InfoQ Homepage Security Content on InfoQ
-
Single Sign-On beyond the firewall
Taking a look at the challenges that lay ahead in the quest for Federated Identity Management.
-
HDIV 2.0: Security framework now integrates with Spring MVC and JSTL
HDIV, an open-source web application security framework, recently released version 2.0. InfoQ spoke with HDIV project lead Roberto Velasco Sarasola to learn more about this release.
-
Gone in 160 seconds - cracking passwords with Rainbow Hash Cracking
The Microsoft password strength checker rates "Fgpyyih804423" as a strong password, but the multi-platform password cracking tool ophcrack was able to crack it in 160 seconds using a Rainbow Hash Table attack. Jeff Atwood takes a look at this attack technique, and offers suggestions for safe password storage.
-
Don't Run as Administrator: WCF Edition
In an attempt to correct years of bad practices, Microsoft employees have been chanting "Don't Run as Administrator". This time around, Nicholas Allen covers assigning HTTP addresses to non-administrator user accounts, primarily for use by WCF.
-
Internet Explorer increases cookie limit to 50
Internet Explorer will now support 50 cookies per domain, but the performance implications of large HTTP request sizes require caution on the part of web developers.
-
XACML finally ready for prime time?
XACML, the eXtensible Access Control Markup Language, an Oasis standard approved more than 2 years ago, has been demonstrated to work cross vendor platforms on Burton's Catalyst Conference last week.
-
Article: Service Firewall Pattern
InfoQ publishes a sample pattern from Arnon Rotem-Gal-Oz' in-progress book SOA Patterns. Arnon explains how to use a Service Firewall to intercept messages to provide better security.
-
Not-Yet-Commons-SSL Provides Powerful (and Free) SSL Capabilities
Not-Yet-Commons-SSL is an Apache licensed Java library designed to simplify the use of SSL by providing an easy-to-use API along with robust support for a variety of certificate formats and configuration options.
-
HDIV Struts Security Extension Addresses OWASP's Top Security Vulnerabilities
The HDIV project recently released version 1.1 of their Apache-licensed Struts' Security extension. Among HDIV's features is that it guarantees integrity (no data modification) of non editable page data when transmitted from the browser to the server.
-
Deny Execute on Assembly Doesn't
According to Microsoft's SQL Programmability & API Development Team Blog, the Execute permission for CLR assemblies actually has no effect. To reduce confusion over this, the ability to grant execute permissions to assemblies has be removed from SQL Server 2005 SP 2.
-
WCF Security Analysis Available from the German Federal Office for Information Security
The German Federal Office for Information Security (BSI) has released their security analysis for Windows Communication Foundation along with a reference implementation.
-
How .NET Handles Standards Compliance that Result in Breaking Changes
Two security classes in .NET, HMACSHA512 and HMACSHA384, have a bug. It isn't an earth-shattering bug, but it does produce results that are inconsistent with the standard. The .NET Security team shows how this will be handed so that current applications won't break when the code gets fixed.
-
SOA: Beyond the Hype and SDL
InfoQ sits down with Mohammad Akif, a Microsoft Architect Evangelist, to discuss the myths of SOA, common pitfalls in designing for SOA, J2EE and .NET interoperability and injecting the Security Development Lifecycle into enterprise development lifecycles.
-
Presentation: Security Assertion Markup Language
SAML has emerged as the gold standard for building Cross-Domain SSO solutions and is a key technology in the domain of federated identity management. This presentation from Javapolis presents the basic concepts of SAML including assertions, attributes, artifacts, bindings and profiles, the problems SAML solves, how it works in real life.
-
RubySSPI is Big News for Ruby Developers on Windows
Are you behind an ISA proxy that authenticates all traffic? This library enables your ruby scripts to authenticate with the proxy as the current user seamlessly. After a few simple steps, you should be able to successfully install things like Ruby on Rails by simply typying gem install rails, exactly how non-Windows users get to do.