check this out... it rocks... http://www.microsoft.com/technet/security/10imlaws.asp

I'd like to understand what makes security hard. Is it gluing security islands together? is more knowledge required? Is it time constraints? what? lemme know! Cheers, MH

I'm designing an IIS/MTS/SQL7 application with some complex data accesssecurity requirements. Would it make more sense to encode this in thebusiness logic layer or the data access layer?Access is driven by business rules; but on the other hand, it might makemore sense to implement this deeper,...

Anyone implementing a DNA application across ASP, MTS and SQL 7.0 which must support IE and Netscape navigator? If so what security mechanism are you using?

Hello, I can access NT user names in ASP using theserver variable LOGON_USER. But I have been made awareof my requirement in my application to allow is disallowaccess to certain resources based on what NT Group a useris a member of.So far I have controlled permissions based on groupsat the file syst...

Articles on IBM developerWorksPasswords - Software security for developers------------------Like many security technologies we have discussed in this series on developerWorks,the idea is simple and elegant, but getting everything exactly right is harderthan it first appears. In this installment, Gar...

I am writing HTML for the intranet site, and am using script to open Worddocuments in Word, using CreateObject("Word.Application").To make this work requires setting a security option in IE. That is:Initialiseand Script ActiveX controls not marked as safe. It must be set to Enableor Prompt.This sett...

i have sever code (vbscript) which shells out to dos to execute an AT commandto schedule tasks on some servers on which i have admin authority. if iattempt to do this on my loacal machine it works fine but if i attempt toschedule a task on any of the remote servers i get access denied. the iusracco...

What do you think about M$'s .NET strategy and security/privacy issues itmay cause? Do you think it's really good to have applications running ona remote server on the Internet? Do you like the idea that you will needto connect to the Internet to read and write Word documents or Excel shee...

I'm an experience developer new to ASP. I am building a typical site whereuser are limited to certain areas based on a password. I think the logicworks as follows... The user logs in and security information must be storedin the Session object. When the user requests a page, the ASP sends in...

I have developed a simple security scheme that stores a cookie on the usersmachine and then uses a small script at the top of each page to check thatcookie for authorization before serving the page. The problem I run intois that I want to return a .PDF file to the client but obviously I can'tpu...

"Nix" mappinathotmaildotcom wrote:>>I have looked at the available info on msdn et al and Im quite excited about>the ability to run c# programs/applets from within a browser, (specifically>the Winforms technologies).>The problem is that is looks as though MS is planning to support Act...

I have a client that wants to sell his content on the web. He wants to control how long it can be viewed and if it can be saved or downloaded. does anyone know of an application that does that?? please respond Frank

Question: Can a user who has CREATE VIEW in a database create views under a different id? Eg User ABC creating a view called DBO.REPORT1. Your reply would be very much appreciated. Michael

The industry speaks positively about agile methods for software development( http://www.agilealliance.org) but hasn't yet applied those principles tothe folks who do networking and infrastructure. It is overdue and I willtake the first shot at some things that can make them more agile:1.. Keep n...

I have tried your sample code for Active Directory User validation. I havedone the changes in Web.config as per your instructions. But login.aspx fileaccepts any values. It does not validate the users. Is there any others things,I have to do?I am running this application from my PC, which runs on Wi...

Hi,Whenever I call the Sign method I get an error which says "The certificateis not valid for signing".I have tried this with all certificates, even those whose stated purposeis for signing and have private keys.What is going wrong? And why don't the provided samples work?I am running this from...

I am having lots of fun with CAPICOM. Problem is, I have another 3rd partytool that needs to be passed a pointer to a cert context. (PCERT_CONTEXTor something). I can create a memory store, load it from a .pfx file containingone cert, but how do I get this context thing frommyStore.Certificates[1]...

Does anyone know how to access security information with a COM object. Iam trying to identify what groups an authenticated user is in while loggedinto the intranet at my office. I was wondering if anyone knows of a COMobject or method to to do this... if possible I would also like to ascertainthei...

My company is in the process of moving our web server outside the firewall.Currently all our Microsoft Access databases and our SQL database resideon the web server. I want to move the databases to a server inside our firewall,however I am concerned about communication between the web server outside...

I've been experimenting with the SHA-1 and MD5 implementations in JDK 1.4.There is some sample code in IBM DeveloperWorks, with sample results fora simple string: "This is a test!" yielding an SHA-1 message digest ofD93,.x2%$kd8xdp3di5*Trying to duplicate the results on a Sun box, I just got a...

I have a "LAN" set up with about 10 stand-alone NT Servers. They are allNT4SP6. I do not have a Primary Domain Controller on this "LAN".One of these servers is a web server (Apache 1.3, CF4.5). Another of theseservers is a server (the "Switch") that runs a Telecom Switching applicationwhichstores...

I'm building java web based application.I'm going to encrypt some sensitive data and store it in the database. (SQLServer) But I have no idea how I should securely store the private (or secret)key. What is the right way of doing that?Are there any products dedicated to this particular prob...

Hello, With call the function of the library CAPICOM from Visual C 6.0

When I sign the document with the method Sign this error ocurred. why? the message "keys set not exit" sorry for my English

WHAT: Wireless LAN & 802.11 Security WorkshopWHEN: Thursday, May 16WHERE: Embassy Suites Hotel, San Francisco AirportREGISTER: www.itvshop.com/wlan-securityWorkshop sessions include:- Inherent security vulnerabilities with WLANs- AIRSnort, WLAN packet sniffers & War Driving- 802.1X solutions (TKIP,...

