Software Engineering Stack Exchange
Software Engineering Stack Exchange

Questions tagged [security]

For questions relating to cryptography and IT security. This can be computer, network, or database security.

Computer security is a branch of computer technology known as information security as applied to computers and networks.

For more comprehensive Q&A's, try browsing Information Security Stack Exchange. Questions focused more on general security practices should be brought to attention there.

915 questions
82
votes
17 answers

How can software be protected from piracy?

Why does it seem so easy to pirate today? It just seems a little hard to believe that with all of our technological advances and the billions of dollars spent on engineering the most unbelievable and mind-blowing software, we still have no other…
Snowman
  • 445
38
votes
19 answers

How do you prevent the piracy of your software?

Is it still worth it to protect our software against piracy? Are there reasonably effective ways to prevent or at least make piracy difficult?
StanS
  • 183
24
votes
11 answers

Source code stolen\hacked by rival company

On some companies I've worked for, managers have spent quite a lot of money on it-security consultants. Primarily because they're afraid we're gonna get the source code stolen by a rival company. However, as a programmer, I see it as a minor…
Viktor Sehr
  • 341
23
votes
4 answers

Which http response do you return to a hit from a blacklisted ip?

I have been using the http:BL to block bad IP's from accessing my site. If a malicious IP (comment spammer) trys to hit the site I just exit the web script which implicitly returns a 200 OK response. Other responses I could return: 404 - Not…
JW01
  • 3,569
15
votes
5 answers

Why do we need method level security?

In the real world , why do we need to implement method level security ? We either have a web application or a desktop application , where the user accesses the user interface (and therefore directly cannot access the method) . So where does…
Vinoth Kumar C M
  • 15,565
10
votes
2 answers

Weaknesses of 3-Strike Security

I've been reading some literature on security, specifically password security/encryption, and there's been one thing that I've been wondering: is the 3-strike rule a perfect solution to password security? That is, if the number of password attempts…
prelic
  • 886
  • 7
  • 15
10
votes
2 answers

How can I prevent programmers from capturing data entered by users?

I'm developing a web application with a strong focus on security. What measures can be taken to prevent those who work on the application (programmers, DBAs, quality assurance staff) from capturing user entered values that should be well-protected,…
Peter Smith
  • 2,587
9
votes
3 answers

When should an IT consultant use full disc encryption?

In what circumstances should an IT Consultant encrypt their hard drive to protect their code/data of their clients? I am thinking that if it does not add much to your work load you might as well use full disc encryption with a 'weak' password to at…
John Fischer
  • 193
9
votes
11 answers

Do you actively think about security when coding?

When you're coding, do you actively think about your code might be exploited in ways it wasn't originally meant to do and thus gain access to protected information, run commands or something else you wouldn't want your users to do?
gablin
  • 17,407
8
votes
6 answers

Storing sort code / account number on website. Security?

People in the UK will probably better understand what a sort code is and how sort code & account numbers are used for transfers etc, but the question is relevant to anyone I'm sure. Just to clarify: Giving someone your sortcode and account number…
kieran
  • 181
  • 1
  • 3
8
votes
1 answer

Is masking an entered password security through obscurity?

There is a practice of showing bullets, not characters when a user inputs a password. Is this security through obscurity? My first thought was that it's not, it's not really a system, we know how it works, one bullet = one character. It's just not…
Awerde
  • 327
8
votes
4 answers

Avoiding "double" subscriptions

I am working on a website that requires a bit of marketing; let me explain. This website is offering a single, say, iTunes 50$ voucher to a lucky winner. To be entered in the draw, you need to invite (and has to join) at least one friend to the…
john smith
  • 183
6
votes
6 answers

What would you define as sensitive user data?

A recent previous question of mine had an answer that sparked a different and unrelated question in my mind: Customer wants to modify the .properties files packaged in our WAR file The question that I thought of after reading this answer is, just…
maple_shaft
  • 26,511
  • 11
  • 57
  • 132
6
votes
1 answer

Best practices for expiration of tokens in a Security Token Service (STS)

When creating a Security Token Service (STS) for a claims based security model, it seems appropriate that tokens are generated in such a way that they expire after some duration, as suggested here. Around this concept, I have a few specific…
Joe
  • 283
6
votes
8 answers

Are you obliged to provide old employers with access to protected resources?

Firstly, a disclaimer. This question is not because I'm a disgruntled employee planning to hide some malicious code which I can later blackmail my employer with. I actually quite like the people I work with - just simply curious. So if an old…
RoboShop
  • 2,780
  • 6
  • 30
  • 38
1
2 3 4