Search Results

Search found 43347 results on 1734 pages for 'php security'.

Page 113/1734 | < Previous Page | 109 110 111 112 113 114 115 116 117 118 119 120 | Next Page >

TFS Security and Documents Folder

- by pm_2

I'm getting an issue with TFS where the documents folder is marked with a red cross. As far as I can tell, this seems to be a security issue, however, I am set-up as project admin on the relevant projects. I’ve come to the conclusion that it’s a security issue from running the TFS Project Admin tool (available here). When I run this, it tells me that I don’t have sufficient access rights to open the project. I’ve checked, and I’m not included in any groups that are denied access. Please can anyone shed any light as to why I may not have sufficient access to these projects?

Read the article
Spring security oauth2 provider to secure non-spring api

- by user1241320

I'm trying to set up an oauth 2.0 provider that should "secure" our restful api using spring-security-oauth. Being a 'spring fan' i thought it could be the quicker solution. main point is this restful thingie is not a spring based webapp. boss says the oauth provider should be a separate application, but i'm starting to doubt that. (got this impression by reading spring-security-oauth) i'm also new here so haven't really got my hands into this other (jersey-powered) restul api (core of our business). any help/hint will be much appreciated.

Read the article
Web development - relative URLs without duplicating files

- by eshriek

I have a site with index.php in the root folder, images in /img , and overview.php in /content . I have a sidebar.php file that is included in both index.php and overview.php . How should I refer to /img/image.gif if I include a link in each file? The location of image.gif changes relative to the location of the file that references it. Using /img/image.gif in sidebar.php will work in index.php, but it fails for the file located at /content/overview.php. The only solution that I can see is to either include a seperate sidebar.php in each subdirectory, or include an /img directory in every sub-directory. The best suggestion that I can find is to use the <base html tag as suggested here: Change relative link paths for included content in PHP However, in the same link, SamGoody suggests that the <base tag "is no longer properly supported in Internet Explorer, since version 7." I'd like some insight on the matter before committing to a course of action. Thanks. EDIT: I am using the wrong approach below with "../" Example- root/index.php: ... <link rel="stylesheet" type="text/css" href="style.css" /> <title>title</title> </head> <body> <?php include('include/header.php'); ?> <?php include('include/menu.php'); ?> ... root/include/header.php: ... <div id="header"> <span class="fl"><img src="img/dun1.png"/></span><span class="fr"><img src="img/dun2.png"/></span> ... root/content/overview.php: ... <link rel="stylesheet" type="text/css" href="../style.css" media="screen" /> <title>Overview</title> </head> <body> <?php include('../include/header.php'); ?> <?php include('../include/menu.php'); ?> ...

Read the article
Control Menu Items based on Privileges of Logged In User with spring security

- by Nirmal

Hi All... Based on this link I have incorporated the spring security core module with my grails project... I am using the Requestmap concept by storing each role, user and requestmap inside the database only... Now my requirement is to provide the menu items based on the users assigned roles... For e.g.: If my "User" Main Menu have following Items : Dashboard Import User Manage User And if I have assigned a roles of Dashboard and Import User to the user with a username "auditor" then, only following Menu items should be displayed on the screen : User (Main Menu) - Dashboard (sub menu) - Import User (sub menu) I have explored the Spring Security ACL plugin for the same, but it's using the Domain classes to get it working... So, wanted to know the convenient way to do so... Thanks in advance...

Read the article
GWT HTML widget security risks

- by h2g2java

In GWT javadoc, we are advised If you only need a simple label (text, but not HTML), then the Label widget is more appropriate, as it disallows the use of HTML, which can lead to potential security issues if not used properly. I would like to be educated/reminded about the security susceptibilities? It would be nice to list the description of the mechanisms of those risks. Are the susceptibilities equally potent on GAE vs Amazon vs my home linux server? Are they equally potent across the browser brands? Thank you.

