-
Posts
1370 -
Joined
-
Last visited
-
Days Won
22
irigsoft last won the day on March 23
irigsoft had the most liked content!
About irigsoft
- Currently Viewing Forum: General
irigsoft's Achievements
Advanced Member (4/4)
117
Reputation
-
HI, maybe this will help: https://stackoverflow.com/questions/4651193/event-when-a-web-page-gets-focused https://stackoverflow.com/questions/7389328/detect-if-browser-tab-has-focus
-
Hi, I use different parameters to load different forms. like this: 127.0.0.1:8077/?form=Admin
-
Hi, I give you example how to do it with delphi, but you can find more examples and try to print directly without PrintDialog (because dialog shown on server side and can't be usefull) @Woutero, here is some kind of examples: https://forum.lazarus.freepascal.org/index.php?topic=47640.0 Printer.SetPrinter('Microsoft Print To PDF'); Printer.Copies:=1; // PrintDialog1.PrintToFile:=true; // Printer.FileName:=suggestFileName()+'.pdf'; doPrint(); "For me your code is working. Please see attached demo. It checks whether the "Microsoft print to PDF" printer is available, selects it and sets the filename by setting the FileName property. (When the printer is not found it opens the PrintDialog)." https://forum.lazarus.freepascal.org/index.php?PHPSESSID=lhgjmk83bcjm7trnihen5tbt77&action=dlattach;topic=47640.0;attach=34509
-
Hi, why dont use just print to Windows PDF printer and show saved (printed) document to user? https://stackoverflow.com/questions/25371291/print-a-string-directly-to-printer https://www.delphibasics.co.uk/Article.php?Name=Printing https://www.google.com/search?q=delphi+print+to+printer&oq=delphi+print+to+printer&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIICAEQABgWGB7SAQg1Njg4ajBqN6gCALACAA&sourceid=chrome&ie=UTF-8
-
Hi, maybe this will help to apply some proposal for protection : https://stackoverflow.com/questions/273516/how-do-you-implement-a-good-profanity-filter list with bad words (couple languages): https://github.com/LDNOOBW/List-of-Dirty-Naughty-Obscene-and-Otherwise-Bad-Words where do you get these obscenities in unigui interface?
-
Hi, maybe this will help:
-
Hi, I'm going to add a new way to protect cookies, but I can't test it, if someone can confirm my code is working I'd appreciate it. add to MainForm.Script this: function getCookie(name) { const value = `; ${document.cookie}`; const parts = value.split(`; ${name}=`); if (parts.length === 2) return parts.pop().split(';').shift(); }; //function setCookie () { var keyValue = getCookie ('UNI_GUI_SESSION_ID'); document.cookie = 'UNI_GUI_SESSION_ID=' + keyValue + ';Secure=true;SameSite=Strict'; keyValue = getCookie ('UNI_GUI_SESSION_ID'); document.cookie = 'UNI_GUI_SESSION_ID=' + keyValue + ';HttpOnly=true'; //};
-
Hi, I'm going to add a new way to protect cookies but I can't test it, if you can confirm my code is working I'd appreciate it add to MainForm.Script this: function getCookie(name) { const value = `; ${document.cookie}`; const parts = value.split(`; ${name}=`); if (parts.length === 2) return parts.pop().split(';').shift(); };//function setCookie () { var keyValue = getCookie ('UNI_GUI_SESSION_ID'); //alert (keyValue);//setCookie(key, keyValue, '-1'); document.cookie = 'UNI_GUI_SESSION_ID=' + keyValue + ';Secure=true;SameSite=Strict'; keyValue = getCookie ('UNI_GUI_SESSION_ID'); document.cookie = 'UNI_GUI_SESSION_ID=' + keyValue + ';HttpOnly=true'; //};
-
If someone already make it , please help. How do I block duplicate GET URL parameters? HTTP Parameter Pollution (HPP) : https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_HTTP_Parameter_Pollution Insecure direct object references (IDOR) : https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References
- 185 replies
-
- html injection
- javascript injections
- (and 3 more)
-
I work to secure my Stand Alone app. Now I am on HTTP Parameter Pollution (HPP) and Insecure direct object references (IDOR). I need to check and disable if there are some security issues with URL Parameters and POST Parameters. to succeed i need to block HTTP Parameter Pollution (HPP) : 1. On UniGUIServerModuleHTTPCommand, I check ARequestInfo.Params 2. On UniGUIMainModuleHandleRequest, I check TUniGUISession(ASession).ARequest.Params 3. On UniMainFormCreate, I check UniApplication.Parameters, but if it is possible to capture and check the POST parameters at these 3 points, that would be even better. If someone can help, please advise. More info about problems: https://www.imperva.com/learn/application-security/http-parameter-pollution/ https://www.imperva.com/learn/application-security/insecure-direct-object-reference-idor/ https://medium.com/@jetti.dinesh/insecure-direct-object-reference-idor-vulnerabilities-df551431eb7b https://portswigger.net/web-security/access-control/idor
-
Hello. I need to handle and check all parameters sent with POST request, need to check if is parameters (username and password) are with valid data before use it . Is there a something like ARequestInfo.Params on uniServerModule that I can use ? like this example: POST /users HTTP/1.1 Host: bookstore.com Content-Type: application/x-www-form-urlencoded Content-Length: length username=BookLover101&password=SecretPassword In this example, the first line, `POST /users HTTP/1.1` indicates a POST request. The `Host` is where the request is being sent. The `Content-Type` tells the server what data is being sent (in this case, form data), and `Content-Length` specifies how long the body data is.