Hi all, i have to learn something on how to build secure applications. Can some one give me some link? Thanks in advance. (i found an article "Secure Systems Begin With Knowing Your Threats, Part 1 by Michael Howard" but is too short. I need something like this.

I need to get a list of all network shares and the groups that have accessto the shares. I have looked into using C++ and the NetShareEnum function,but it seems to be going nowhere. are there any suggestions as to how Ican get this information ( preferably in a text file )? Any help would begreat...

Hi,I'm trying to use Capicom1.0A in asp environment as activex control for digitalsigning and verification. The code I have written works fine if I use Windows2000 as my webserver. But same code when I access with Windows NT4(ServicePack 6) as my webserver, it fails to work. Capicom control can...

i have been trying to sign a message using multple receiver certificate.my rational behind this is i wanna sign the original message using my ownprivate key and then i send the document for another person to sign the document.i wonder if there is any standard practise by people in doing muliple sign...

I am using an NT 4.0 Wkstn(SP6). Forgive me - it is not *exactly relatingto* the context of this group.I want to run a Script/Program in the following two events:1. At Logon (This is easy and I know.)*AND*2. When a user had already logged on the machine, has locked it and now unlocksit with his User...

How Can I Connect to AD on WorkStation Machine, I tried the follow code:Dim SubjectNameCn As StringSubjectNameSN = "CN=*"myADstore.Open CAPICOM_ACTIVE_DIRECTORY_USER_STORE, SubjectNameSN,CAPICOM_STORE_OPEN_READ_ONLYmyCAstore.Open CAPICOM_CURRENT_USER_STORE, CAPICOM_MY_STORE,CAPICOM_STORE_OPEN_READ_W...

Im building an application and on this application I have to send adocument throut the network. I have to use PKI, but the problem is I have noidea how it works, I need informations, examples and documentation.I was looking for information on Microsoft Page, but the informations are sopoor.Any help?...

Hello, My Windows XP crashed and i reinstalled it. I had some files and folders encrypted now i can't unecrypt them now. Is there a way to decrypt them? Thanks Scott Mann

Hello,I am working with Oracle 8i installed on a Windows NT box. The install wasdone months ago by someone who is not available, and no one here remembersthe system login password. Is there a way to find or reset the system password?We have logins with DBA privileges available.Thanks in advance,Li...

Is there any way to use Certificate Service as Secret Key storage for encryption/decryption.

Hi,I am using DirectX 7 (DirectDraw only) on Win2000 in a DLL. A service whichuses the DLL is started automatically using the 'Local System account' onstartup. One or more instances of an application using the same DLL may bestarted later. When an application is started later, it fails to...

What would be the ideal replacements for sprintf and sscanf, according to the art : "15 Tips for Secure Win32 Programming " Thanks, San

Any on got good links for straight forward methods or sites with good info on the subject. I've searched and haven't found anything straight forward

During the week of October 29, we will be performing some site maintenanceon several areas of dev-archive, including discussion groups. A brief period ofdowntime may be unavoidable. If downtime occurs we will bring the groupsback online as quickly as possible.Thank you in advance for your patience.R...

Hi, I am new in windows security. Anyone has the source code that launch an application under admin privilege or the links to the websites that relate to this topic, please share with me. Thanks in advance.

My question concerns auditing after implementation of security on an AccessDatabase. Is this possible?What I am looking for is a log of the users that change records in thedatabase.Is it more feasible for me to move the database to SQL for this function?ThanksScott...

Can anybody comment on the market conditions of using Linux vs Windows serversand where this leaves Microsoft oriented web application developers? SomebodyI know raised some weaknesses Microsoft has in terms of security to constantlyadd new security patches and the costs involved in doing this. I...

Hi Tony>>Can anyone tell me if it is possible for a network administrator to>>have a copy be sent to himself of all mail messages being sent>>from one indivdual on the mail server to another individual on>>the mail server with out them knowing?Absolutely. It is in fact very...

I think there is a problem with the CertificateStatus object in capicom. Whenever I use the status property of the CertificateStatus object, then the process that uses it gets stuck in memory. I'm using CAPICOM version 1.0A.

"Gary" <gliuhome@aol.com> wrote:>>"Stanley" <scarr@skg-tech.com> wrote:>>>>Hi,>>>>I'm in the the process of changing the password for 3 letter two number>3>>letter, to 3 letters 2 numbers 3 letters and a symbol sign. I'm new tothis>>...

Hi, I'm in the the process of changing the password for 3 letter two number 3 letter, to 3 letters 2 numbers 3 letters and a symbol sign. I'm new to this and I'm having problems writing the script. Stanley

Hi, Do you know of a password synchronization tool, that has the possibility to synchronize passwords between Windows NT 4.0/2000, AS/400, Oracle and, if possible, Unix? Preferably this tool would be distributed by a company in Europe. Best regards, Tom Mertens

I am new to Com+ and I need to know if the specified account to launch the application in needs to be part of the Administrators group on the local server. Also if any one knows of a How-To or cookbook on Com+ security for programmers. Thanks

Hi there everyone,I am trying to put together a small program that will reset local administratorpasswords quietly as a part of the login script (novell) however I am havingproblems tracking down API Calls to achieve this. Can anyone point me inthe right direction.Thanks in advanceAndy Driskell...