Security Feed - Programmer's Heaven

Protect Microsoft Office Documents, Macros and Add-Ins on Mac or Windows

Fri, 08 Apr 2011 16:28:53 -0700

Authors that sell Excel spreadsheets, Macros or Add-Ins for Excel, Word or PowerPoint can ensure that only licensed users can use their work. OfficeProtect safeguards Microsoft Office documents with a secure license that requires computer specific activation.

Salted Password Hashing (C#)

Sun, 06 Feb 2011 17:46:51 -0700

BlackWasp submitted a new article.

There are many ways in which passwords can be stored, with varying levels of security. Salted password hashing uses a non-reversible hashing algorithm with the inclusion of a randomised element to make it more difficult to obtain user passwords.

jPDFSecure 2.20

Fri, 20 Aug 2010 13:34:35 -0700

gholmann submitted a new file.

jPDFSecure is a Java library that can digitally sign PDF documents and change security settings on PDF Documents. With jPDFSecure, your application or jave applet can encrypt PDF documents, set permissions and passwords, and create and apply digital signatures. jPDFSecure is optimized for performance and is built on top of Qoppa's proprietary PDF technology so there is no need for any third party software or drivers. jPDFSecure has a simple interface to load PDF documents from files, network drives,URLs and even input streams, which can be generated runtime or come directly from a database. After changing security settings, jPDFSecure can save the document to a file, a java.io.OutputStream or a javax.servlet.ServletOutputStream when running in a J2EE application server to output the file directly to a browser. jPDFSecure is platform independent and can be used in any environment that supports Java, including Windows, Mac OSX and Linux. Main Features * Digitally Sign PDF documents: Create New Digital Signature Fields Apply Digital Signatures on New or Existing Fields Clear Digital Signatures * Encrypt PDF documents with the Highest Security Level Encyption 128-bit RC4 * Decrypt to view PDF documents of 40 bit or 128 bit encryptions * Set / Remove Permissions: Permission to Print at High Resolution. Permission to Print. Permission to Copy or Extract Content. Permission to Extract Content in Support of Accessibility for Disabled Users. Permission to Modify the document. Permission to Add / Modify Annotations. Permission to Fill Form Fields and Sign. * Set / Remove Passwords: Password to Open PDF Documents Master Password to Change Permissions * Written entirely in Java allows your application to remain platform independent. * No need to install or configure additional drivers or software when deploying.

Creating Secure Strings

Tue, 22 Jun 2010 11:00:19 -0700

BlackWasp submitted a new article.

Highly confidential information, such as passwords or banking details, should be encrypted in memory during use to reduce the risk that it may be revealed to malware or forensic examination. The SecureString class provides this encryption automatically.

Creating Secure Strings

Tue, 15 Jun 2010 13:59:46 -0700

BlackWasp submitted a new article.

Getting around a proxy

Thu, 14 Jan 2010 06:50:50 -0700

the_new_mr posted a new message on the Security forum.

Hi all.

I'm not 100% sure if this the right place to post this but thought I'd post it here.

I'm involved in a software project where we will need to access a server written by us from a client written by us to perform some two way communication. However, although we can do this fine over a LAN, we don't know how to do it if the two computers are separated over the internet and there are proxy servers in the middle.

We'll have a setup with something like this:

Us <---> our proxy <---> internet <---> their proxy <---> them

Obviously, the IP addresses of the individual computers are not representative of the IP address we need to connect to and the IP addresses of the individual proxies aren't enough either.

I have relatively little network knowledge and programming experience (just a bit from college) so don't really know how to go about this.

I did some research over the last couple of days and found that a VPN might be the solution we need. I also looked at OpenSSH which will provide encryption which is something else we need. However, I can't seem to find anything about getting round the proxies.

Can someone please help or point me in the right direction?

Thansk in advance.

Protect Your Java Code - Through Obfuscators And Beyond

Tue, 30 Jun 2009 03:42:11 -0700

excelsior-usa submitted a new article.

A beginner's guide to Java code protection, showing where obfuscation falls short and what can be done about that.

