Highest Voted 'file-access' Questions - IT Security Stack Exchange

1

vote

1 answer

users avatar names based on Primary Key, is it safe?

We upload users avatar with their primary key name. avatars name are 1.jpg,2.jpg,3.jpg,... according to their primary key. We implemented this to omit avatar field from database, instead with use their primary key to access their photos. Is it…

databases file-upload file-access

asked Dec 27 '11 at 09:43

Alireza

1,280
1
20
26

0

votes

1 answer

I need to transfer user's private key (RSA) to my App. Is file sharing a good solution?

I've asked a similar question here earlier iOS: Is it ok to store a RSA private key (use to decrypt text) in your application document directory? However, the person recommend me to use keychain access. This will not work for me because after…

encryption rsa ios file-access

asked Jul 21 '15 at 16:01

user81494

1

0

votes

2 answers

Windows / Sensitive Data / Prevent access by various process

It's my understanding if you're logged into your Windows PC as DOMAIN\DUDE.NAME and you have access to \DOMAINFILES\SECRET STUFF\SUPER SECRETS.xlsx any process you run can also access that file - there is no easy way to "launch process without…

windows file-access kerberos process

asked Apr 16 '15 at 14:00

user72599

1

0

votes

1 answer

reading/downloading big files in metasploit module

I am writing a post exploitation module that supports meterpreter sessions. For my module to work, I need to read/download some files from the victim machine that may be small or bigger. I am having troubles when the file is bigger than 2MB. I…

metasploit file-access exploit-development

asked Sep 15 '14 at 08:20

martinvigo

21
1
5

0

votes

1 answer

Protect files on webserver, allow only internal use

I have a website and it has an audio player to play music files. The music files are hosted in a public directory. Since they are there anyome can point there and use the files on their website. Is there a way to only allow my webpages to use the…

web-application webserver protection file-access

asked Jul 23 '14 at 05:42

user3647798

13
4

0

votes

1 answer

Can benign software modify Widnows DLL files?

On Windows (XP, 7, 8, NT ...): can .dll files be modified (in any manner) by benign programs/software already installed/running on the computer ?

windows operating-systems file-access

asked Jul 10 '14 at 08:57

user45139

0

votes

1 answer

Is a properly configured server secure against unauthorized data access?

Take for example a game. Typically, when you buy or download a game that can be played offline, all of the data required to run the game is shipped with the executable. In order to protect these resources, developers use various protection methods…

web-application data-leakage file-access

asked Apr 18 '14 at 05:02

MxLDevs

313
1
2
8

0

votes

2 answers

Restricting locations for unzipping a zip file

I hope that I have found the correct place to ask my question regarding unzipping files. I would like to see if there is a way to restrict the locations available to the user to unzip a password protected zip file in order to ensure security of the…

windows file-encryption server file-access zip

asked Nov 26 '13 at 17:24

chase

111
1

0

votes

1 answer

Luhn algorithm applied to file access

I am in the following setup: given department ids, employee ids and file ids I want to check whether employee xy of department AB is allowed to access file f. E.g. department id = "012", employee id = "123" and file id "012" Then the application of…

file-access algorithm

asked Sep 30 '13 at 14:02

Richi W

109
2

0

votes

1 answer

Is my invitation based file access authorization scheme worthwhile?

I need to allow users to upload files with sensitive data to a server, then invite other authenticated users to access specific files. This is my proposed solution: Each user will have his own folder to which he uploads files, and the parent folder…

authorization file-access

asked Sep 29 '13 at 00:47

ka_lin

119
3

0

votes

1 answer

Restrict file access in php.ini

What is the difference between include_path and open_basedir in PHP? My php.ini looks like this: include_path = ".:/usr/share/php:/usr/share/pear:/var/www" If, for example, I try using include('../../etc/passwd'); the file is included. On the other…

php file-access

asked Sep 14 '13 at 07:14

Jason

3
2

0

votes

1 answer

PHP - How to block files access in specific directory from the external

I made a very simple dashboard with HTML/PHP/JS (and a MySQL database) where some users (after a secure login with username and password) can access and insert some activities with details and attach a file in PDF format. My dashboard is in a…

php permissions file-access

asked Sep 07 '22 at 07:41

ducarpit

1
1

0

votes

1 answer

Ways to inject malicious content during a HTTP file transfer

Assume an Apache server (http, no authentication just hosting static files) is running in my local network which is hosting some zip files. Assume User A is requesting a zip file from the Apache server. Is it possible for User B on the same LAN…

network http server injection file-access

asked Aug 18 '22 at 10:45

patrick jason

1
2

0

votes

1 answer

How to prevent a user retaining file access with an open handle on Windows?

Suppose a user is a member of a group, and they open (in the Windows API sense) a file whose DACL grants access to that group. Then, the user stops being a member of the group. Since access checks are performed at the time of opening the file, the…

windows active-directory file-access

asked Aug 11 '22 at 14:30

user253751

3,885
3
19
15

0

votes

1 answer

How can opening a non-existing file cause a security vulnerability?

I was reading on race conditions when I encountered the paragraph below: How exactly does trying to read a non-existing file cause a security vulnerability?

vulnerability file-access race-condition

asked Jul 07 '22 at 05:59

Xavier Mukodi

1

Questions tagged [file-access]