Forum Array

Security :: AES / Rijndeal Encryption

I have a hex string (encrypted)I need to use Rijndael classes with these settings:  Encryption: AES

View Answers

Very Similar Questions

Page Level Security And Control Level Security In MVC Applications
forums.asp.net
how to implement page level and control level security in MVC applications. Also I would like to know the definition for Page Level and Control Level Security in MVC. Please refer me if any third party tools avilable to implement security in MVC.

Hot Link Prevention And Browser Security
www.webhostingtalk.com
I recently initiated "Hot Link Prevention" on one of my web sites on my Dedicated server (via CPanel). It woks well in re-directing hotlinked images to a small image that says "Unauthorized Hotlink Image." This of course prevents other web sites from leaching my bandwidth. However, I have had a number of people complain that when they visit my forum, they don't get my site's images, but instead see the Unauthorized Hotlink Image. The common thread seems to be the people with the problem are using Security Software. In one case, a guy is using Norton Confidential. Another guy is using some Security software provided by his ISP. I'm guessing that this security software is somehow messing with the Referer in tehir browser and confusing my server into thinking the images are being hotlinked from some other site. Short of turning off Hot Link Prevention, does anyone have any suggestions to tell the folks...are there settings in their Security Software for example that will prevent the problem when they visit my site?

BB Torch :: Enterprise Account Change Security Setting?
supportforums.blackberry.com
I have a blackberry torch. it has recently been replaced on the insurance, but now i can not set up my e mail accounts or connect to blackberry net (facebook, twitter). When i try to set my e mails up it asks me for the enterprise activation password. I have tried countless times with vodafone to rectify this. They sent me a link to activate my e mail accounts, but they are still associated with my old blackberry pin number. Vodafone have now told me to contact the manufacturers to change the security access to my new pin number, as my details have not updated like they should have done.I can not find any numbers to contact  these though. I am getting increasingly frustrated with this as i am paying for a service i can not use, and they cant rectify.

Security Read Write Files And Folders
www.phpfreaks.com
when i upload files to my webspace i set permission to my files and folders. Im wondering how im unsafe if i grand a folder or file with write permissions to all/everybody. In fact I have the intelligence to understand that ones can places files to my webspace and then execute them. But I dont have the knowledge how to implement it. How can i write to that folder and files?

Android :: Phone Security Profiles
androidforums.com
Hey guys, I previously posted this (i have now added something extra to this one) on another thread, it took me about 20 minutes to write, surpassing by far any the maximum time I ever spent on one single forum post in the past lmao.It was originally a response to someone who wanted to activate gps remotely if they lost their phone in order to use 'lookout' and then deactivate it afterwards to save battery. I though I'd make it its own thread since it took me ages to write, and it can effectively replace several features of the 'lookout' security app.

Security :: Reset Passwords / Create User / Recover Passwords On An Intranet
forums.asp.net
My issue today is that i have a MySQL Database and am using the security framework provided by the ASP.NET Membership and Role Providers...I override the default methods with my own MySQL. Now the issue comes in when i someone would like to have their password reset. My application is running entirely on an Intranet so i cannot have their passwords emailed to them. Is there a way i can have this information displayed in any way so that the user can use it to Log Reset, Create Accounts or Recover their lost passwords on an intranet without the administrators intervention? Recently i had an approach as follows. In my web.config<system.net><mailSettings><smtp deliveryMethod="pickupDirectoryLocation" and my location was a folder on C drive as c:/SavedPasswords. Now i understand this was such a big security threat and thats why i am looking for a better option. I would have that folder created using my System.IO and then the Mail is dropped into that folder. Then after the process is successful, i tell the user to check into that location and Read its content. Then there is a global variable that is set to true...meaning that the folder at c:/ has been created. then there is a Method in a certain class that once it sees this variable True, it reads the readers c:/ and deletes that folder "save" if it exists;

Security :: Change Existing Clear Passwords To Encrypted Passwords?
forums.asp.net
I have a small database, with a very small number of users. The passwords were stored as clear as the database was so small and held no sensitive data. The database is now to be expanded and passwords are required to be encrypted. I can change the Password Format in the web.config, but is there a way to change the existing passwords from clear to encrypted?

Security :: HTML Reader Working On A Secure Website?
forums.asp.net
I am working on an application to read some data from a website that requires a login. I am using the WebClient class to read the page. For example if I have a page http://www.something.com it can read the page fine. However If I have a page https://www.something.com/secure/ than it requires authentication. I have the username/password required I just need to know how to pass it in using C# .net.

Security :: Keep User From Clicking Verification Link Again?
forums.asp.net
I'm using the following code to send an email verification link (from the security tutorials).  How would I modify the code below so that if the user has already clicke the verification link, it will display "account already verified" and redirect them to the login page? using System;   using System.Web.Security;      public partial class Verification : System.Web.UI.Page   {       protected void Page_Load(object sender, EventArgs e)       {           if (string.IsNullOrEmpty(Request.QueryString["ID"])) [code].....

Security :: Avoid Copy Query String?
forums.asp.net
I have a java application that send to a aspx page the user name and password in a Query String. How can I authenticate the user in this aspx web page, and how can I avoid that a user copy the link in the internet explore and acces to the page.

Security :: Are The Aspnet_xyz Tables Linked / Related To The Membership Providers
forums.asp.net
After running the aspnet_regsql.exe tool, i notice a bunch of different tables pertaining to the ASPNET security (e.g. aspnet_Applications, aspnet_Membership, aspnet_Paths, aspnet_Personalations, aspnet_Profile, aspnet_Roles, aspnet_SchemaVersion, aspnet_Users, aspnet_UsersInRoles). Do the different providers (AspNetSqlMembershipProvider, AspNetSqlProfileProvider, AspNetSQLRoleProvider) relate or associated with certain aspnet_xyz tables? I imagine the AspNetSQLProfileProvider is responsible for the aspnet_Profile table correct?  The AspNetSQLRoleProvider probably is tied to the aspnet_Users, aspnet_Roles, aspnet_UsersInRoles table? Any links documenting the relationship between teh providers and the aspnet_xyz tables? 

System.Security.Permissions.SecurityPermission Winform In Webform?
forums.asp.net
It's a ?/$%/$%"!$ mess ... My webpage contains a winform user control. That user control send text to LPT1.It acts like an ActiveX. I set my website (on localmachine) as a trust one in IE and set all properties for ActiveX under security tab. The user control is showed under IE but I got a System.Security.Permissions.SecurityPermission when execute it.When I sign my control, IE can't display it ! I registered the dll in the .Net Framework Configuration tool

Winform Control Hosted In IE, FileIO Security Exception / How To Solve This Error Message
bytes.com
I see a message on: winform control hosted in IE, FileIO security exception. I have got the same problem, which I cannot figure out what is the solution for weeks. I have Windows 7 (Home premium edition), framework 3.5 (how can I check that, if gacutil is correct version, if it metters, anyway ...) I am writting on C#. Also on assemblyInfo.cs : [code]....