Java Web services: Axis2 WS-Security encryption

Mon, 22 Jun 2009 13:33:10 -0700

Solrac submitted a new article.

Get an introduction to the principles of public key cryptography, then see how WS-Security applies them for signing and encrypting SOAP messages using public-private key pairs in combination with secret keys. Includes example code using Axis2 and Rampart.

Avoiding Cloud computting DoS attacks

Wed, 17 Jun 2009 17:15:05 -0700

Solrac submitted a new article.

Look in detail at how the HybridCloud application authenticates itself to cloud services, how Google Apps uses OAuth and how Force.com cloud services require built-in testing to avoid inadvertent Denial-of-Service (DoS) attacks.

Stop illegal Al-Qaeda Steganography

Mon, 08 Jun 2009 14:40:55 -0700

Solrac submitted a new article.

Some of the more nefarious Steganography tactics include hiding information for illegal reasons. In fact, organizations such as Al-Qaeda and other terrorist are known to use this process to hide information in harmless images hosted on Web sites. Learn whats at stake and how to detect and thwart Steganography techniques and blunt its effectiveness.

QuickLicense 4 and Safe Activation Service 2 Protects Software

Wed, 27 May 2009 08:38:47 -0700

harold submitted a new article.

Protect any kind of Mac or Windows software written in any programming language using QuickLicense and Safe Activation. Present users with automated activation, license release and restore, automated subscriptions and secure feature delivery.

Re: Self modifying EXE

Fri, 08 May 2009 09:02:55 -0700

anthrax11 posted a reply on the C and C++ forum.

You just answered your own question. If applications could modify themselves in ROM while running, then that would be a major security flaw in itself. I'm sure there's a secure way to do whatever you are trying to do without modifying the exe.

UNIX network analysis

Tue, 05 May 2009 09:41:20 -0700

Solrac submitted a new article.

You can find out a lot about your network by using a variety of different tools. Understanding the layout of your network, and where packets are going, and what people are doing is important. This tutorial examines techniques for monitoring the traffic and content of your UNIX network and how to read and diagnose problems on your network.

Step through Securing your Grails application

Mon, 04 May 2009 10:01:43 -0700

Solrac submitted a new article.

Grails provides all the basic building blocks you need to put together a secure Web application. Setting up an authentication infrastructure answers the question, "Who are you?" Get a hands-on lesson in enabling logins, limiting activity based on whether or not the User is logged in, and how to add in some authorization based on the User's role.

Re: NET DLL nightmare

Tue, 28 Apr 2009 13:56:59 -0700

Psightoplazm posted a reply on the C# forum.

well all the stuff you were doing is actually done inside the WebClient - plus it handles all protocols and securities for basic page browsing. - it's like one step down from the WebBrowser object that actually renders the pages and runs scripts and all that.

At least that's my understanding of it. :)

></\/~Psightoplasm`~

Learn how AIX V6.1 makes UNIX FTP security a no-brainer

Thu, 16 Apr 2009 13:41:18 -0700

Solrac submitted a new article.

AIX V6.1 has introduced a secure flavor of FTP (and ftpd) based on OpenSSL, using Transport Layer Security (TLS) to encrypt both the command and the data channels of file transfer. This article coveres the various aspects of the secure FTP setup, which includes the complete FTP service configuration on the server side, as well as the client side.

Creating an Elevated Button Control

Mon, 06 Apr 2009 12:11:39 -0700

BlackWasp submitted a new article.

When using Microsoft Windows Vista, administrative tasks are restricted by the user account control (UAC) system. Buttons that require elevated permissions are displayed with the command text and a shield icon to indicate that permission will be required.

Check if a Program is Running as an Administrator

Sat, 28 Mar 2009 05:10:48 -0700

BlackWasp submitted a new article.

User Account Control (UAC) protects Vista by preventing programs from performing administrative or system functions without prior permission. Before attempting such a function, you should check whether your software is running with elevated privileges.

Security Features in ASP.NET

Tue, 24 Mar 2009 03:29:30 -0700

Beansoft submitted a new article.

Tutorial covers number of new features and tools to secure ASP.NET applications. The authentication and authorization of users and resistance against the malicious attacks are important tasks in web applications.

