|
I am trying to use username message security in WCF. I am trying to find out if using transport credential type of None/Anonymous will pose a definite security risk.
My concern is with the initial exchange where binary data is tunneled through using the...
Started by alram on
, 4 posts
by 4 people.
Answer Snippets (Read the full thread at stackoverflow):
Sign the whole thing and....
Transport security will be accepted.
Essentially, there is no risk that a password is exposed to someone sniffing the network if you use password digests (default).
Did some more research here.
Not recommend it.
|
|
We have had a external company produce security risk report on our web app and they stated that allowing cacheable HTTPS responses is a 'moderate' security risk.
Would people agree with this assessment?
Started by c00ke on
, 3 posts
by 3 people.
Answer Snippets (Read the full thread at stackoverflow):
If it does not genuinely need to be secure, it is just passed over https with stuff.
That is at risk of cracking.
|
|
I have a Joomla site www.siteA.com and another Joomla site www.siteA.com/siteB.
I have a .htaccess -file at siteA, but not at siteB.
Is it a security risk not to have a .htaccess -file at siteB?
Started by Masi on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at stackoverflow):
That could....
It's a security risk not to have your server configured properly, but all that configuration have access to the main server configuration files, it's probably not a security risk to not have in a directory.
At all.
|
Ask your Facebook Friends
|
Are there any particular security concerns to keep in mind with company-wide use of Dropbox file sharing / versioning / backing up, and are there specific options or settings that would be recommended to limit the risk?
Started by davebug on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at serverfault):
I would tread very application itself can't be compromised....
I think they're working on a version for companies to use internally, with more security that, I can't see other security risks specific to Dropbox (like information leakage).
|
|
I have to handle some sensitive data in my application, such as passwords, credit card information, etc. What are possible security risks I could have and how can I avoid them?
Started by Bogdan Gusiev on
, 6 posts
by 6 people.
Answer Snippets (Read the full thread at stackoverflow):
Amongst other things, it requires that the data be held encrypted on a separate fraudulent activity following a security breach, and can include them ceasing working with you interpretation as a non legal person)
More....
Security Standard).
|
|
If I set my Windows 7 account to automatically logon so I don't have to type a password, and I don't have to click my username on the logon screen, I heard it's a security risk.
Windows 7 Auto Login
What is risky about it besides people being able to ...
Started by Phenom on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at superuser):
When you set autologon, your an issue for you, there's no... .
That's the security risk it is referring to - anyone who obtains physical access to the machine up to your computer and use it, there is another minor security risk.
|
|
Hello everyone,
I am using VSTS 2008 + C# + .Net 3.5 + IIS 7.0 + ASP.Net. In my understanding of Forms authentication, a session variable (used for authentication identifier -- i.e. when a user passed authentication, the user will have such a session ...
Started by George2 on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at stackoverflow):
This is a potential security risk by sniffing the traffic, so there is a security risk involved with using the session the security is critical (banking, et....
You could refer to this question for some more information .
|
|
I'm planning on throwing together a quick web page for my students to teach them about JavaScript programming. On this page, I'd like to give them a text box and allow them to run JavaScript so that they can see the dynamic nature of the language at work...
Started by Spitfire on
, 8 posts
by 8 people.
Answer Snippets (Read the full thread at stackoverflow):
In short, there....
Since everything is being run client-on.
The security risk you're taking.)
If it's on a local "Throw-away" machine, then there is very little risk.
To PHP /etc on the other hand would be a horrible, terrible idea .
|
|
The organisation for which I work has an international WAN that connects several of its regional LANs. One of my team members is working on a service that receives un-encrypted messages directly from a FIX gateway in Tokyo to an app server in London, ...
Started by RoadWarrior on
, 7 posts
by 7 people.
Answer Snippets (Read the full thread at stackoverflow):
It provides security....
Any time you go through servers that you don't control there is a risk of someone either changing to says:
"But there's no encryption and no additional security [with Ethernet]," Rey says of encryption out of the box.
|
|
Whilst security vetting our machines, i found that one host was exposing a Microsoft-HTTPAPI/2.0 service over port 80 to the internet.
I'm not familiar with this, but after googling around, i found that SQL Server 2008 publishes SQL Server Reporting Services...
Started by Cheekysoft on
, 3 posts
by 3 people.
Answer Snippets (Read the full thread at serverfault):
It doesn't mean a damn thing.
Not a security risk until you can demonstrate that is valuable to an attacker.
|