Security :: Oraclemembershipprovider In Visual Web Developer Express 2008?
forums.asp.net
I am building an internal wep site for my team. I have installed visual web developer express to start with and connected it to an oracle database. I want to use  Oraclemembershipprovider option for user login and control. On the Web Site Administration Tool page under Membership Provider, I am getting only one option "AspNetSqlMembershipProvider". However I want to use Oraclemembershipprovider. Can you please help. I am very new to asp.net and visual web developer express.

Security :: Disabling Viewstate Causing Problem To Server Control?
forums.asp.net
I have a web page which is using PasswordRecovery control.Its working fine but I have a scenario in which I have to disable Viewstate for the whole application.Now after disabling viewstate when I visit the webpage I have noticed that PasswordRecovery controls is not working (Every times when I submit the default button to go to step 2, the postback occur but not moving to step 2). 

Security :: Prevent Users Browsing Files When Typing Directory?
forums.asp.net
I have directories in my website which require authentication. But when i type the url with the directory name it lets me see the files but doesnt allow access as users need to login. How can i stop users viewing files if they manually type directory name in?

Security :: How To Configure Active Directory
forums.asp.net
can any body let me know how to deploy asp.net website to windows server 2003 iis and how to configure active directory and how to do authentication through the IIS Login prompt dialogue  box..i have configure the web.config as <authentication mode="Windows" /> <authorization  > <deny users="*"/> </authorization>

Security :: C# Active Directory Tutorial?
forums.asp.net
I'm looking for a website or a tutorial of some kind to help me get started on this part of my project.   I need my intranet website to use the already in place active directory.  However, I have never done this before and have no idea where to start.

Security :: Retrieving The CN From An Active Directory?
forums.asp.net
I am trying to develop code that interacts with an already existing Active Directory.   Right now, I need something that searches the CN nodes of the activedirectory and returns the path to that CN.  Could someone supply me code that shows this actually done in C#?

Security :: How To Implement Digital Signature
forums.asp.net
I am new to digital signature. I have a web application developed in asp.net 3.5. In one of the module of this application I am generating pdf file and storing it on the server. The users must be able to choose a pdf file and digitally sign it with a certificate stored locally (either on their machine or in a smartcard). I do not know whether I should pass pdf file to client place to sign it or I should send Certificate object to the server.

Security :: How To Create Digital Signature
forums.asp.net
I have problem to create digital signature. I created console application and it works there but when I want to run it at server there is exception. It looks like I have problem with reference to the file.

Security :: How To Get Context From Digital Signature
forums.asp.net
I have digital signature in asp.net. I want to get context with was signing.  I search goolge, but i can't find. I want to use x509 or others component. Getting context using capicom i Have, but signature created by mozilla firefox doesn't work. This script was used to signing: [code]....  How i get content from the other signature

Security :: How To Verify Digital Signature Of JAR/APK
forums.asp.net
I posted this previously but it ended up in Languages/C# rather than here. I'm not sure if I chose the wrong forum or the admin moved it. I wanted it in here so I'm re-posting it: I have an APK file (android application archive, same as JAR file format) that I need to determine whether or not is signed, and if so, extract the certificate info. The JDK provides a command line tool to do this: jarsigner -verbose -certs -verify file.apk I'm trying to determine if there's a way using the Security classes to accomplish the same thing in C# code.

Security :: How To Add Digital Signature On Two Web Service
forums.asp.net
I have never write code like this... so I am trying to explian what problem I meet here.. assuming I have 2 web service one named WS1 another named WS2 WS1 (send data  to WS2) → WS2 then WS2 (receive data from WS1 and do something then return result to WS1)→WS1 if I want to add digital signature between WS1 and WS2 so that WS1 connecting to WS2 , WS2 will recognize who is connecting by digital signature what do I need if I want to do that? and how to do?

Security :: After Login Redirect To A Desired Page?
forums.asp.net
Just a simple question. After I click login button, I want to page be redirected to display.aspx.

Security :: Remove Confirmation Page From CreateUserWizard?
forums.asp.net
I know its pretty easy, but i couldn't quite figure out how to remove the Confirmation page from the CreateUserWizard....I tried to remove the following code(i.e., CompleteWizardStep from CreateUserWizard Control) but that didn't work..... <asp:CompleteWizardStep ID="CompleteWizardStep1" runat="server"> <ContentTemplate> <table border="2" style="font-size: 100%; width: 320px;"> <tr> <td align="center" colspan="2"> Complete </td> </tr> <tr> <td> User account has been successfully created. </td> </tr> <tr> <td align="right" colspan="2"> <asp:Button ID="ContinueButton" runat="server" CausesValidation="False" CommandName="Continue" CssClass="Button" Text="Continue" ValidationGroup="CreateUserWizard1" /> </td> </tr> </table> </ContentTemplate> </asp:CompleteWizardStep>

Security :: What If CreateUserWizard Gets Refreshed
forums.asp.net
I customized CreateUserWizard, added WizardSteps.... If I reload the page (F5) and I am in Step3, it goes back to the first step. How do I remain in the same Wizardstep if the user refreshes the page. 

Security :: Can Add Captcha To CreateUserwizard
forums.asp.net
I have a blank page with a Captcha called Captcha.aspx. I would like to add this as the second step to a CreateUserwizard. The following is what I want to achieve:i) User enters their Username etc in CreateUserwizard and clicks the CreateUser Button(ii) After clicking the CreateUser button, user sees the Captcha.aspx page and enters the correct stuff in the Captcha box and click a continue button(iii) User account is created if correct details were entered in the Captcha else no account is created, rather the user is sent to a page informing him or her that no account has been created

Security :: How To Add Field To CreateUserWizard
forums.asp.net
I have been looking at adding a phone number field to the create user wizard and I have a few questions.I saw on this forum that in order to this I would need to alter the stored proc. Which i have seen and already altered. However I dunno how I can incorporate the textbox into the insert. How can I add txtPhoneExt as a parameter for insert? Where is the method for insert?

Security :: CreateUserWizard And Localization?
forums.asp.net
I have 2 questions: I am building an application and I use CreateUserWizard buildin control of VS2008. I need to build it multilingual(multilanguage) so I've found an explanation how to do it and I created resource files(Tools->Generate Local Resource). It works fine when page is loaded for a first time(all labels are writen in correct language),but for some reason,there are some validators which stays in default language(English),for example, if password and confirm password fields are not equal,it writes "The Password and Confirmation Password must match" (in English), in spite of the fact that I've changed the suitable lable in suitable resource file. When I fill all fields and click on create button, it moves to next step,in which there is a "complete" button and the message "your new account was succsesfully created", I've changed those texts either,but still it appears in English,though othere lables appeare in corect language.How to change text of mail,which is sent to user who forgot his password in password recovery control? It sends something like this: Please return to the site and log in using the following information. User Name: xxxxxxx Password: yyyyyyyyy

Security :: Add User Without The Createuserwizard?
forums.asp.net
I like to create users without the userwizard.Normally i do this with the userwizard, but i don't have it right now, want to do it with pure code.But how can i add the password to the user?Normally i use this code: ProfileCommon p = (ProfileCommon)ProfileCommon.Create(CreateUserWizard.UserName, true); p.Email = ((TextBox)CreateUserWizard.CreateUserStep.ContentTemplateContainer.FindControl("Email")).Text; p.Save();  What is the best, i want just the easy way, like if i add a user with the Asp.Net web administration tool.

Security :: Can Stop Then Continue With CreateUserWizard
forums.asp.net
I'm writing an application in which if the challenge question is true on a signup page with a CreateUserWizard, the user is permitted to continue to the next part of the signup process. Would it be best to make a second CreateUserWizard (if that's even possible)? I'm using code-behind and it seems like a piece of logic would go between the first and second wizard/wizard steps but am unsure if and how this would work in terms of the ASP code containing the wizard.

Security :: How To Create A User Login Control Without The Use Of Web Admin Tool
forums.asp.net
I'm looking for a way to create a login control without the use of web admin tool Here are my system requirements Windows 7 Visual Studio 2008 Professional Edition Microsoft SQL Server 2005 Express Edition  ESET Anti-virus but SQL and Studio files excluded from being scanned. I have got a database. I've created the front end of the user login control manually not using the toolbox. Basically what I need is that once a user has registered. He then logs in. when he enters his username and password how do I code it so the database realises it's him/her and takes them to their LOGGED IN user

Security :: Way To Assign Role With CreateUserWizard
forums.asp.net
When a new user is created using the CreateUserWizard, I want them to be assigned the role of Applicant.  Its easy to do in the ASP.Net Configuration Tool > Security > Create User > Select the Roles for this user.   But the default when the user signs in using the CreateUserWizard tool is no roles selected.  How do I make this new user default to the role Applicant?

Security :: Datasource Handling With CreateUserWizard
forums.asp.net
In a CreateUserWizard there are 2 dropdownlist to set the country and city of a new user. Where and how can those dropdownlists be assigned datasources from datareader, refreshed and accessed in codebehind for interaction between country and city? I tried but keep getting errors saying control not found. Is it impossible to do codebehind events with CreateUserWizard?

Security :: Extending The CreateUserWizard With New Fields?
forums.asp.net
1) Extend the CreateUserWizard control to insert additional User fields (eg. Gender, Age, Occupation, Address, Phone, etc...). OR 2) Create a brand new Custom Membership Provider of my own and skip using the inbuilt ASP.NET membership system. What is the best way to create a new User system with my own tables of User data as described above? Should i perhaps still use the standard ASP.NET membership system and then extend my own Registration page to add more User data to my own SQL backend table using the Identity value inserted into the aspnet_users table?

Security :: CreateUserWizard DDL Value To Mssql Fails?
forums.asp.net
I have created a C# registration page that includes a secret question and answer. The secret questions are in a dropdown list. When the form is submitted, all field information gets written to my mssql database successfully but the value selected in the dropdown ListItem gets NULL inserted instead of the question. What am I missing? Here is my code. [Code]....

Security :: Validation Does Not Fire On Createuserwizard?
forums.asp.net
I have a createuserwizard which has been working recently. Even though the form has the necessary validation elements like requiredfieldvalidator, comparevalidator and so on, the validation on client side does not fire and form is submitted and saved.I checked twice the code, nothing seemed wrong and have no what might it caused.

Security :: CreateUserWizard - How To Raise DuplicateUserName
forums.asp.net
I'm using the CreatUserWizard control along with my MembershipProvider. It all works fine bout a year now Recently there has been a new requirement to reserve some usernames. There is no need to go in details i think. Point is that i want to manually raise the same error the control raises when a user tries to register a username that has already been registered (i.e. DuplicateUserName) so the situation is handled the same way as when username really is a duplicate in aspMembership. Have tried differnet things with no luck, what would you advise me doing?

Security :: Populate A Text Box In CreateUserWizard?
forums.asp.net
I have the following CreateUserWizard control that has 3 steps in it. Step 1: WizardStepLoginName Step 2: WizardStep2 Step 3: CreateUserWizardStep1 In step 1, the user will check to see if the username is available.  If so, when the control gets to Step3, I want to have the text that is in the WizardStepLoginName txtLogin textbox to automatically populate the "UserName" textbox in the CreateUserWizardStep1 step. <asp:CreateUserWizard ID="CreateUserWizard1" runat="server" BackColor="#FFFBD6" BorderColor="#FFDFAD" BorderStyle="Solid" BorderWidth="1px" Font-Names="Verdana" Font-Size="10pt" Width="500px" ActiveStepIndex="3"> [code]...

Security :: Asp:CreateUserWizard FinishDestinationPageUrl Not Working?
forums.asp.net
I am having problems getting my asp:CreateUserWizard FinishDestinationPageUrl to work. I have an OnCreatedUser method that is firing just fine, but after that, it just stays on the same page.Here is the markup: [Code].... When users register, I want them to go to a default page, unless a return url has been passed in.

Security :: Editing CreateUserWizard Control?
forums.asp.net
i have used createuserwizard control in my project (v.s 2010 ) using c# and i want to do some modifications like i have to set user roles automatically while registering,

Security :: CreateUserWizard With Inserting A New Member?
forums.asp.net
I can't seem to add a new member when using the CreateUserWizard.... All my validation seems to be working...I don't think it is wired up correctly though because:   1. No user is added to the database (remote)   2. CompleteWizardStep does not fireI tried to see if anything was happening by stepping through the page's VB code and flagged...AddUserWizard_CreatedUser  sub...but it did not fire...I created a user using the built-in ASP.NET Configuration Wizard.. I also created a login file and I can successfully login.... just can't create a user with the CreateUserWizardmy hunch after some investigating is that I am missing something in my web.config file...I suspect I need something under the <authentication> tag???