The key components of Multi-security based solutions for UNIX

Mon, 16 Mar 2009 08:53:01 -0700

Solrac submitted a new article called 'The key components of Multi-security based solutions for UNIX'.

This article discusses the risk associated with the use of the same security mechanism in multifactor authentication systems and proposes the use of GSS-API as a suitable option for achieving the multi-security mechanism clubbed with multi-factor authentication for enhanced security for solutions designed over UNIX.

any suggestions

Sat, 14 Mar 2009 11:42:36 -0700

kyle11778 posted a new message on the Security forum.

i am looking into how to create a folder lock program. has anyone made one of which i can dissect thier source code or know of any open-source folder-locking programs that are relitivly easy to read? thanks for your input...

Designing a Linux PAM login security application

Wed, 11 Mar 2009 08:56:34 -0700

Solrac submitted a new article called 'Designing a Linux PAM login security application'.

The Pluggable Authentication Module (PAM) API exposes a set of functions that application programmers use for security-related functions like user authentication, data encryption, LDAP, and more. In this article, get a basic guide to the PAM model on Linux, see how to configure PAM, and learn how to design a sample PAM login application in 10 easy steps.

BT Watcher Pro 1.5.0

Mon, 09 Mar 2009 01:01:44 -0700

wojtekzet submitted a new file called 'BT Watcher Pro 1.5.0'.

Automatic lock and unlock your computer screen via a mobile phone. BT Watcher automatically lock your computer every time you leave the vicinity of the computer and unlock computer when you will back. Can also automatically suspend and wake up monitor to save energy and battery life, or hibernate computer. BT Watcher show only small icon in system tray so is almost invisible in work. You can define time after which BT Watcher will show warning message, and separately time after BT Watcher will lock your screen. You can define custom command to execute to, such command could be executed separately from locking screen. Program is dedicated for business persons, or professionals whose travel a lot with notebook. BT Watcher not only protect your data, it also save your notebooks battery life and save energy, by suspending monitor, where you ale leave it. Features : 1. Easy configuration by Wizard. 2. Automatically lock and unlock computer. 3. Save energy and battery life 4. Customizable locking screen 5. Can be protected by password. 6. Discreet: work in system tray. 7. Can make secure connections, or work without connection 8. Start user defined command. 9. Can logout user or shutdown computer.

SELinux and Smack security modules for Linux containers

Fri, 13 Feb 2009 11:40:48 -0700

Solrac submitted a new article called 'SELinux and Smack security modules for Linux containers'.

A common response when someone first hears about containers is "How do I create a secure container?" This article answers that question by showing you <a href="http://www.ibm.com/developerworks/linux/library/l-lxc-security/index.html?ca=dgr-lnxw961SELinux-Smack-Contains&S_TACT=105AGX59&S_CMP=grsitelnxw961">how to use Linux Security Modules (LSM) to improve the security of containers</a>. In particular, it shows you how to specify a security goal and meet it with both the Smack and SELinux security modules.

Re: Detection of administrator?

Wed, 11 Feb 2009 22:51:09 -0700

Sephiroth posted a reply on the Windows programming forum.

I wanted to post the solution to this problem so that it would be here at PH for others to see. I found it after spending time looking up security functions and testing things on my own.

  BOOL bAdmin;
  PSID pSecurity;
  SID_IDENTIFIER_AUTHORITY siaLevel = SECURITY_NT_AUTHORITY;

  //Check for administrator rights
  if(AllocateAndInitializeSid(&siaLevel, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &pSecurity) != 0)
  {
    CheckTokenMembership(NULL, pSecurity, &bAdmin);
    FreeSid(pSecurity);

    //We have to do this since MS won't use a real boolean
    if(bAdmin)
      this->bAdministrator = true;
  }
  else
    return false;

Hope this helps somebody else.

*EDIT*

I wanted to point out that this code is inside a class method that returns a boolean (bool) type. That's why there is a "return false" statement if allocation fails.

-Sephiroth

Understand the Anatomy of a Web attack or else

Tue, 03 Feb 2009 15:57:43 -0700

Solrac submitted a new article called 'Understand the Anatomy of a Web attack or else'.

