Stack Overflow
Stack Overflow

Questions tagged [trust]

Trust is a measure of how much an entity relies on other entities for its security.

A principal in a system with trusts another principal if it allows its security to depend on assertions made by that other principal. For example, when a web browser assumes that a web site is legitimate because the site shows a certificate signed by a certificate authority, the browser trusts the CA. Trust is often established and propagated through cryptography. The concept is derived from the plain English meaning of the word, which is studied by social sciences.

If your question is about determining what security policy should apply or whether a system meets a desired security policy, and it doesn't involve code, consider asking on Security Stack Exchange.

205 questions
3
votes
1 answer

How to verify SAML certificates?

I'm new to SAML and am confused by the expected signature and trust process. I am programming a SP and receive a signed samlp:Response from the IDP that includes the KeyInfo:
Paul Draper
  • 78,542
  • 46
  • 206
  • 285
3
votes
3 answers

How can GPS location be trusted?

I'm making a new app for mobile platforms that uses GPS to track the user position and I need to trust that the location. So how can I make my mobile app trust the GPS location received? Nowadays it's easy to fake it with apps. The only solution…
Diogo Silva
  • 31
  • 1
3
votes
1 answer

.NET Security Error accessing external API

i'm building a small Twitter web app for myself. I am using TweetSharp but I keep getting an error: Server Error in '/test' Application. Security Exception Description: The application attempted to perform an operation not allowed by the security…
Tomasz Iniewicz
  • 4,379
  • 6
  • 42
  • 47
3
votes
0 answers

How can you guarantee that a password vault application is secure?

I have a large number of user names and passwords - a different one for every website, service, ... To keep track of the information I have an iOS app that claims to store the information with RSA-256 encryption; it has the option of synchronizing…
Floris
  • 45,857
  • 6
  • 70
  • 122
3
votes
1 answer

How do I diagnose a certificate recoverable trust failure on iOS, without SecTrustGetTrustResult?

While adding a client certificate to an iOS application, I'm encountering a recoverable trust failure with the cert. The iOS docs discussion for SecTrustEvaluate specifically suggests using SecTrustGetTrustResult() to get the specifics of the…
klm
  • 712
  • 6
  • 8
3
votes
1 answer

How to make sure that my software is connected to the right server?

I've got a server which identifies itself with an ssl certificate. The certificate is self signed. I want to make sure that the software won't send data, if the user tries to replace server and add "fake" certificate to the list of certificates…
Arsen Zahray
  • 24,367
  • 48
  • 131
  • 224
2
votes
1 answer

Where does a custom CAS policy for ASP.NET have to go?

In my hosting environment I do not have access to anything outside of my virtual directory-- I can't edit the machine.config, nor the machine level web.config, nor can I put anything in the GAC. I reading up on Medium Trust. If I want, say, Medium…
MatthewMartin
  • 32,326
  • 33
  • 105
  • 164
2
votes
0 answers

Trust jacx RGB mouse - programmaticaly change color

I've bought trust jacx mouse, which has multiple leds inside with full rgb spectrum. However driver software provided by Trust, obviously allows only for preprogrammed light control. I however would want to write a program which would control how…
martes
  • 71
  • 5
2
votes
3 answers

SMTPClient Half Working \ Half Not

I am using Microsoft's membership framework on a website. I am able to send password retrieval e-mails, but am unable to send e-mails myself using SMTPClient. When you configure the SMTP settings in the Web Site Administration Tool, what are the…
Präriewolf
  • 829
  • 2
  • 9
  • 28
2
votes
0 answers

Trusting report sent by `Content-Security-Policy-Report-Only` header

Is there a way to validate incoming report to report-uri. How can I trust sender of report if anybody can see report-uri in headers and send custom reports and abuse this endpoint. In most cases received report is sent to administrator's email or…
briiC
  • 2,134
  • 17
  • 28
2
votes
1 answer

How to serialize a SecTrustRef object?

I have a SecTrustRef object from the system that I'd like to evaluate myself. Just calling SecTrustEvaluateAsync will be sufficient for this job. The problem is, I must evaluate it in a different process as only this other process has access to the…
Mecki
  • 125,244
  • 33
  • 244
  • 253
2
votes
3 answers

Can a git history be falsified?

Could a git history be falsified? I'm thinking for instance about the following informations : Commit date Commit content Identity of commiter If yes : Are there ways to authenticate a git repo's content or make it authenticatable? How to know if…
vmonteco
  • 14,136
  • 15
  • 55
  • 86
2
votes
1 answer

Microsoft Studio TFS proxy problems in a trusted domain

I have two domains. TFS 2008 is installed on DEV domain, proxy on PROD. There is two-way trust and both servers can authenticate users from both domains. TFS was working fine, and suddenly stopped. Looking at the logs there was a great deal of AD…
mik
  • 1,668
  • 4
  • 15
  • 15
2
votes
3 answers

Does SecTrustEvaluate() look for root certificates in the application keychain?

The docs say: “If not all the certificates needed to verify the leaf certificate are included in the trust management object, then SecTrustEvaluate searches for certificates in the keychain search list (see SecTrustSetKeychains) and in the system’s…
Plumenator
  • 1,682
  • 3
  • 20
  • 49
2
votes
1 answer

Use ssh private key from untrusted computer

I am currently working on a project from an untrusted computer and I would like to pull/commit changes from this (untrusted) computer using ssh authentication. I have access to my private (trusted) computer. Here is a summary of my setup: Git…
LucG
  • 1,238
  • 13
  • 25
1 2
3
13 14