Tagged Questions

1
vote
1answer
55 views

How frequent should the Token Updation in CSRF security be?

To start with the background, this post is what Jeff Atwood says about CSRF tokens. In this very page, he goes on to say: An even stronger, albeit more complex, prevention method is to leverage ...
2
votes
2answers
76 views

Making sure database connection information is secured

This is the first time that I am working on a web application. I was going through the question What should every programmer know about web development? and noticed one thing that I knew nothing of: ...
-1
votes
1answer
233 views

python login form vulnerability?

<HTML> <HEAD><TITLE>Login Page</TITLE></HEAD> <BODY> <CENTER> <FORM method="POST" action="http://yourserver/cgi-bin/login.py"> <paragraph> Enter ...
4
votes
2answers
143 views

Is a traditional client app which connects directly to a database a good idea?

After using Django's excellent admin interface, I was pondering creating a similar system which wasn't as tied to an ORM. Now, while considering this, I thought that overcoming webapps limitations ...
11
votes
3answers
499 views

Is it a good practice set connection strings in a web config?

Recently I have a discussion with some of my colleagues at my work because they said that it's better have in a .DLL a string connection encrypted. And I said why just don't use the string connection ...
6
votes
6answers
690 views

How can I prevent users from creating multiple accounts on a web site?

I'm building a site that needs to guarantee user reputation scores are accurate by preventing users from creating more than one account, at the cost of decreased user signups. So far, the only ...
3
votes
2answers
205 views

Why should you prevent a search engine from indexing your development server?

I've heard that you shouldn't let search engines index your development server. The reasons given were: Duplicate content penalties Customers making purchases from an unsecured domain (if ...
2
votes
3answers
154 views

Guidelines for a “medium security” site?

I'm designing a site that needs to be secured, but won't host any PII or other highly sensitive information. It's also going to be accessed relatively infrequently so I don't want an onerous ...
2
votes
5answers
338 views

Hiring Developers - Securing Source Code

I have a popular web-based app, and now suddenly my main developer has disappeared. Although I've found other great developers but I don't want to distribute the source code to everyone. Is there any ...
2
votes
1answer
147 views

Web security course?

I'd like to do a course about web security. I've seen some certifications that could be interesting: CIW Web Security Professional CISSPĀ® - Certified Information Systems Security Professional ...
17
votes
3answers
647 views

Should MVC/REST return a 403 or 404 for resources belonging to other users?

When working with a resource-based site (such as an MVC application or REST service), we have two main options when a client tries to GET a resource that they don't have access to: 403, which says ...
12
votes
4answers
1k views

What best practices should be employed in a PHP login script?

I am wanting to re-write my login scripts for clients websites to make them more secure. I want to know what best practices I can implement into this. Password protected control panels are in their ...
1
vote
8answers
436 views

My very first serious project and I'm concerned about security

I'm making a small social networking web site for a specific university's students (where I study) and I'm concerned about security (access to the database). What should I do? What I have to check for ...
3
votes
1answer
687 views

Software architecture for authentication/access-control of REST web service

I am setting up a new RESTful web service and I need to provide a role-based access control model. I need to create an architecture that will allow users to provide their username and password to get ...
13
votes
7answers
909 views

stackoverflow induced passivity - how to cope?

After not really working on my pet project for a while, I discovered Stackoverflow and upon perusing it more intensely I was quite amazed. I'm a bit of a perfectionist, so when I found eye-openers ...

1 2
15 30 50 per page