Never underestimate or lose respect for those looking to do you harm: You do so at your own peril. Today, more and more applications are being hosted on the Internet. As organizations have moved their applications to this environment, the threats have increased 100-fold. To avoid becoming a victim, understand what you face, how attacks are carried out, and how you can employ proper defensive measures. A little research and understanding can go a long way.

Synchronizing UNIX files with optimized security

Mon, 02 Feb 2009 15:34:18 -0700

Solrac submitted a new article called 'Synchronizing UNIX files with optimized security'.

There are many tools available that allow you to synchronize files across UNIX directories, but doing it effectively, and securely, takes a little bit more effort. This article looks at solutions for synchronizing files across UNIX filesystems and different computer systems securely, and at solutions that allow you to synchronize encrypted versions of your files for the purposes of backup.

Re: trying to write

Wed, 28 Jan 2009 19:51:05 -0700

kyle11778 posted a reply on the Security forum.

i would just like to write a basic "folder lock" program. or anything small like that. any help would be well...helpfull.lol. are there any sites or books u would suggest for me that is based on the creating of security software?

Battling Web spam

Tue, 02 Dec 2008 10:30:15 -0700

jmalasko submitted a new article called 'Battling Web spam'.

Spam on the Web is one of the biggest threats to a modern Web developer. The "bad guys" become more and more sophisticated every year in how to vandalize and proliferate ads over any Web 2.0 page they can grasp. This two-part installment provides a thorough guide to anti-spam techniques. This first article explains how to assess whether a visitor is a spammer and how to organize site workflow to discourage spam.

Explore Eclipse's plug-in signature mechanism

Thu, 20 Nov 2008 09:29:18 -0700

jmalasko submitted a new article called 'Explore Eclipse's plug-in signature mechanism'.

Security is an important issue when installing a bundle of new features to software. Learn about signature technologies used by the Eclipse platform to determine the trustworthiness of plug-ins. Eclipse places each plug-in into one of five categories: unsigned or signed, trusted or untrusted, or expired. Learn how to create signed plug-ins in Eclipse and IBM Lotus Expeditor, an Eclipse-based product.

New Unikey Time software protection dongle released

Tue, 18 Nov 2008 02:43:19 -0700

secutechpres submitted a new link called 'New Unikey Time software protection dongle released'.

SecuTech Brings Innovation to Time-Based software protection solution New Unikey time offers advanced, strong secure method for subscriptions and rental of software Canada, Aug 1, 2008 – SecuTech, the leader in software protection, video and flash protection solutions, today announced general availability of its new UniKey Time dongle that serves as one of the latest additions to the family of UniKey dongles, released today. Unikey Time offers numerous advancements that allow the rental of software based on a specific period. The best software copy protection solution, the strongest hardware key for software vendors—UniKey Time will be always the right choice alongside with cost effectiveness and robust security. UniKey Time is specially designed for software vendors who needs to control and manage the software’s rental and selling in subscription or maintenance, it allows to pay per use, in this way software vendor can completely control the sales by charging the end users timely and periodically. This function is based on a real time clock deposited in the dongle indicating the specific time (hour, minute, second) and date (day, month, year). Strong Anti-Piracy Protection technology and Real-Time Clock dongle Unikey time provides strong copy protection that guarantees software vendors get paid for every copy of software. A real-time, clock inside USB key prevents tampering with time settings, while on-chip 128-bit AES encryption ensures a robust link between the application and the USB hardware key. UniKey Time is designed and manufactured under ISO 9001 that ensuring consistent quality and performance. UniKey time has three years warranty. For additional information on SecuTech Unikey Time and the entire suite of Unikey software protection solutions, visit www.eSecuTech.com

Application Privacy Monitoring for JDBC

Wed, 05 Nov 2008 12:11:15 -0700

jmalasko submitted a new article called 'Application Privacy Monitoring for JDBC'.

Privacy policies allow organizations to control the use of personally identifiable information according to individual choices. The Application Privacy Monitoring for JDBC is a technology preview providing a Java library for adding privacy policy enforcement to existing Web applications that use JDBC/SQL.