Security :: Remove Fields From CreateUserWizard?
forums.asp.net
I am using the CreateUserWizard to create users in my new project (I am a complete newbie), but the wizard currently requires information from the user that is redundant for what I need. For example, I don't want security question & answer in my form, but I am not sure how to remove them. If I just remove the text fields, it says they are missing. I am pretty sure I know how to require further information, but I am not sure how to remove some of the defaults from the wizard. Removing the columns from the SQL server shouldn't be a problem. So, I am looking for a place to edit which information it should gather (and removing some of the defaults) and the SQL insertion code so I don't gather information I will never need and use.

Security :: Server Error Using CreateUserWizard?
forums.asp.net
Using VWD 2010/Express I started by creating a new "ASP.Net Web Site" so I got a jump-start with security,master page,and other content.I connected successfully to a SQL/Server database and all was working well, a while ago.I successfully registered new users,assigned roles,etc.I went on and made many other changes to the rest of the project - the only change I made in any of the security objects was that I added a "FullName" column to the Membership table. That was a while ago.I just tried to add a new user(haven't done that for a while) and the registration form throws the exception shown below.All other authencation forms seem to work correctly - I can still add/change roles,etc. As part of trying to find the problem,I created a new page and just dropped the CreateUserWizard on to it with no customization(I know, the database behind it still has that additional column),and I get the same error message.Are we not supposed to make any changes to aspnet_Membership ? (Yes - I will eventually have to remove that column and see if that makes the problem go away,but I'm addressing a different problem with permissions with my database hosting service)          Dave -----------------------------------------Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.Exception Details: System.Data.SqlClient.SqlException: INSERT failed because the following SET options have incorrect settings: 'QUOTED_IDENTIFIER'.Verify that SET options are correct for use with indexed views and/or indexes on computed columns and/or filtered indexes and/or query notifications and/or XML data type methods and/or spatial index operations.Cannot insert the value NULL into column 'UserId', table 'DB2323_123.dbo.aspnet_Membership'; column does not allow nulls.INSERT fails. The statement has been terminated. Server Error in '/' Application. INSERT failed because the following SET options have incorrect settings: 'QUOTED_IDENTIFIER'.Verify that SET options are correct for use with indexed views and/or indexes on computed columns and/or filtered indexes and/or query notifications and/or XML data type methods and/or spatial index operations. Cannot insert the value NULL into column 'UserId', table 'DB2323_123.dbo.aspnet_Membership'; column does not allow nulls.INSERT fails. The statement has been terminated.

Security :: Combining A Captcha With A CreateUserWizard Control?
forums.asp.net
I have a working registration page and I'm adding CAPTCHA.  The CAPTCHA works and I have a simple if/else loop to do what happens if the CAPTCHA input was correct or incorrect. if (Page.IsValid) { feedback.InnerHtml = "Correct."; //I would like to put something here to process the registration -- CAPTCHA was done correctly } else { feedback.InnerHtml = "Incorrect."; } I want to write something in the if/else loop that will enact the registration. Therefore, my button in CustomNavigationTemplate, <CustomNavigationTemplate> <asp:Button ID="StepNextButton" runat="server" CommandName="MoveNext" Text="Create User" ValidationGroup="CreateUserWizard1" /> </CustomNavigationTemplate> is obsolete. Is there something I can type that will programmatically achieve what this button performed?

Security :: CreateUserWizard SendingMail Event Not Firing?
forums.asp.net
I am using CreateUserWizard and want to make email verification on user registration.  But CreateUserWizard1_SendingMail event is not firing.

Security :: ValidationSummary Bulletlist Mode In CreateUserWizard?
forums.asp.net
On the following code, when I clicked submit, why the validation summary does not use the Bulletlist mode to show errors? [Code]....

Security :: Ensure Checkbox Is Checked In Createuserwizard?
forums.asp.net
I have a standard createuserwizard control, which adds a new member to my membership database.  All fine, except I need to ensure that the user checks the terms and conditions checkbox before the member is created in the code-behind page.  I need this to be server-side, rather than client-side, so a javascript-reliant solution isn't a solution :) The code-behind is like this: [Code].... The aspx code is like this: [Code].... how to add validation to the 'Terms' checkbox?  I've tried a normal validator and custom validators but just can't get them to work at all.

Security :: CreateUserWizard With Extra Profile Info?
forums.asp.net
I'm using the CreateUserWizard and it's working great.  I do have a "step2" that asks the newly created user their first name and last name.  Seems simple enough, but I'm getting an error on the Profile.Save(): "This property cannot be set for anonymous users".  I'm assuming this is due to the fact that I have DisableCreatedUser="true" for the CreateUserWizard, which is what I NEED to do.  Does this mean that until we enable this user, they can't add these few columns?  Since the site I am updating requires matching a newly registered user to an already existing "Artist" table, it's important that the administrators are given the first and last name of the user.  The aspnet_User table doesn't have that, so I thought I'd give the profile a try. 

Security :: How To Get Firstname With Loginname
forums.asp.net
Is it possible to obtain instead of username, domain name? I have  tbl_membership and tbl_domain tbl_membership JOIN with tbl_domain. How do I get a domain name in the table tbl_domain to "<asp:LoginName ID="LoginName1" runat="server" />"? Do I have to use the "where" Is it possible otherwise?

Security :: Display/capture Loginname Value In Textbox?
forums.asp.net
I have a code here where the loginname will display the computer name.I have another textbox,where i want the same loginname value to be displayed in the textbox.Here's my code : [Code]....

Security :: How To Show LoginName.FormatString Property
forums.asp.net
I need to show the first and last name of a user thats logged in on every page. I can get these values from the database as soon as the user loggs in. On my master page I could show this information but I thought to use the LoginView class. I used the loggedin template and the LoginName.FormatString Property "Welcome, {0}".  But this displays the computer name. How do I show the first and last names? Or should I save the full name into a session state and just assign the text of a lable to that name on each page?

Security :: Change Login Error Message?
forums.asp.net
I'm starting with the prebuilt ASP.NET site in VS 2010.  The login page gives the following error message if login fails: "Your login attempt was not successful. Please try again." How can this message be changed?

