How to go about designing an intermediate routing filter program to accept input and forward accordingly?
My predicament:
What are the security implications of running untrusted code on my server?
I would like to set up an app that allows users to send their code and execute it on my server. The thought of running untrusted code makes me cringe, so I am trying to set up an exhaustive list of security threats that should be addressed.
How do I trust an off site application
I need to implement something similar to a license server. This will have to be installed off site at the customers’ location and needs to communicate with other applications at the customers’ site (the applications that use the licenses) and an application running in our hosting center (for reporting and getting license information).
Is the escaping provided by the Google-Gson library enough to ensure a safe JSON payload?
I am currently using the Google-Gson library to convert Java objects into JSON inside a web service.
Moving between sites using SAML
I’m tasked with developing an SSO system, and was guided towards using the SAML spec. After some research I think understand the interaction between a Service Provider and an ID Provider and how a user’s identity is confirmed. But what happens when I redirect the user to another Service Provider? How do I ascertain the user’s identity there? Do I send his SAML assertion tokens along with the redirect request? Or does the second Service Provider need to contact the ID Provider all over again?
Security issue about making my code public in GitHub
I’m developing a big community/forum website and I’d like to upload my code to GitHub to have at least some sort of version control over it (because I have nothing other than a .rar file as a backup, not even SVN), to let others contribute to the project, and also perhaps using it to let my potential future employers see some of my code as some sort of curriculum.
Are python’s cryptographic modules good enough?
I mean, say you were writing professional grade software that would involve sensitive client information. (Take this in the context of me being an amateur programmer.)
Securing credentials passed to web service
I’m attempting to design a single sign on system for use in a distributed architecture. Specifically, I must provide a way for a client website (that is, a website on a different domain/server/network) to allow users to register accounts on my central system.
How to implement a safe password history
Passwords shouldn’t be stored in plain text for obvious security reasons: you have to store hashes, and you should also generate the hash carefully to avoid rainbow table attacks.
Can HTML injection be a security issue?
I recently came across a website that generates a random adjective, surrounded by a prefix and suffix entered by the user. For example, if the user enters “123” for prefix, and “789” for suffix, it might generate “123Productive789”. I’ve been screwing around with it, and I thought I might try something out. I entered this into the prefix field: