The server-security tag has no wiki summary.
7
votes
1answer
131 views
Securely sending data from shared hosted PHP script to local MSSQL
I'm trying to add data from a webhook (from a web cart) to a local Microsoft SQL Server. It seems like the best route for me is to use a PHP script to listen for new data (POST as json), parse it, ...
4
votes
2answers
408 views
Where to Perform Authentication in REST API Server?
I am working on a set of REST APIs that needs to be secured so that only authenticated calls will be performed. There will be multiple web apps to service these APIs. Is there a best-practice approach ...
0
votes
2answers
148 views
Are random number generators security holes?
If I retrieve a random number from a database (e.g. RAND() in SQL Server) or using a programming language and send this in some form back to a client machine, is there an economic chance I will be ...
0
votes
0answers
34 views
Collecting and sweeping of session-dependent uploads
I develop a Java web application with an upload-feature. The upload is devided into two parts:
During a user-session the user can upload files at any time while navigating through the whole site.
...
1
vote
2answers
99 views
How can I limit access for automatically generated files to specific users in a MVC setup?
I have a typical MVC based website, and I'd like to give some registered users the abillity to extract data from the database (in a variety of formats). The workflow is very simple:
User logs in,
...
0
votes
1answer
517 views
WCF service and security
Been building a WP7 app and now I need it to communicate to a WCF service I made to make changes to an SQL database. I am a little concerned about security as the user name and password for accessing ...
1
vote
2answers
1k views
Why special characters are deemed risky in URL and query strings?
From a security perspective, the special characters like '&' or <b> are a big no no in URLs and query strings. I could find the articles that explained the ways to bypass this restriction, ...