QuickLicense 3.0 Software License Protection

Tue, 21 Oct 2008 16:16:45 -0700

harold submitted a new article called 'QuickLicense 3.0 Software License Protection'.

QuickLicense 3.0 empowers developers to protect and manage any software license for Mac or Windows applications. The product includes an API for complete developer control and the AddLicense tool to wrap compiled applications within a protective license with no programming required.

Seven habits for writing secure PHP applications

Tue, 30 Sep 2008 10:28:14 -0700

Solrac submitted a new article called 'Seven habits for writing secure PHP applications'.

When it comes to security, remember that in addition to actual platform and operating system security issues, you need to ensure that you write your application to be secure. These seven habits for writing more secure PHP Web applications will help you avoid becoming an easy victim of malicious attacks. Like many habits, they may seem awkward at first, but they become more natural as time goes on.

The superb DRM Removal-Daniusoft Media Converter Pro 2.2.4.0 now released

Thu, 25 Sep 2008 03:01:36 -0700

aimer submitted a new article called 'The superb DRM Removal-Daniusoft Media Converter Pro 2.2.4.0 now released'.

Daniusoft Media Converter Pro 2.2.4.0 now released, the latest version is more stable and of higher quality than ever before. Daniusoft Media Converter Pro is a powerful DRM removal which can remove DRM protection legally and convert other video & music even HD video in high quality. This DRM removal software has powerful function: DRM Removal, video converter, audio converter and extract audio from video that fits all of your conversion demand. Daniusoft Media Converter Pro supports most DRM video Audio files: WMA/WMV/M4A/ M4B/M4P/M4V/ASF, HD video: M2TS, TP, TRP, TS, AVI... and other popular media. With this excellent DRM removal software, you can enjoy all music and movies on any digital players: iPod, Creative Zen, Zune, iPhone, PSP, Archos, etc. without restriction. The Key Features of Daniusoft Media Converter Pro: 1.Legally remove DRM WMV/WMA/M4P/M4V/ASF... using record technically process which records play and saves the recordings in unprotected digital formats 2.Convert all popular video: MP4, MPG, MPEG, 3GP, RM, RMVB, DAT, MOV, FLV and high-definition video: M2TS, TP, TRP, TS, AVI 3. Extract audio from all popular video, so that you can enjoy movie music any where; 4. The converted files fit for all popular digital players such as iPod, PSP, Zune, Creative Zen, Archos. 5. 400% High Conversion Speed - Support batch and multithreading conversion which the conversion speed beyond your imagination; 6. Optimized DRM Removal engine – Let you adjust conversion settings which you can convert with your own style. 7. Easy-to-use, Only several clips to finish all the conversion and preview the whole process. The new features of Daniusoft Media Converter Pro 2.2.4.0: 1. Support even more settings on DPI. 2. Support drag-drop audio & video folder. 3. Completely compatible with iTunes 8.0. Availability and Suggestion Daniusoft Media Converter Pro 2.2.4.0 is available now at: http://www.wmatomp3-converter.com/digital-media-converter-pro.html

Optimize your existing JDBC apps using pureQuery

Mon, 22 Sep 2008 09:52:41 -0700

jmalasko submitted a new article called 'Optimize your existing JDBC apps using pureQuery'.

Data Studio Developer and Data Studio pureQuery Runtime include a new feature called client optimization that enables developers to take advantage of the benefits of static SQL execution without having to modify their existing custom-developed, framework-based, or packaged JDBC applications. In this tutorial, learn how to use the tooling provided by Data Studio Developer to enable a JDBC application to use this new capability.

New Unikey Time software protection dongle released

Wed, 17 Sep 2008 02:38:57 -0700

secutechpres submitted a new link called 'New Unikey Time software protection dongle released'.

Java EE 5 framework 3.0 released

Wed, 10 Sep 2008 07:04:42 -0700

hbacher submitted a new article called ' Java EE 5 framework 3.0 released'.

