secure-coding

Are there any coding guidelines for the Android platform that focus on security?

我与影子孤独终老i 提交于 2019-12-07 11:08:55
问题 Are there any good coding guidelines for the Android platform that focus on security? Thanks 回答1: You'll probably want to take a look at the security design of the framework itself. Also, as a more general source of security guidelines for mobile applications, you may want to look at the book "Mobile Application Security". 回答2: See also Android API/development security pitfalls, which discusses some pitfalls to watch out for (although the answers are more focused on design errors rather than

android: validate the identity of intent sender

血红的双手。 提交于 2019-12-05 23:05:28
问题 I work in a company that produces several apps, not all those apps have the same signature or more like it we have at least 5-6 apps certificates for the time being. We tried to create a mechanism in which all the companie's apps on the same device share the same is, For example if user installed from the market App A and no app installed, a new ID will be generated, if now he installs App A, app B should have the same id as App A(id is just a generated UUID type #4) etc... We are using

PHP Secure Session Login - Best Practice

霸气de小男生 提交于 2019-12-04 12:35:16
问题 As part of my web app. This is some code I am considering (I'm not the best of PHP programmers but I programming my own app for a project): // Start session session_start(); // Is the user already logged in? if (isset($_SESSION['username'])) { header('Location: members-only-page.php'); } I want to know, if my login structure is like this, is this secure. http://site.com/ https://site.com/login.php https://site.com/login-action.php (MySQL login check, with md5 password check) http://site.com

Secure C coding practices

随声附和 提交于 2019-12-04 08:20:32
问题 I am looking for a comprehensive record of secure coding practices in C. Since i haven't found such a list existing here already we might as well make this into a community wiki, for further reference. I am looking for solutions to security issues like stack and heap based buffer overflows and underflows, integer overflows and underflows, format string attacks, null pointer dereferencing, heap/memory inspection attacks, etc.. NB: Besides coding practices, secure libraries that defend against

android: validate the identity of intent sender

孤街浪徒 提交于 2019-12-04 04:07:15
I work in a company that produces several apps, not all those apps have the same signature or more like it we have at least 5-6 apps certificates for the time being. We tried to create a mechanism in which all the companie's apps on the same device share the same is, For example if user installed from the market App A and no app installed, a new ID will be generated, if now he installs App A, app B should have the same id as App A(id is just a generated UUID type #4) etc... We are using broadcast at the moment and only apps with our permission can receive that broadcast and send back the id

How to create a temporary file with portable shell in a secure way?

南笙酒味 提交于 2019-12-03 12:46:24
I want to create a temporary file in POSIX shell ( /bin/sh ). I found out that mktemp(1) doens't exist on my AIX box, and according to How portable is mktemp(1)? , it isn't that portable and/or secure anyway. So, what should I use instead ? billhill00 Why not use /dev/random ? It could be neater with perl but od and awk will do, something like: tempfile=XXX-$(od -N4 -tu /dev/random | awk 'NR==1 {print $2} {}') ghoti You didn't exactly define "secure", but one element of it is probably to clean up after yourself. trap "rm -f \"$tmpfile\"" 0 1 2 3 15 You can probably man 3 signal to see if there

PHP Secure Session Login - Best Practice

拜拜、爱过 提交于 2019-12-03 07:59:24
As part of my web app. This is some code I am considering (I'm not the best of PHP programmers but I programming my own app for a project): // Start session session_start(); // Is the user already logged in? if (isset($_SESSION['username'])) { header('Location: members-only-page.php'); } I want to know, if my login structure is like this, is this secure. http://site.com/ https://site.com/login.php https://site.com/login-action.php (MySQL login check, with md5 password check) http://site.com/cp/members-only-page.php I am using MD5(); but I am not entirely happy with the whole $_session["user"]=

Securing a contact form script

拥有回忆 提交于 2019-12-02 11:11:01
Hello! I am just wondering how secure is this contactform script I just made? My teacher was nagging at me a long time ago when I made my contactforms. if($_SERVER['REQUEST_METHOD'] === 'POST'){ $myemail = "email@adress.com"; $name = $_POST['name']; $email = $_POST['email']; $phone = $_POST['phone']; $subject = $_POST['subject']; $comments = $_POST['comments']; if($name == 0 || !preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email) || !preg_match("/^\d{2}(-\d{3}){2}(\d{2})?$/", $phone) || $subject == 0 || $comments == 0){ $error_message = 'Something was written wrong..'; } else { $message =

How to secure database configuration file in project? [duplicate]

巧了我就是萌 提交于 2019-11-29 08:23:40
问题 This question already has an answer here: How to secure database passwords in PHP? 16 answers a better approach than storing mysql password in plain text in config file? 7 answers I have created on php file for establishing connection with database server. In this file, i am using mysql_connect() function with parameters host, username and password of my database server. public class DatabaseConnect { function __construct() { mysql_connect('localhost','username','password') or die('Could not

how does one securely clear std::string?

偶尔善良 提交于 2019-11-27 08:21:54
How does one store sensitive data (ex: passwords) in std::string ? I have an application which prompts the user for a password and passes it to a downstream server during connection setup. I want to securely clear the password value after the connection has been established. If I store the password as a char * array, I can use APIs like SecureZeroMemory to get rid of the sensitive data from the process memory. However, I want to avoid char arrays in my code and am looking for something similar for std::string ? ajd. Based on the answer given here , I wrote an allocator to securely zero memory.