Does This Php Script Cause A Security Hole?
bytes.com
Someone told me the following script could be used to run harmful commands on the server, by passing commands into the script. What the script does is encode an affiliate URL, create two frames, with the affiliate URL decoded and placed in the bottom URL. The top frame contains http://www.domain.com/selectanothercard.html for navigation back to the originating site. The script is accessed with a link like this: <a href="sendcard.php?url=<? echo base64_encode("http://affiliateurl.com/ecards/fourthjuly11107/index.php?en=1&aid=12345"); ?>" target=_top>Send Card</a> The affiliate URL is first encoded, because otherwise it breaks (the ampersands cause problems). I tried another frame re-directing script, but it wouldn't carry through the affiliate info properly, so someone created this php script to encode/decode and create the frames. Could this script be used to send harmful commands to the server? If so, is there any way of modifying the script to fix that? Perhaps there are other alternatives to passing an affiliate URL into a frame like this script does? <html> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <frameset rows="50,*" cols="*" framespacing="0" frameborder="NO" border="0"> <frame src="http://www.domain.com/selectanothercard.html" name="topFrame" scrolling="NO" noresize > <frame src="<? echo base64_decode($url); ?>" name="mainFrame"> </frameset> <noframes> <body> Your browser does not support frames. </body> </noframes> </html> <? ////////////////////////////////////////////////////////////////////////////// // NOTES ////////////////////////////////////////////////////////////////////////////// /* HOW TO LINK TO THIS FRAMESET ---------------------------- * Your document that contains the links, must have the file extension ..php EXAMPLE LINK: <a href="sendcard.php?url=<? echo base64_encode("http://affiliateurl.com/ecards/fourthjuly11107/index.php?en=1&aid=12345"); ?>" target=_top>Send Card</a> */

Security - Add Into The List Of Items?
stackoverflow.com
ow do I add into the list of items allowed (gif$|jpg$|png$|jpeg$)into the following code $regexp = "/[0-9a-zA-z.]/"; if (preg_match($regexp, $imageInput)) also how do I add in an exclude list e.g so stop people unploading .exe files etc.

Security - The Safest Way To Avoid SQL Injection?
stackoverflow.com
I just wonder if this line of code is safe to use to avoid SQL injection? // username and password sent from form $myusername=$_POST['loginUserName']; $mypassword=$_POST['loginPassword']; [code]...

Whats Safest To Do In Terms Of Security And Sensibility
www.phpfreaks.com
what is better to do for security reasons and general better use of coding.. should php files be on their own and have the html files "include" the php file or just have the php with the html ?

Security :: Secure Login From A Non Secure HTTP Page?
forums.asp.net
I have a custom mini login user control that I have embedded in the top of my website which shows on every page. These pages are non-secure HTTP://.   I would like to avoid having to redirect the user to a HTTPS page to perform the login but I definitely don't want to send login credentials to the server in plain text. I am trying find a method to send the user's login credentials encrypted via https from a non-secure (http) page. I tried to set the postbackurl for the login button to itself but in https, but the user's input is not retained and the buttonLogin_click is not fired when I set the button postbackurl property. My ASP.net web application is VB.Net framework 4.0 I am assuming this can be done because I see lots of websites where login fields are on available on every page and they are running http and I can believe they are not encrypting the login credentials.

Security :: Catch Exception And Display Error In Labels Text Property?
forums.asp.net
i have a datagrid control which displays users created using sqlMembership..it has a row deleting event which is only accessed by administrators here is the code..   [Code].... my problem here is to catch the securityexception and display in label

Security :: Windows Authentication Timeout And Page Refresh Using Javascript?
forums.asp.net
I have a web page that refreshes every one minute and the solution  times out every 20 minutes, would the one minute refresh be considered as user activity and therefore doesn't time out every 20 minutes? And if not, how do I convince the page that the one minute refresh is like a user activity and it shouldn't time out?Here is the javascript to refresh every one minute: [Code]....

Security :: Active Directory Authentication With Login Control 3.5 Or 4?
forums.asp.net
I am trying to follow instructions on how to create a login page that tests against active directory.  My issue is all of the tutorials seem to be written for ASP.NET 2.0.  When I try to follow them I cannot get them to work.  Does anyone have any tutorial or information for .NET 3.5 or 4.0?

Security :: Validate A Digital Signature Which Consists Of Thumb Impression,signature And Tokenid?
forums.asp.net
 I need to validate a digital signature which consists of thumb impression,signature and tokenid which is in pendrive with a columns of a table in sqlserver2008 database. I am using capicom.dll in asp.net 3.5 using c#.  I tried but I am unable to do it.

Using Iframe In Secure Page Show Non Secure Message On IE8?
www.vbforums.com
I have a web page that used IFrame to show an http website in my https page. The problem is: It keeps showing user non-secure message.(as in attachment) I have read some articles. Most of those articles suggested to change the security setting in the IE, which is not a good solution. My question is: Do we have any solution that show both Secure and Non-Secure site in the same page without showing security message?

Host Has Secured Your Managed Dedicated Server?
www.webhostingtalk.com
how to check if you host has made their job correct ? We are looking into a PCI scan just because of the security, we do not need to be PCI compliant, but the security standard is what I believe the most reliable to stick to.

Check /etc/named.conf For Recursion Restrictions
www.webhostingtalk.com
I'm getting this warning from check server security option in csf : -------- You have a local DNS server running but do not have any recursion restrictions set in /etc/named.conf. This is a security and performance risk and you should look at restricting recursive lookups to the local IP addresses only -------- I saw named.conf but In fact I didn't understand what should I do Can somebody tells me what should i do and what this warning trying to tell me?

Disable Animated Gifs Using Javascript And The Canvas Tag?
stackoverflow.com
you'll run into some problems trying to implement that cross-browser, namely: security restrictions. The problem with my example is that it replaces the original image with a canvas tag. That sucks, I loose all CSS rules that would normally work for what should normally be there.My original idea was to replace the image with the output of canvas.toDataURL() as the src attribute on a new Image() object, but seeing as the image is hosted on another domain I get security restriction errors. Again, that sucks.

Read/Write Text File Manipulation
www.phpfreaks.com
I have a script that writes a hit to a text file, but lately I have been noticing that the text file number is decreasing, instead of increasing or stay the same. Could some one be doing this and if so what is a good security measure to put into place to prevent this from occuring? I would prefer not to register the hits in a database; I would rather stick to a text file storage medium for this case.

Open Mdb Database In Website
www.vbcity.com
hi,I wrote vb6 program that use mdb file and i used this ConnectionStringCode:cnStr = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=c:databasesdata.mdb;Jet OLEDBatabase Password=1234;Persist Security Info=False"Now I want to used the same program with the same database. But i want to put the mdb file in my web site. I can't find the correct parameters for the ConnectionString.can some one help me?

Flash :: Use Network Services For FDT?
stackoverflow.com
I've recently started using FDT, for a while I was using FlashDevelop, it had a really handy feature in Compiler options where you can set UseNetworkServices to false which would stop the compiled swf from connecting to the internet and became very useful for running standalone flash apps without security warnings when loading in an external xml file etc.

Unable To Upload Files On Shared Hosting Server
www.webhostingtalk.com
When i try to upload a image files to the linux based shared hosting server application with java and .Jsp files (using apache common file upload) the following exception is getting...! java.security.AccessControlException: access denied (java.io.FilePermission /var/chroot/home/content/h/e/r/heritageameric/html/heritageshopping/abc.txt write) Hosting people suggesting me that i need .htaccess file to solve and get write permission..! But iam completely new to this .htaccess file concept..!