We are proud to announce the major release of the 3.0 version of [fleXive]. [fleXive] is a Java EE 5 framework that speeds up development of data-centric (web) applications demanding security, persistence and internationalization. It focuses on enterprise-scale content modeling, storage and retrieval.

BladeCenter Integrated Manager

Fri, 05 Sep 2008 13:59:34 -0700

jmalasko submitted a new article called 'BladeCenter Integrated Manager'.

Business resilience is more than continuity of business operations. Availability, security, regulatory compliance, and risk management are needed to help companies respond to risks and maintain business operations. Ensure business resilience with the BladeCenter Integrated Manager, a tool that offers simplified failover and storage management solutions for BladeCenter S.

Signing an Assembly in Visual Studio

Thu, 04 Sep 2008 14:25:11 -0700

BlackWasp submitted a new article called 'Signing an Assembly in Visual Studio'.

To protect your assemblies from unauthorised changes you should sign them using a strong name key. This process uses public and private cryptographic key technologies that can prove the origin and the integrity of your software to the end user.

just starting...

Sat, 23 Aug 2008 20:54:45 -0700

kyle11778 posted the message 'just starting...' on the Security forum.

i want to learn to write security programs like a folder lock. if any one can show me something to help get me started it would be greatly appriciated.

thanks

New crack Engine needed...

Sun, 17 Aug 2008 10:38:31 -0700

hitech444 posted the message 'New crack Engine needed...' on the Security forum.

astalavista.box.sk doesn't work anymore.
Anyone knows a good replacement? i.e. a good crack/serial search engine?

UNICODE string concatenation...

Sat, 16 Aug 2008 13:54:13 -0700

Sephiroth posted the message 'UNICODE string concatenation...' on the C and C++ forum.

I'm working on an app right now that will need to track a variable array of filenames for security reasons. None of these names should be more than 32 characters, so that is how I am creating the array. My problem comes in when I need to add additional names to the array. My code thus far is below.

wchar_t *pNewArray;

try
{
  pNewArray = new wchar_t[(32 * (iCount + 1))];
}
catch(...)
{
  return false;
}


//Initialize the new array, copy existing names into it, and add the new one
memset(pNewArray, 0, sizeof(pNewArray));
wsprintf(pNewArray, "%s", pMainArray);

Now let us assume that the main array has one name in it, making it "pMainArray[32]". We call this function and it allocates the new array as "pNewArray[64]". This is good and it will copy the first 32 characters into the first 32 characters of the new array, but the problem comes when we have a name below 32 characters.

Assume we had one that was eight characters long. I can't use "wsprintf(pNewArray, "%s%s", pMainArray, pNewName)" because I'd get eight characters of the first name followed by the next name, forming a run-on. How can I get around this?

*EDIT*

I am trying the formula below and i only stores the fist string, nothing else. What in the world is going on, because it appears to be creating a larger array, but nothing is getting copied.

//Initialize the new array and copy the existing one into it
memset(pNewArray, 0, sizeof(pNewArray));
for(unsigned int uiLoop = 0; uiLoop < (this->iAppCount * 32); uiLoop++)
  pNewArray[uiLoop] = this->pFilenames[uiLoop];

//Now add the new name to the end of the list
for(unsigned int uiLoop = 0; uiLoop < wcslen(pNewName); uiLoop++)
  pNewArray[((((this->iAppCount + 1) * 32) - 32) + uiLoop)] = pNewName[uiLoop];

-Sephiroth

Re: Connecting to access database using vb.net with codes

Thu, 14 Aug 2008 20:08:09 -0700

bradwang posted the message 'Re: Connecting to access database using vb.net with codes' on the VB.NET forum.

Here is the code snippet:

Dim cn As New OleDbConnection
cn.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=|DataDirectory|Data.mdb;Persist Security Info=True"
cn.Open()
cn.Close()

Also, you can study this tutorial:
http://www.geekpedia.com/tutorial158_Connect-to-Access-Database-in-Visual-Studio-.NET.html

Finally, I suggest that you find a good book or a tutorial on ADO.NET. :)

Brad Wang - .NET Freelancer from China
MSN: brad_wang_cn@hotmail.com
Skype: brad_wang

LASsie for MS Access 4.6

Tue, 29 Jul 2008 12:13:50 -0700

pdebaets submitted a new file called 'LASsie for MS Access 4.6 '.