Read the article
PEAR:DB connection parameters

- by Markus Ossi

I just finished my first PHP site and now I have a security-related question. I used PEAR:DB for the database connection and made a separate parameter file for it. How should I hide this parameter file? I found a guide (http://www.kitebird.com/articles/peardb.html) that says: Another way to specify connection parameters is to put them in a separate file that you reference from your main script. ... It also enables you to move the parameter file outside of the web server's document tree, which prevents its contents from being displayed literally if the server becomes misconfigured and starts serving PHP scripts as plain text. I have now put my file in a directory like this /include/db_parameters.inc However, if I go to this URL, the web server shows me the contents of the file including my database username and password. From what I've understood, I should protect this file so, that even though PHP would be served as text, nobody could read this. What does outside of web server's document tree mean here? Put the PHP file out of public_html directory altogether deeper into the server file system? Some CHMOD?

Read the article
Using OAuth along with spring security, grails

- by GroovyUser

I have grails app which runs on the spring security plugin. It works with no problem. I wish I could give the users the way to connect with Facebook and social networking site. So I decided to use Spring Security OAuth plugin. I have configured the plugin. Now I want user can access both via normal local account and also the OAuth authentication. More precisely I have a controller like this: @Secured(['IS_AUTHENTICATED_FULLY']) def test() { render "Home page!!!" } Now I want this controller to be accessed with OAuth authentication too. Is that possible to do so?

Read the article
Security when writing a PHP webservice?

- by chustar

I am writing a web service in PHP for the first time and had ran into some security problems. 1) I am planning to hash passwords using md5() before I write them to the database (or to authenticate the user) but I realize that to do that, I would have to transmit the password in plaintext to the server and hash it there. Because of this I thought of md5()ing it with javascript client side and then rehashing on the server but then if javascript is disabled, then the user can't login, right? 2) I have heard that anything that when the action is readonly, you should use GET but if it modifies the database, you should use POST. Isn't post just as transparent as GET, just not in the address bar?

Read the article
Understanding CGI and SQL security from the ground up

- by Steve

This question is for learning purposes. Suppose I am writing a simple SQL admin console using CGI and Python. At http://something.com/admin, this admin console should allow me to modify a SQL database (i.e., create and modify tables, and create and modify records) using an ordinary form. In the least secure case, anybody can access http://something.com/admin and modify the database. You can password protect http://something.com/admin. But once you start using the admin console, information is still transmitted in plain text. So then you use HTTPS to secure the transmitted data. Questions: To describe to a learner, how would you incrementally add security to the least secure environment in order to make it most secure? How would you modify/augment my three (possibly erroneous) steps above? What basic tools in Python make your steps possible? Optional: Now that I understand the process, how do sophisticated libraries and frameworks inherently achieve this level of security?

Read the article
Form Login Error

- by ilp

I'm having issues with a login form for my website. At the top of the login.php form I have this <?php if (isset($_SESSION['username'])){ header("Location: http://myurl/"); die;}?> <?php require 'includes/dbconnect.php' ; ?> <?php require 'includes/header.php'; ?> and when login is successful I redirect them to header('Location: http://myrul/'); Header.php has <?php session_start(); ?> at the top. When I tried to login, I get this error message: Warning: Cannot modify header information - headers already sent by (output started at /path/to/file/login.php:7) in /path/to/file/login.php on line 39. login.php:7 == <?php require 'includes/header.php'; ?> while Line 39 in login.php is == header('Location: http://myrul/'); Please where is the problem

