Symfony row DB security based on field value

I have a database that contains hundreds of thousands of records. For commercial reasons only users who work on specific projects can view certain records, we identify these records via a project_code field. I think there is a facility in doctrine t...
more »

2017-05-20 19:05 (0) Answers

Key Security - How to ensure that keys are secure?

Assuming that there is a Key Encryption Key that is in memory and not written to file or database... byte[] kek = new byte[32]; secureRandom.nextBytes(kek); byte[] kekHash = SHA512.hash(kek); And assuming that the Key Encryption Keys are ephemeral...
more »

2017-05-20 04:05 (1) Answers

asp.net core 1.1 antiforgery with angular 2/4

I am trying to implement antiforgery token on asp.net core 1.1 with angurl 2/4 cli but everytime when I use "ValidateAntiForgeryToken" system giving me 400 Bad request error. in asp.net startup.cs I have use services.AddAntiforgery(options => op...
more »

2017-05-20 04:05 (1) Answers

Credit card pin pad API abstraction

I am working on a Android interface that manage creditcards payments.The android device have NFC, stripe and chip reader integrated. Right now I can read all the information to process the payment from the card using NFC API calls regardless the card...
more »

2017-05-20 01:05 (0) Answers

Strange URL in HTTP_HOST

I have received an error report from my Django-based site, with a strangely looking HTTP_HOST: https://810067644/. The IP location is in China, which hints in the direction of a hacking attempt. But I have no idea what actual activity this indicates....
more »

2017-05-19 19:05 (0) Answers

IIS certificate only for given consumers

How to configure IIS server to produce only consumers who have initially installed given certificate which they receive by email or by other way but not automatically from IIS Server. I want to reject all requests coming from consumers who didn't ins...
more »

2017-05-19 17:05 (0) Answers

Adobe AIR cryptography native extension sample

I am an Adobe AIR/AS3 developer and I need to use in my AIR application an encryption/decryption based on private/public keys. I have found 2 cryptography native extensions: https://github.com/vpmedia/botan-crypto-ane https://github.com/vpmedia/cryp...
more »

2017-05-19 15:05 (0) Answers

File System security (PHP)

Basically i want to discuss about file-system security,and yes i tried to search for a solution but no satisfied result. Let me explain in details. I have GoDaddy hosting. There are two sites installed. One on root and one is in a sub-folder. Lets ...
more »

2017-05-19 13:05 (0) Answers

Spring MVC Authority loaded externally

I'm using spring mvc 4 and I have some rest services. Some of these methods are annotated with: @PreAuthorize("hasAnyAuthority('myAuth1', 'myAuth2', 'myAuth3')") So do you know if is there a way to load my permissions ('myAuth1', 'myAuth2', 'myAu...
more »

2017-05-19 12:05 (0) Answers

Tomcat Security Warning When Loading Applet

I have an applet that is being loaded from a secure tomcat server and right before the applet is loaded I get an error that the site certificate is not valid and cannot be used to verify the identity of this website. I’m not sure why this is an iss...
more »

2017-05-18 19:05 (1) Answers

Spring, XSRF tokens and performance

I am trying to implement CSRF protection in an existing application. We have Spring MVC on backend and a mix of HTML, CSS and Apache Velocity Templates on frontend. I have tried configuring the Spring CSRF functionality as shown here - https://docs...
more »

2017-05-18 17:05 (0) Answers

Attack on server CentOs

I have checked /etc/logs/error_log and found that : Step one : a vulnerability test was done via acunetix.com : {[Tue May 16 14:23:39.954825 2017] [ssl:error] [pid 24692:tid 140230707291904] AH02032: Hostname domaine.com provided via SNI and hostna...
more »

2017-05-18 13:05 (1) Answers