Canadian Host With Separate Accounts?
www.webhostingtalk.com
Anyone aware of a hosting company with all of their hardware in Canada who offers in their basic accounts the ability to host multiple domains without using sub-domains or sub-folders. I want to host several domains with individual administration and security so that a bad script or hack of one wont affect the other domains. Hoping to do it with a single account.

ActionScript 2.0 :: RSS Feed Into Flash
www.actionscript.org
pull some simple text from an external website's RSS feed into a basic text box in a Flash movie. It would need to be in AS2 to fit with the website. The RSS feed is on a PHP page: [URL] I understand I need to pull the content via an xml / php page under my own domain in order to get around the Flash security, but I still can't scrape together the right code for it to work.

Accept-Encoding: Tzip, Meflate
www.webhostingtalk.com
I've seen this header being sent by a small number of visitors. I suppose it's due to some personal antivirus or firewall, as Norton Internet Security strikes out the Accept-Encoding header too (in a different fashion though - it asterisks them out).

Error Message In Calendar / Server Error In '/please-god' Application?
stackoverflow.com
i am experiencing thi error when i click on the application in the remote machine. Server Error in '/please-god' Application. Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. Source Error: Line 7: Dim oBF As New BinaryFormatter() Line 8: Dim oFS As FileStream Line 9: Dim strPath As String = Path.GetTempPath & "schedule.Bin" Line 10: Line 11: Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load Source File: D:Hosting4423045htmlplease-godappointmentscheduler.aspx.vb Line: 9 the full codes for the application is this : Imports System.IO Imports System.Runtime.Serialization.Formatters.Binary Partial Class appointmentscheduler Inherits System.Web.UI.Page Dim arrCalendar(12, 31) As String Dim oBF As New BinaryFormatter() Dim oFS As FileStream Dim strPath As String = Path.GetTempPath & "schedule.Bin" Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load If (Cache("arrCalendar") Is Nothing) Then If (File.Exists(strPath)) Then oFS = New FileStream(strPath, FileMode.Open) arrCalendar = DirectCast(oBF.Deserialize(oFS), Array) oFS.Close() Cache("arrCalendar") = arrCalendar End If Else arrCalendar = Cache("arrCalendar") End If End Sub Protected Sub btnSave_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnSave.Click arrCalendar(Me.myCalendar.SelectedDate.Month, Me.myCalendar.SelectedDate.Day) = Me.myNotes.Text oFS = New FileStream(strPath, FileMode.Create) oBF.Serialize(oFS, arrCalendar) oFS.Close() Cache("arrCalendar") = arrCalendar End Sub Protected Sub btnDelete_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnDelete.Click arrCalendar(Me.myCalendar.SelectedDate.Month, Me.myCalendar.SelectedDate.Day) = "" oFS = New FileStream(strPath, FileMode.Create) oBF.Serialize(oFS, arrCalendar) oFS.Close() Cache("arrCalendar") = arrCalendar Me.myNotes.Text = "" End Sub Protected Sub myCalendar_DayRender(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.DayRenderEventArgs) Handles myCalendar.DayRender If arrCalendar(e.Day.Date.Month, e.Day.Date.Day) <> "" Then e.Cell.BackColor = Drawing.Color.Red End If End Sub Protected Sub myCalendar_SelectionChanged(ByVal sender As Object, ByVal e As System.EventArgs) Handles myCalendar.SelectionChanged Me.myNotes.Text = "" If arrCalendar(Me.myCalendar.SelectedDate.Month, Me.myCalendar.SelectedDate.Day) <> "" Then Me.myNotes.Text = arrCalendar(Me.myCalendar.SelectedDate.Month, Me.myCalendar.SelectedDate.Day) End If End Sub End Class What do i have to do to eliminate this error message?

AJAX :: What Is The Best Method To Use ICallback Or PageMethods With JQuery
forums.asp.net
I am creating a website in asp.net its a very big site about 250 pages and with a big sql database. I am confused as which ajax method i should follow. There are three options. 1. ASP.NET UpdatePanels -: Simple to use but causes a lots of uneccessary request and viewstate. I want my pages to open as quick as possible. 2.ICallback-: Causes less request and renders the page quickly. But security concerns and viewstate are there. 3.Page Methods with jQuery-: No Security anyone can quickly hack the parameters passed using "POST" mehtod.

MVC :: Submitting Form With Multiple Selects
forums.asp.net
I have created a search page/form for finding employees and adding them to a list. The search works great, but what I am unable to figure out is how to select each employee and have them added to a simple ListBox or other control. After the user has run multiple searches and added multiple employees, at that point, they will submit the form. The information from the form will be used to create a security wall which will be passed to a third party web service. Here is one boundary: I cannot create an ActionLink that passes one user at a time to the web service as they are "selected." The web service requires that the security wall be submitted in whole. Once the wall is submitted, I am unable to access that wall and make any modifications to it through their web service. Simply put, it is a one way ticket. Does anyone have any ideas on how to implement such a page or can point me to a tutorial or example?

Website Neighbourhood Reports
www.webhostingtalk.com
Does anyone know of a website that produces security reports for websites in your link neighbourhood? I remember having a link to site like that did maps of problems sites but I can't find it...

DataSource Controls :: A Binary Aggregate Overwrite Type Function?
forums.asp.net
Is there a way to do this in either scalar function form or in an aggregate function form?  The problem I'm dealing with is building a security system with multiple tiers of inheritable permissions.  Like you'll inherit certain permissions form the department level and then certain permissions from the supervisor level.  I'd like to find a way to produce these resultsFor user permissions I pull these binary values and get these results, (they are sorted by their tree node depth level in the hierarchy.

Scripting A Whosonline Script
forums.devshed.com
If i was to create a whos online script. what would be the best and secured way to create it? Well security is my major so dont really mind that part.. but what would be the best way to create it?

Disabling SSL Check On OAuth Calls?
stackoverflow.com
Library to make oauth-signed requests, but I'm getting a problem with the ssl certs. I need to bypass the certificate validation (I know this is a security problem, it's for development only). [URL]... Which looks exactly what I need but when trying to run the code with this: I get this error:[Fri Dec 17 15:43:12 2010] [error] [client ::1] PHP Fatal error: Class 'OAuth' not found in /Library/WebServer/Documents/oauth/test.php on line 9.