LASsie (Light Application Security) is a Microsoft Access Add-On that enhances your Access application with a simplified user security system. Intended as an alternative to Access' User-Level Security (which is deprecated in .accdb file formats), LASsie offers a less complicated way to secure forms, reports, controls and certain records from unauthorized user access. With LASsie, you can prevent a user from opening specific forms or reports, restrict their ability to update data on a form, disable certain controls, filter records, and perform custom security functions, all based on the user's sign on/user name. LASsie includes a friendly user sign-on form that prompts for a login user name and password. Users can change their own passwords via the included "change password" form. Optionally, the sign-on form can be bypassed and the user's Windows login user name can be used. Once the user name is verified, the security groups that the user belongs to are loaded. Based on permissions/restrictions assigned to these groups, LASsie determines which forms or reports can be accessed, if data updates are allowed, and more. LASsie is called "light" application security because it is not intended to be a robust, high-end security application. In fact, a sophisticated user could edit the underlying tables and change their own security level. By hiding the LASsie tables, and/or linking to them in an external, encrypted database, you could minimize the possibility of such potential breaches, but you should understand that we do not guarantee that such a breach will never occur. That being said, LASsie can serve quite well as an application security system where users are relatively unsophisticated, or where application data is not of a highly classified nature.

Re: search engine for hackers www.search2ha-ck.co.nr

Mon, 28 Jul 2008 19:19:22 -0700

bradwang posted the message 'Re: search engine for hackers www.search2ha-ck.co.nr' on the Security forum.

: search engine for hackers
: www.search2ha-ck.co.nr[/l
: ink] and
: www.searchforensic.co.n
: r
:

This seems to be interesting...

However, I cannot open the site here in China. :(

I'm Brad Wang...
.NET Freelancer from China
MSN: brad_wang_cn@hotmail.com
Skype: brad_wang

Folder Security 1.01

Mon, 28 Jul 2008 03:03:22 -0700

bdip submitted a new file called 'Folder Security 1.01'.

This is a program to hide folders from unauthorized access. The hidden folders become invisible and cannot be directly accessed from Windows Explorer. You can also assign a password to the program to prevent unauthorized use of the software. This is a very simple application.

Re: Data Structure help

Sat, 28 Jun 2008 14:49:04 -0700

zibadian posted the message 'Re: Data Structure help' on the Java Beginners forum.

: As a part of my project on data structures,I have prepared
: a small test survey on data structure across three languages -
: C/C++/java.This survey will help me in collecting and comparing the
: level of understanding and complexity of the three languages among
: different programmers.
: All interested fellow programmers please visit the link given below.
: It will also quick brush up your DS skills.
: Help will be greatly appreciated. [smile.gif]
: here is the link - ds-test.weebly.com

I wanted to take the test, but the security code fails every time (6 tries) in FF3.

How I can restrict desktop user to access some restricted web site

Fri, 27 Jun 2008 06:38:56 -0700

anjanmaity posted the message 'How I can restrict desktop user to access some restricted web site' on the Security forum.

I want to restrict user to access certain web site.After the running of the application when user type the restricted word on the address bar the browser will stop automatically. During the running i will set the restricted word they need not know the actual url of the restricted web site.

Please provide me some gudience, it is very needed to me.
Thanks.
anjan maity

.net application deployment error

Wed, 18 Jun 2008 13:23:14 -0700

jzhou819 posted the message '.net application deployment error' on the ASP.NET forum.

Hi, I am new to asp.net. I have an application runs fine in my local machine, but after I publish it to the server, I got the run time error:

Server Error in '/apps' Application.

Runtime Error 
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine. 

Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".


<!-- Web.Config Configuration File -->

<configuration>
    <system.web>
        <customErrors mode="Off"/>
    </system.web>
</configuration>
 

Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.


<!-- Web.Config Configuration File -->

<configuration>
    <system.web>
        <customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
    </system.web>
</configuration>

Can anybody help? TIA.