Read the article
Long connection times from PHP to MySQL on EC2

- by Erik Giberti

I'm having an intermittent issue connecting to a database slave with InnoDB. Intermittently I get connections taking longer than 2 seconds. These servers are hosted on Amazon's EC2. The app server is PHP 5.2/Apache running on Ubuntu. The DB slave is running Percona's XtraDB 5.1 on Ubuntu 9.10. It's using an EBS Raid array for the data storage. We already use skip name resolve and bind to address 0.0.0.0. This is a stub of the PHP code that's failing $tmp = mysqli_init(); $start_time = microtime(true); $tmp-options(MYSQLI_OPT_CONNECT_TIMEOUT, 2); $tmp-real_connect($DB_SERVERS[$server]['server'], $DB_SERVERS[$server]['username'], $DB_SERVERS[$server]['password'], $DB_SERVERS[$server]['schema'], $DB_SERVERS[$server]['port']); if(mysqli_connect_errno()){ $timer = microtime(true) - $start_time; mail($errors_to,'DB connection error',$timer); } There's more than 300Mb available on the DB server for new connections and the server is nowhere near the max allowed (60 of 1,200). Loading on both servers is < 2 on 4 core m1.xlarge instances. Some highlights from the mysql config max_connections = 1200 thread_stack = 512K thread_cache_size = 1024 thread_concurrency = 16 innodb-file-per-table innodb_additional_mem_pool_size = 16M innodb_buffer_pool_size = 13G Any help on tracing the source of the slowdown is appreciated. [EDIT] I have been updating the sysctl values for the network but they don't seem to be fixing the problem. I made the following adjustments on both the database and application servers. net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_sack = 0 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_fin_timeout = 20 net.ipv4.tcp_keepalive_time = 180 net.ipv4.tcp_max_syn_backlog = 1280 net.ipv4.tcp_synack_retries = 1 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_rmem = 4096 87380 16777216 net.ipv4.tcp_wmem = 4096 87380 16777216 [EDIT] Per jaimieb's suggestion, I added some tracing and captured the following data using time. This server handles about 51 queries/second at this the time of day. The connection error was raised once (at 13:06:36) during the 3 minute window outlined below. Since there was 1 failure and roughly 9,200 successful connections, I think this isn't going to produce anything meaningful in terms of reporting. Script: date /root/database_server.txt (time mysql -h database_Server -D schema_name -u appuser -p apppassword -e '') /dev/null 2 /root/database_server.txt Results: === Application Server 1 === Mon Feb 22 13:05:01 EST 2010 real 0m0.008s user 0m0.001s sys 0m0.000s Mon Feb 22 13:06:01 EST 2010 real 0m0.007s user 0m0.002s sys 0m0.000s Mon Feb 22 13:07:01 EST 2010 real 0m0.008s user 0m0.000s sys 0m0.001s === Application Server 2 === Mon Feb 22 13:05:01 EST 2010 real 0m0.009s user 0m0.000s sys 0m0.002s Mon Feb 22 13:06:01 EST 2010 real 0m0.009s user 0m0.001s sys 0m0.003s Mon Feb 22 13:07:01 EST 2010 real 0m0.008s user 0m0.000s sys 0m0.001s === Database Server === Mon Feb 22 13:05:01 EST 2010 real 0m0.016s user 0m0.000s sys 0m0.010s Mon Feb 22 13:06:01 EST 2010 real 0m0.006s user 0m0.010s sys 0m0.000s Mon Feb 22 13:07:01 EST 2010 real 0m0.016s user 0m0.000s sys 0m0.010s [EDIT] Per a suggestion received on a LinkedIn question, I tried setting the back_log value higher. We had been running the default value (50) and increased it to 150. We also raised the kernel value /proc/sys/net/core/somaxconn (maximum socket connections) to 256 on both the application and database server from the default 128. We did see some elevation in processor utilization as a result but still received connection timeouts.

Read the article
Making files generally available on Linux system (when security is relatively unimportant)?

- by Ole Thomsen Buus

Hi, I am using Ubuntu 9.10 on a stationary PC. I have a secondary 1 TB harddrive with a single big logical partition (currently formatted as ext4). It is mounted as /usr3 with options user, exec in /etc/fstab. I am doing highspeed imaging experiments. Well, only 260fps, but that still creates many individual files since each frames is saved as one png-file. The stationary is not used by anyone other than me which is why the default security model posed by ubuntu is not necessary. What is the best way to make the entire contents of /usr3 generally available on all systems. In case I need to move the harddrive to another Ubuntu 9.x or 10.x machine? When grabbing image with the firewire camera I use a selfmade grabbing software-utility (console based) in sudo-mode. This creates all files with root as owner and group. I am logged in as user otb and usually I do the following when having to make files generally available to otb: sudo chown otb -R * sudo chgrp otb -R * sudo chmod a=rwx -R * This takes some time since the disk now contains individual ~200000 files. After this, how would linux behave if I moved the harddrive to another system where the user otb is also available? Would the files still be accessible without sudo use?

