The file-access tag has no wiki summary.
-2
votes
0answers
75 views
AVG has locked my read and write ability in the hosts file [closed]
I installed AVG to my laptop. My 13 year old son does online high school. I had used the system32 hosts file to block websites he goes to instead of doing homework. It worked just fine. The problem is ...
0
votes
2answers
34 views
Safely generate a non-log file within an application server
How does one go about safely write a temporary file to a location within an application server that is publicly accessible?
1
vote
3answers
171 views
Are file permissions set in Unix/Linux effective in Windows or Any other OS?
Consider some files and folder in Unix/Linux OS which are configured for only read access by root, if the hard drive stolen, and used in Windows Environment, are these permissions are still effective?
...
7
votes
3answers
230 views
Security tradeoffs of pathname-based MAC (e.g., TOMOYO, grsecurity, AppArmor, …)
I have been learning about MAC (Mandatory Access Control) systems in Linux. Often, but not always, these are tied to Linux Security Modules. Some systems I've looked at: SELinux, Tomoyo, AppArmor, ...
0
votes
1answer
58 views
Credentials using AWS IAM
I have a server, which should provide temporary credentials to the client.
The credentials will be transmitted using HTTPS.
The client should be able to upload S3 files, as well as download them.
The ...
1
vote
4answers
1k views
blocking direct access to files via url input while still allowing a script on server to access files
I am trying to accomplish the following and have been unsuccessful. I would appreciate any insight. Scenario: http://www.mydomain.com/filename.html is a webpage. On this webpage I am running a ...
3
votes
2answers
662 views
How to restrict skype file transfer outside of LAN
We are mobile application development company.
Due to security of Source Code and other file, we need to restrict Skype file transfer outside of LAN.
How to restrict Skype file transfer outside of ...
3
votes
2answers
88 views
Local Network Data Sync and Access Log
We have some confidential data for our research. Currently, we use an encrypted hard drive for storing the data and any researcher using the data takes it off the drive.
However, we do not have any ...
1
vote
1answer
251 views
Shellcode for higher file privileges
I'm learning exploits from the book Hacking: The Art of Exploitation. The shellcode below was written to enable higher privilege access to files.
\x31\xc0\x31\xdb\x31\xc9\x99\xb0\xa4\xcd\x80
...
4
votes
3answers
184 views
Could browsers improve security of stored passwords by using setuid?
On Unix-esque systems, Mozilla Firefox stores a users' preferences, web history and stored passwords in a set of files that are readible and writeable by that particular user.
This makes sense: when ...
4
votes
4answers
172 views
How to securely share files with other individuals?
I have a collection of files I would like to securely share with a small number of other people. The collection is mostly static; no more than one or two new files will be added per month (after the ...
3
votes
3answers
217 views
Why should every file have a user and a group?
I've been reading in most hardening guides for linux, that you should check for files and directories without valid user or valid group. What I can't find, is how this could be used for an attack, or ...
3
votes
1answer
662 views
Header opening a PDF file, can someone hack a website from there?
Can someone hack a website that uses this kind of header to open a pdf?
<?php
header("Content-type:application/pdf");
// It will be called downloaded.pdf
...
4
votes
2answers
349 views
Possible arbitrary file download vulnerablity
I am auditing a possible vulnerable piece of ASP code on a Windows enviroment. The code is as follows:
If InStr(strPath, "\Only\Download\From\Here\", CompareMethod.Text) = 0 Then
Basicly it is ...
5
votes
2answers
4k views
Monitoring file access on Windows
I need a way to monitor user file access on windows. What I need is:
monitoring of user opening, modifying (don't need to know what the changes were, just that a file was modified), copying, pasting ...
4
votes
3answers
169 views
Are there a standard method(s) for me to give someone else read-only access to my data?
Are there a standard method(s) for me to give someone else read-only access to my data?
There are several situations where I may want to give a few people read-only access to some data, but I would ...
12
votes
1answer
827 views
Something is changing my hosts file without asking
First: I can't find any information on this phenomenon, not anywhere on the net.
I don't know which application does it, but something in my Windows 7 Home Premium system (fully updated & legal) ...
2
votes
1answer
165 views
Can UNIX Domain Sockets be locked by user ID?
If I created a folder /tmp/me with permissions 700, and started a process under me that starts a listen socket under /tmp/me/socket.
I currently assume that a connection to that socket originated ...
6
votes
1answer
99 views
What are concerns with storing passwords in a restricted public folder on exchange?
Is it safe to store data such as account log-in information (for vendor websites, not administrative accounts), settings policies, activation documentation, and operating system keys in a public ...
3
votes
1answer
457 views
Which Domain Administrator created file X on a Windows 2008 R2-based server?
Someone created a file (web.config) in a location that basically caused IIS to not work. Is there any way I can determine who created this file?
The creator/owner says "Domain Administrators".
...
3
votes
2answers
655 views
How to protect from copying files?
Is possible to protect files from being copied if you are the administrator of a machine? I heard that this behaviour is possible: one software developer sells his software in such a way. He installs ...
1
vote
1answer
175 views
users avatar names based on Primary Key, is it safe?
We upload users avatar with their primary key name. avatars name are 1.jpg,2.jpg,3.jpg,... according to their primary key.
We implemented this to omit avatar field from database, instead with use ...
2
votes
1answer
294 views
My MP3 file is blocked, but still playable?
My computer is telling me that my MP3 file is blocked:
I have no problems playing the song, so I was wondering what exactly does it mean for my MP3 file to be blocked?
