Web security is the broad term given to practices used to improve application security over the internet. This can include systems used and stored on the internet, and systems transferring data across the internet.
0
votes
0answers
13 views
Start/Stop Window Service from ASP.NET page
Is there a way to start / stop a windows service of a server in a different network
(not \\<server name>) from an asp.net page?
I tried using ServiceController but it's only work if it's in ...
0
votes
0answers
6 views
Unit test - httpcontext is null, websecurity.CurrentUserId not being populated either
I have an MVC 4 application that I'm building unit tests for. In my GameController, I have an Action, JoinGame, that requires the current userid. I get this with WebSecurity.CurrentUserId inside the ...
1
vote
1answer
13 views
Are server side checks necessary using JSF?
In a JSF page a select is populated based on logged in user privileges.
The aziende4ReportList contains only data related to the logged in user
<h:selectOneMenu id="comboAziende" ...
0
votes
1answer
9 views
WCF Web Service BLL for single ASP.NET app simplest approach
What is the simplest effective approach for securing a WCF Web Service built to be a combined DAL/BLL consumed ONLY by a single small ASP.NET web app?
Background:
I am relatively a web development ...
0
votes
2answers
24 views
Is it secure to blindly trust image urls and output them into html img tags on a site? Can it be used to inject code?
I have to process a feed from a data provider, in this feed they provide us with image URL, currently we download them and store them in our own media server, but I was wondering if it was safe to ...
0
votes
0answers
8 views
Does System.Net.WebRequest check that SSL certificate is not revoked?
I'm connecting to a remote webservice over https using the WebRequest class in .NET 4.0.
I'd like to ensure that the certificate: has not expired, is for the correct domain and hasn't been revoked.
I ...
0
votes
1answer
34 views
Security vunerability - What is this URL trying to do?
I've just received the following error from a few sites I run:
Error Caught in Application_Error event
Error in:
...
1
vote
2answers
16 views
Rate limiting an API with a special exception
I have a webapp that consumes a REST API. I'd like share the API with the wider world, but before doing so, I need to add rate limiting to prevent abuse / high load from buggy clients. I'd like to ...
0
votes
0answers
10 views
Web security issue? For windows server sp2(service pack2)?
I'm using windows server machine service pack 2 to host all my web sites.
And i'm having a folder inside inetpub named ftproot.
I'm doing ftp using some username and password and transering files ...
0
votes
0answers
11 views
Item Base Authorization in .NET
I am trying to find an authorization and authentication solution for my ASP.NET projects that can be used with object based needs. Like I have different kinds of elements and various actions on them. ...
1
vote
2answers
11 views
robots.txt disallow subdirectory without showing its name to robots
I'm stuck on a problem with robots.txt.
I want to disallow http://example.com/forbidden and allow any other subdirectory of http://example.com. Normally the syntax for this would be:
User-agent: *
...
1
vote
0answers
16 views
How to make Windows Authentication to work for only for specific members in the organization?
I am creating an Intranet Website which uses Windows Authentication.
I want to use it for only certain specific members of my organization. I have a line of code in my _LogOnPartial.cshtml page
...
-1
votes
2answers
50 views
How can I detect when a user is logged in?
I'm currently working on a little instant messaging project. So far everything has been going pretty well.
The only problem is security. When someone logs in, 2 cookies are set.
1) Name: loggedin; ...
0
votes
2answers
28 views
which phase should i use to intercept the login attempt in JSF
i am using a PhaseListener
And i can see that my credentials is available directly from the RESTORE_VIEW all the way up to INVOKE_APPLICATION and RENDER_RESPONSE. Which all makes sense.
I wonder what ...
0
votes
0answers
10 views
Adding people from Intrantet to ASP.NET Roles
I am creating an Intranet website for an organization.
I am using ASP.NET role provider to manage user roles.
I have different ASP.NET Roles within the website.
I am adding people in the Network just ...