Read the article
As a web designer, which language should I learn first for my feature career? (PHP or JavaScript) [closed]

- by kdevs3

Possible Duplicates: Best Programming Language for Web Development How can I choose a web development language? What language will you choose if you are going to build something big? What is the right option of programming languages and tools for building our website? What is the easiest web programing language at....? Well, I'm more of a basic web designer. I know the easy stuff pretty well. (Ya know, html, css) But I've been trying to take it to the next step and I'm contemplating about what I should learn that will help me out the most in my future web design/programming career, should it be JavaScript or maybe I should try to learn a back end programming language such as PHP. Lately, I have been hearing about a lot how JavaScript is so great and useful now, because of libraries such as jQuery and what possibility's it can bring by using Node.js and other frameworks. I've only learned the most basic of JavaScript and used some jQuery (mostly plugins) so i wouldn't know at all of what it can actually do. Would JS being so popular as it is now and useful, be a reason to stick with JavaScript and only learn it that for now? Or as a web designer, how important would it be to learn how to make a web application/website operate and functional, and know how to work with servers, etc? (Such as getting forms to work and sending data to the server and back) I've took a look at frameworks such as Code Igniter before, and looks really simple to get started with if I try to learn PHP, But I'm not sure how important it is for my career and what I would gain out of it. I'm asking because I can't decide what I should learn first. When I select it, I really want to take my time and learn the language. I don't want to spend time on learning multiple languages at the same time, so I need to pick wisely. I'm trying to turn the right direction so my career can hopefully be successful in the feature. (If money/gaining a job asked if its important, then its a yeah, it is a bit) I'm hoping I can get opinions and suggestions on this question, thanks for giving me your thoughts also.

Read the article
web vs desktop? (php vs c++?)

- by Dhaivat Pandya

I need to write a simple file transfer mechanism (that isn't ftp). Firstly, it must have a GUI. Secondly, it must not be dropbox. Third, it may not use any paid libraries, and hopefully, it uses open source components. The question that came to my mind is, where is everyone moving, from desktop to web, or from web to desktop? Would it be more useful to be experienced in say, C++ than in PHP (or vice versa)?

Read the article
Ideal web application framework for newcomers and whether it is better to use Java or PHP based framework?

- by Pawan

My primary question is whether a Java based web application framework is better or a PHP based one and why? Moreover, if I were just starting web development then what would be some ideal frameworks to start with, considering I may want to make a full CMS out of it later? I am not looking for a 'best', rather some good recommendations as I understand that CodeIgnitor has not got a long way to go from here : http://heybigname.com/2012/05/06/why-codeigniter-is-dead/

Read the article
Are SQL Injection vulnerabilities in a PHP application acceptable if mod_security is enabled?

- by Austin Smith

I've been asked to audit a PHP application. No framework, no router, no model. Pure PHP. Few shared functions. HTML, CSS, and JS all mixed together. I've discovered numerous places where SQL injection would be easily possible. There are other problems with the application (XSS vulnerabilities, rampant inline CSS, code copy-pasted everywhere) but this is the biggest. Sometimes they escape inputs, not using a prepared query or even mysql_real_escape_string(), mind you, but using addslashes(). Often, though, their queries look exactly like this (pasted from their code but with columns and variable names changed): $user = mysql_query("select * from profile where profile_id='".$_REQUEST["profile_id"]."'"); The developers in question claimed that they were unable to hack their application. I tried, and found mod_security to be enabled, resulting in HTTP 406 for some obvious SQL injection attacks. I believe there to be sophisticated workarounds for mod_security, but I don't have time to chase them down. They claim that this is a "conceptual" matter and not a "practical" one since the application can't easily be hacked. Their internal auditor agreed that there were problems, but emphasized the conceptual nature of the issues. They also use this conceptual/practical argument to defend against inline CSS and JS, absence of code organization, XSS vulnerabilities, and massive amounts of repetition. My client (rightly so, perhaps) just wants this to go away so they can launch their product. The site works. You can log in, do what you need to do, and things are visibly functional, if slow. SQL Injection would indeed be hard to do, given mod_security. Further, their talk of "conceptual vs. practical" is rhetorically brilliant, considering that my client doesn't understand web application security. I worry that they've succeeded in making me sound like an angry puritan. In many ways, this is a problem of politics, not technology, but I am at a loss. As a developer, I want to tell them to toss the whole project and start over with a new team, but I face a strong defense from the team that built it and a client who really needs to ship their product. Is my position here too harsh? Even if they fix the SQL Injection and XSS problems can I ever endorse the release of an unmaintainable tangle of spaghetti code?