Using Foreach Inside Switch
www.phpfreaks.com
On a form there's a list of countries for the user to choose from. On the processing script, how can I check to make sure that users have indeed choosen from the list I have provided? I tried the following but it gave me a "parse error, unexpected T_FOREACH, expecting T_CASE or T_DEFAULT or '}'" on the line with the foreach statement. How should I code this security check? Code:

Accessing $_POST Variables
phpbuilder.com
I am looking at the possible security problems that have left open in my site. I am changing any $_GET to $_POST but i have hit a problem. previously i had this code: PHP Code: echo "<td align=middle width=33%><a href="javascript:loadwindow('sepack.php?parts=".$SEPACKSTRINGPARTS."&desc=".$SEPACKSTRINGDESC."',490,380)">".$this->selectedOptions['optional'][$x]."</a></td>";

Function Returning Abort Of Subroutine?
www.xtremevbtalk.com
So I want so when something happens during the function I want it to bail out of the subroutine that it was called from WITHOUT having to put: Code:If Functionname(values) = False then 'As in abort '...end ifThis would be a great help in security of my program yet cutting down on me coding every time the function is called

Create A Web Interface For Cusotmers To Enter Credit Card Information?
www.phpfreaks.com
I'm looking at creating a web interface for cusotmers to enter credit card information. What is the best approach for this? Keeping in mind security of data... Maybe this last point is more a question for web server administrators, but thought I'd ask anyway.

What File Type Restrictions Should Use
www.phpfreaks.com
I have a question regarding file type restrictions when uploading to a database . I am currently using the MAMP program rather than an actual online server and the MySQL version is: MySQL 5.1.44. I want to have one column in a table for virtually any type of file a user would wish to load, .mov, .jpg, .doc, .pdf, etc. you should add restrictions on what the user is allowed to upload. The idea is that they can actually upload anything they want. Is security really a threat by doing this? And what would the threat be? As I don't really know much about security. If so, should there be any types of files that I would be wise to restrict?, would it be wise for example to restrict uploads that are .php scripts as that is what I have written the website code in. It would change the whole concept of this aspect of my website if I were to only allow certain files so I would prefer to limit the users as little as possible. Sorry if this is a silly question, like I say I don't really know much about security. I've only gone as far as encrypting passwords as there won't be any sensitive data being stored.

Unable To Connect To Database On A Remote Linux Server From A Windows GUI Tool?
stackoverflow.com
I have setup a mysql database on a linux server on Amazon's EC2. This works well locally. I can log into the linux box and administer the mysql database I am trying to connect my local GUI client to the remote mysql and it is failing to connect. I updated the /etc/mysql/my.cnf file and changed the following: skip-networking bind-address = 0.0.0.0 I am still not able to connect. EDIT: I first tried bind-address=0.0.0.0 , then I added skip-networking with bind-address EDIT #2: I made sure the security group opens on 3306. I also have other ports open which work so I dont think its an amazon specific issue

Link MySQL And MsSQL 2000
www.dbforums.com
I am trying to set up mySQL as a linked server in MSSQL. I have done this with both servers on the same machine but they reside on different machines. I have a working ODBC system datasource. But when I try to access the tables from MSSQL enterprise manager-security-linked servers I get "Error 7399:OLE DB provider 'MSDASQL' reported an error. Data source name not found and no default driver specified] OLE DB error trace [OLE/DB Provider 'MSDASQL' IDBInitialize::Initialize returned 0x80004005: ]. I suspect it is the settings I am using in the Linked server wizard. Does anyone know either the ad_linkedserver sp parameters, or what I should be entering into the linked server wizard in enterprise manager.

CentOS 5 Networking :: Samba Share Access Restriction?
www.centos.org
cannot restrict share access to a single user. I've played with the security and valid users options in the smb.conf and I can get it to mount if I remove the valid users option, but this does not provide the access restriction I need. I also left it open and tried making the folder permissions rwx for backupadmin only and that didn't work. I'm using a credentials file which I include below, but I've tried manually entering them in the command too. [root@aaphst02 /]# mount -t cifs //aapsan01/aapxen01 /mnt/aapxen01 --verbose -o credentials=/root/smbcreds mount.cifs kernel mount options: unc=//aapsan01aapxen01,ip=10.0.1.34,user=backupadmin,ver=1,rw,credentials=/root/smbcreds,pass=******** [Code].....

Unable To Connect /can Connect To My Guest Network?
discussions.apple.com
I have a Time Capsule set up with a Guest Network. Two of my visiting siblings both have iPads (one with v3.2 and one with v3.2.1) and neither of them can connect to my Guest Network. I tried changing the security type for the Guest Network and even turning it off altogether, so no password would be required, but neither iPad would connect. The Guest Network itself appears to work fine, as my wife's MacBook connected to it no problem. As a temporary solution, I added my sister's iPad's MAC address to my access control list and let her join my primary network, but I'd really like to figure out why the iPads are being excluded from the Guest Network Information: Mac Mini 1.83 GHz 2 GB SuperDrive Mac OS X (10.6.4) iPad 64GB 3G, iPod Touch 32GB 2nd Gen, 2TB Time Capsule

Unable To Connect To Network/can't Even Connect To My Home Network?
discussions.apple.com
Title says it all, bought a 64gig iPad wifi today...little did i know tons of users are having wifi problems...my problem doesnt seem to fit the others though. Most of what i've read people can connect for a bit, and after being in sleep mode then it has problems. I can't even connect to my home network. Works fine with my ipod Touch, laptop, etc. I dont have any form of security set up on my router what so ever. I plan on buying a new router soon (for reasons other than this iPad crap.) I'd really like to see some kind of resolution to this problem before i need to do that though.I tried all that i could out of the trouble shooting stuff. nothing worked. I even tried setting up a static IP for it. What else can be done? i really dont want to have to return it since its such a nice piece of tech. Information: iPad Other OS

Writing To External File
phpbuilder.com
I noticed that in order for me to be able to write output to external file, I must have that file CHMOD 0777. Now, this file will have static html in it to be used as include. Question, how bad of a security risk is it to leave static HTML page with 0777 permissions. There is no direct link to that file otherwise. I tried to see if I can CHMOD the file to 0777 using PHP, write my output and then CHMOD it back to 0644, but it doesn't seem to work. I suppose my server settings do not permit it.

