Collaborate Disseminate
In the following C# example I’m querying AD’s configuration container for Exchange overrides. If the domain name in unsanitised the end user could get LDAP to read a different object then intended.
I’m not sure if other actions other th… Continue reading How do I sanitize LDAP input and prevent injection attacks? What LDAP injection scenarios are possible?
I am interested in storing certificates for various purposes on a SmartCard. Since this answer illustrates how there are confusing differences and similarities between RSA and AES
When should one class be used over the ot… Continue reading When should one use RSACryptoServiceProvider vs AESCryptoServiceProvider
I know if a person has a GUID from a machine that person can figure out if other guid belongs to that machine.
In a .NET project (csproj and the visual studions solution file) GUIDs are generated. If i were to compile this project would t… Continue reading Are .NET project GUID’s visible when compiling?
AppHarbor has a blog post containing sample C# code which reads data from an unsigned cookie and passes it through .Net binary serialization.
Is that safe?
Obviously, the data is completely tamperable.
However, are there any risks in pa… Continue reading Is it safe to binary-deserialize user-provided data?
DPAPI can be used to encrypt the secret data. We intend to use it in our web app to encrypt some data and store the encrypted data in database. When needed we decrypt the data and present them on UI(web page). It works well if we hosted th… Continue reading How to use DPAPI under load balance environment
after reading the data from the request as Stream i needed to convert it to Image so i used this Method:
Stream inputStream = HttpContext.Current.Request.InputStream;
Image img = Image.FromStream(inputStream)
so while im unable to know … Continue reading C# Image.FromStream is that secure?
after reading the data from the request as Stream i needed to convert it to Image so i used this Method:
Stream inputStream = HttpContext.Current.Request.InputStream;
Image img = Image.FromStream(inputStream)
so while im unable to know … Continue reading C# Image.FromStream is that secure?
For a test project I have tried to implement the (famous) Diffie Hellman algorithm for safe key exchange.
Now I have written this in C#:
using System;
using System.Collections;
using System.Collections.Generic;
namespace DiffieHellman.Cry… Continue reading Diffie Hellman c# implementation
Which route to take, what are the pros and cons, which is more secure..
Generate AES key, encrypt the data with it and then encrypt the AES key with RSA, save the encrypted data and encrypted AES key to a file and RSA keypair to a KeyCon… Continue reading Data Encryption and Key Management in C#
I need a primer for both the legacy (Level 1) .NET 2.0 security attributes and the new .NET 4 (Level 2) ones.
I’m not familiar with the implications of controlling LinkDemand, stack walks, unverifiable code and other items in this Patern … Continue reading Tutorial for SecurityCritical SecurityTransparent and new .NET 4 feature: Level 2