secure-coding

I work in a company that produces several apps, not all those apps have the same signature or more like it we have at least 5-6 apps certificates for the time being. We tried to create a mechanism in which all the companie's apps on the same device share the same is, For example if user installed from the market App A and no app installed, a new ID will be generated, if now he installs App A, app B should have the same id as App A(id is just a generated UUID type #4) etc... We are using broadcast at the moment and only apps with our permission can receive that broadcast and send back the id

I want to create a temporary file in POSIX shell ( /bin/sh ). I found out that mktemp(1) doens't exist on my AIX box, and according to How portable is mktemp(1)? , it isn't that portable and/or secure anyway. So, what should I use instead ? billhill00 Why not use /dev/random ? It could be neater with perl but od and awk will do, something like: tempfile=XXX-$(od -N4 -tu /dev/random | awk 'NR==1 {print $2} {}') ghoti You didn't exactly define "secure", but one element of it is probably to clean up after yourself. trap "rm -f \"$tmpfile\"" 0 1 2 3 15 You can probably man 3 signal to see if there

As part of my web app. This is some code I am considering (I'm not the best of PHP programmers but I programming my own app for a project): // Start session session_start(); // Is the user already logged in? if (isset($_SESSION['username'])) { header('Location: members-only-page.php'); } I want to know, if my login structure is like this, is this secure. http://site.com/ https://site.com/login.php https://site.com/login-action.php (MySQL login check, with md5 password check) http://site.com/cp/members-only-page.php I am using MD5(); but I am not entirely happy with the whole $_session["user"]=

Hello! I am just wondering how secure is this contactform script I just made? My teacher was nagging at me a long time ago when I made my contactforms. if($_SERVER['REQUEST_METHOD'] === 'POST'){ $myemail = "email@adress.com"; $name = $_POST['name']; $email = $_POST['email']; $phone = $_POST['phone']; $subject = $_POST['subject']; $comments = $_POST['comments']; if($name == 0 || !preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email) || !preg_match("/^\d{2}(-\d{3}){2}(\d{2})?$/", $phone) || $subject == 0 || $comments == 0){ $error_message = 'Something was written wrong..'; } else { $message =

How does one store sensitive data (ex: passwords) in std::string ? I have an application which prompts the user for a password and passes it to a downstream server during connection setup. I want to securely clear the password value after the connection has been established. If I store the password as a char * array, I can use APIs like SecureZeroMemory to get rid of the sensitive data from the process memory. However, I want to avoid char arrays in my code and am looking for something similar for std::string ? ajd. Based on the answer given here , I wrote an allocator to securely zero memory.