Link To Spreadsheet
www.xtremevbtalk.com
I posted this in the VBA forum but got no reply so hopefully someone here can help me out. My Boss has given me a project that involves reading data from a spreadsheet he's created. I haven't used Excel with VB before and don't know how to get VB to read the data from within the spreadsheet? I know with an access DB i can use the below. Is this similar for a spreadsheet? Code:Public Function ConnectString() As StringConnectString = "Provider=Microsoft.Jet.OLEDB.4.0;" & _ "Persist Security Info=False;" & _ "Data Source=" & App.Path & "kidsspace.mdb"End Function

Link To Spreadsheet
www.vbforums.com
I posted this in the VBA forum but got no reply so hopefully someone here can help me out. My Boss has given me a project that involves reading data from a spreadsheet he's created. I haven't used Excel with VB before and don't know how to get VB to read the data from within the spreadsheet? I know with an access DB i can use the below. Is this similar for a spreadsheet? Code:Public Function ConnectString() As StringConnectString = "Provider=Microsoft.Jet.OLEDB.4.0;" & _ "Persist Security Info=False;" & _ "Data Source=" & App.Path & "kidsspace.mdb"End Function

No Link Table Manager
www.access-programmers.co.uk
I am working on a new system. Have been given Full MS Access but Link Table Manager fails it gives a standard security warning that this new system enforces it says Opening: CProg..FilesMSOfficeOffice11ACWZTOOL.MDE however on selecting OPEN nothing happens. If Cancel is hit then long critical message saying in short " Can't find wizard , syntax error in delerations in VB. Likewise I cannot link to a spreadsheet without using the manager. Question is there anything I can do or is it the fact that these are options were not installed and it is an administrators job?

File Write Permissions
www.phpfreaks.com
I'm trying to get an open source PHP app working for my company.  It's giving me the following custom error: FreeMED was unable to create a file to record the healthy status of the system. The FreeMED directory should be owned by the user that the webserver is running as... Usually this is 'apache'. You can also fix this by giving universal write access to the home directory of FreeMED. But that is not advisable from a security standpoint. I've narrowed it down to the line of PHP that's breaking it here: $test = CreateObject('FreeMED.FreeMEDSelfTest'); As far as I can tell, I've made the directory it's using as open as possible and it's still giving me that error.  The owner is apache (user and group) and the permissions are (temporarily) set at 0777 (universal read/write). Is there some PHP or Apache configuration that needs changed to allow PHP this kind of permission?

Android :: Apps Hijacking Address Book - Google Mail
androidforums.com
I started receiving lots of rejected emails from my gmail.com account this evening... looks as though my phone (HTC Desire / Android 2.1) has been sending out bogus emails... no subject, just a link to a website ... eg. hxxp://xxsomethingxxx.spaces.live.com Its sent a different website to each section of my addressbook, so as not to have too many recipients on each outgoing email... some of the other emails reference different sites ... I've no idea what's caused this...assume it must be an app that's been installed. I've installed the free AV on my phone from the google market (orange/white capsule). I've fixed all the reported errors... Guess I wanted to know if anyone has seen this before... I'm worried the O/S may now be compromised and i'll need to start from scratch. If anyone can provide any advice and / or pointers to diagnostic/security tools it would be most welcome.

Android :: How To Link Paid Application User Account To System?
stackoverflow.com
I have an issue related publishing the paid app to android market. (My application is internet connection based app.) If I've put the app to the android market, can user who bought the app pass to anyone? How is its security (I mean safe of .apk file)? Also, what is payment tool of android market? My main point is choosing the best way to link paid user to our system. Actually I don't know how to link paid user account to my system(by email address or device unique ID? What is better way?).

Secure Login With Additional Context Information Passed Through (which Also Needs To Be Secure)
stackoverflow.com
My web application will be launched through existing thick client applications. When launched, an HTTP POST request will be generated including information like the userID and additional context information (basically stuff like the target user's name, birthday, etc.). My plan for authentication is for there to be a look-up table in the database. If the username is already there, automatically login the user, but if there is no entry in the database, redirect the user to an initial login page which will be used to create that database entry. My question is how to secure this against MITM and other security holes. How can the request generated through the thick client be on an SSL connection? Doesn't an SSL connection have to be authenticated with the username (and password) first? And if so, will the additional context information be publicly exposed until the user is logged in?

Elmah - Catch An Error But Still Log It And Send Email?
stackoverflow.com
First I found that you can catch it and log it inside a catch, but this doesn't send an email. Then I found out about using the Error Signal class. That worked, however what wasn't apparent from reading, is that it treats the error like normal, so when I signal the error it goes to the custom error page still, I don't want that to happen. What I want to do is catch that error, log it, send the email, but stay on the page the error happened so I can provide special feedback. I do not want it go to the custom error page. EDIT: This is what I have and it redirects me to the custom error page. Try smtpClient.Send(mailMessage) Catch smtpEx As SmtpException errorSignal.FromCurrentContext().Raise(smtpEx) Catch ex As Exception errorSignal.FromCurrentContext().Raise(ex) End Try Edit: Posting my web.config sections that involve Elmah (besides the connection string hah) And there is nothing in my Global.asax file involving Elmah. <configSections> <sectionGroup name="elmah"> <section name="security" requirePermission="false" type="Elmah.SecuritySectionHandler, Elmah" /> <section name="errorLog" requirePermission="false" type="Elmah.ErrorLogSectionHandler, Elmah" /> <section name="errorMail" requirePermission="false" type="Elmah.ErrorMailSectionHandler, Elmah" /> <section name="errorFilter" requirePermission="false" type="Elmah.ErrorFilterSectionHandler, Elmah" /> </sectionGroup> </configSections> <elmah> <security allowRemoteAccess="1" /> <errorLog type="Elmah.SqlErrorLog, Elmah" connectionStringName="Elmah.Sql" applicationName="Web Main" /> <errorMail from="xxx" to="xxx" cc="xxx" subject="main website error" async="true" smtpPort="25" smtpServer="xxx" userName="xxx" password="xxx" /> <errorFilter> <test> <and> <equal binding="HttpStatusCode" value="404" type="Int32" /> <regex binding="FilterSourceType.Name" pattern="mail" /> </and> </test> </errorFilter> </elmah> <httpHandlers> <add verb="POST,GET,HEAD" path="errors/admin/elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" /> </httpHandlers> <httpModules> <add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" /> <add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" /> <add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" /> </httpModules> <system.webServer> <modules runAllManagedModulesForAllRequests="true"> <add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" preCondition="managedHandler" /> <add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" preCondition="managedHandler" /> <add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" preCondition="managedHandler" /> </modules> <handlers> <add name="Elmah" path="elmah/admin/elmah.axd" verb="POST,GET,HEAD" type="Elmah.ErrorLogPageFactory, Elmah" preCondition="integratedMode" /> </handlers> <httpErrors> <remove statusCode="404" subStatusCode="-1" /> <remove statusCode="500" subStatusCode="-1" /> <error statusCode="500" prefixLanguageFilePath="" path="/errors/error.asp" responseMode="ExecuteURL" /> <error statusCode="404" prefixLanguageFilePath="" path="/global/404.aspx" responseMode="ExecuteURL" /> </httpErrors> </system.webServer> <location path="errors/admin/elmah.axd"> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </location>