confirm, get certificate, etc.
Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4
From URL: http://hendrix.mozilla.org/
Note to readers: Hendrix gives no expectation of a response to this feedback
but if you wish to provide one you must BCC (not CC) the sender for them to
...How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I
have learned how to protect my PC from the inside out. But what about
security risks to my info 'before' it gets to my computer? Like my mail
box on the server. Could someone hack into that and thumb through my
If so, how would I ever know?
(The short story)
We have a rogue employee at my work who one day decided to run the web
site, she got in tight with the ISP, got tools to set and delete
passwords on a protected directory on the server. Who knows if she has
telnet access to other things, li...Any security issues using Impersonation along with Forms Authentication with Integrated Security (SQL SERVER 2000)?
I currently running a ASP.NET application (Visual studio 2003) with SQL Server 2000.
For security I am using forms authentication and integrity security for sql server enabling the ASP.NET account.
I am developing a module that create, delete and upload files on a network directory. If I set impersonation in the web config to true and specify a username/password will that conflict with my current security? Would it be better to make impersonation specific to this page? Any ideas on the approach?
...Replacing SQL Integrated security by Custom security
ClassifiedsSK required the most basic security (probably just two roles -guest and admin- for most of us) therefore I would like to eliminate the SQL Integrated security (which adds more SQL objects than the logic of the app itself) for a very basic custom security (login and password in the member table, plus a simple role table -or even a "IsAdmin" indicator within the member table- would do the trick).
Now my question: Has anybody done this already? If so, would that person be willing to share the code?
Thanks in advance.
GP...(IN)SECURE Magazine from Net-Security (PDF download)
A little more light reading :-)
Latest issue, #13:
(86 pages, with ads [not animated ads] - like a printed magazine)
Archives of past issues:
ISSUE 13 (September 2007)
* Interview with Janne Uusilehto, Head of Nokia Product Security
* Social engineering social networking services: a LinkedIn example
* The case for automated log management in meeting HIPAA compliance
* Risk decision making: whose call is it?
* Interview with Zulfikar Ramzan, Senior Principal Re...Password secure...is it secure?
Yes I just got this baby and I LOVE it! Its great. I have stored all my
passwords inside of it (and yes made a few backups from them in secure
locations) How secure is this program really? It uses blowfish to encrypt
the database but how strong blowfish? 128bits? 256? 448?
Anything else I should think about it? I have putted it and its databases
inside PGPdisk just to play it safe...but then again Im a paranoid. :)
My privacy related homepage and PGP keys:
This is a multi-part message in MIME format.
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
I'm a Mac user 10.4.8 of Thunderbird 22.214.171.124 & am wondering how
"Enabling FIPS" will improve my security? I can't seem to find any
explanation of FIPS under Thunderbird help.
Have a good day R Schwager
Content-Type: text/html; charset=ISO-8859-1
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Tr...Forms Security for Role base security. Nirdesh Puri
Hi,I am using IBuySpy portal framwork and using Role based security. But I got some security problem in this type of security.Can you solve my problem.Role base security: Role is based on Task Group and Task Group based on Task and Task based on pages url.Create Two different roles: A and BCreate one user User1User1 assign role Aif User1 login on site and get the menu of Role A. But any how he get the url of Role B page. How we prevent Role B pages from this user.Warm Regards,Nirdesh Puri...Secure connections: how secure are they?
......... both useful and malicious information can be transmitted via network
connections. Standard solutions protect computers against threats present in
standard network connections, but aren't able to counter threats present in
secure connections. Verifying the contents of a secure connection is
impossible by virtue of its secure nature, as demonstrated by the different
types of protection listed above. As a result, malicious data within secure
channels can cause a significant amount of damage, and sometimes more than if
it were to be transmitted via a standard, non-s...How secure is secure enough?
July 28, 2008 (Computerworld) This story originally appeared in
Computerworld's print edition.
If there is a Holy Grail in the information security industry, it surely is
the answer to the question, "How secure is secure enough?"
It's a question that many security managers have either avoided answering
altogether or tried to quickly sidestep by throwing a fistful of mainly
pointless operational metrics at anyone who cared to ask.
"Never d...Windows Security vs. SQL Server Security: Procedure?
I'm so new to DNN that I'm installing it on a development server for the first time. I'm following the procedures for installing DNN as set out in the book DotNetNuke ASP.NET Portals by Shaun Walker, et al. The book indicates two security paths for setting up the database for SQL Server 2000: 1. Windows Security and 2. SQL Server Security. Although it recommends Windows Security, it then provides the steps for SQL Server Security, which it acknowledges as the less secure of the two options. I understand why it proceeds down the SQL Server Security ins...How secure is AuthenticationTypes.Secure?
I understand that AuthenticationTypes.Secure requests secure authentication using Kerberos or NTLM (??). However, here is a scenario I am trying to understand. Let us say that I am having a regular ASP.NET site - with SSL certificates not installed on the web server. The login sends the request out to an AD server which also does not have certificates installed. However, I have set Secure flag to AuthenticationTypes.Secure. When the username and password data gets transmitted between the application and the LDAP server, how secure are the password and username info? In other words is this in...File security from web-apps with Forms security enabled?
I am developing a series of web-apps, in the process of converting older client-server FoxPro apps. We are forced to use Forms-level security on our web-apps, due to licensing issues with providing Active Directory Windows-base security, and have adopted the ASP.NET 2.0 security schema. However, I have ran into a problem because many of our applications use sensitive Word and Excel attachments to the plans we store in the SQL Server 2000 and 2005 databases. Forms security adequately protects the web-site pages and the database data but when it comes to protecting access to ...