Read the article
Is there a Railstutorial-quality tutorial for a PHP framework?

- by tnorthcutt

Is there a tutorial along the lines of Michael Hartl's Rails Tutorial for a (widely used) PHP framework? Obviously there are tons of tutorials for e.g. Codeigniter, CakePHP, Symfony, etc., but I haven't been able to find one that is as extensive as Rails Tutorial is. Ideally, I'd like something that takes you from nothing to building a complete, functioning application with at least a decent amount of complexity.

Read the article
Is there any free host which supports php and mySQL in utf-8? [closed]

- by Maria Konnou

Possible Duplicate: How to find web hosting that meets my requirements? Is there any free host which supports php and mySQL queries in utf-8? I've already tried to use x10hosting and 000webhosting, but they don't support utf8 mysql queries (got mojibake). The default encoding of mysql in both sites is latin-1, and you're not able to change that. Is there any other free host that fully supports utf-8?

Read the article
Should I close database connections after use in PHP?

- by Sprottenwels

I wonder if I should close any unnecessary database connection inside of my PHP scripts. I am aware of the fact that database connections are closed implicitly when the block stops executing and 'manually' closing the connections could kinda bloat the codebase with unnecessary code. But shouldn't I do so in order to make by code as readable and as easy understandable as possible, while also preventing several possible issues during run time? Also, if I would do, would it be enough to unset() my database object?

Read the article
can php read node of float number? [on hold]

- by Suriani Salleh

my node number is 1.2.3.4 $node= 1.2.3.4 when i run my code as shown below, it print error message but when i try assign $node = abc_def it execute the function code my question is can php read 1.2.3.4? if(!get_node_id($node) === false){ //function code .................................. ..............................} else { // error msg }

Read the article
Sending emails from PHP - email providers vs GAE

- by nrph

I need to send emails from my social service (this is continuation of Experiences in mailing to registered users). I got strong feeling that it's better to avoid problems with email server configuration and maintance and to choose email provider which will take care of all painful problems. So several offers were compared: http://imgur.com/JkK2X.jpg Three of them look very attractive: Postageapp / Sendgrid / CritSend As alternative i'm considering setup GAE app. Email provider is quite easy to start work with, but have no idea how much effort require GAE to integrate with PHP. So my question is: which option is better to choose: email provider GAE ? Two factors are important here: business background (therefore prices are mentioned), work required to setup and maintain desired solution. Preferably i would love to avoid all email-related problems (like black lists and so on).

Read the article
Upgrading PHP on MacOSX without config_vars.mk ?

- by Ken

Hi everyone, I want to upgrade my php version running on MAMP to 5.3. I've copied the ./configure statement from phpinfo() and downloaded the 5.3 branch source i wish to compile. However, when i try to compile it i get an error about a missing config_vars.mk file from apxs. How can i solve this issue if i do not have the config_vars.mk? can one be deprecated? can i copy the one from the stock apache that comes installed on OS X (SL)? What will happen if i remove --with-apxs from the configure line? Thanks in advance for any help. It is greatly appreciated. Ken.

Read the article
How do I enable JPEG Support for PHP?

- by ngache

My Configure Command doesn't say anything about jpg, nor gif/png, but I can see gif/png support in the output of phpinfo(). I built PHP with --with-gd, but only GIF Support and PNG Support are in the output of phpinfo(), how do I enable JPEG Support? UPDATE I got this problem when compiling : Sorry, I cannot run apxs. Possible reasons follow: 1. Perl is not installed 2. apxs was not found. Try to pass the path using --with-apxs2=/path/to/apxs 3. Apache was not built using --enable-so (the apxs usage page is displayed) The output of /usr/local/apache2/bin/apxs follows: cannot open /usr/local/apache2/build/config_vars.mk: No such file or directory at /usr/local/apache2/bin/apxs line 218. What should I do now?

Read the article
Compiling PHP 5.3.3 on Ubuntu 8.04: Could not find libevent

- by Nick

When attempting to ./configure PHP 5.3.3 on Ubuntu 8.04, I get the error: checking for libevent >= 1.4.11 install prefix... configure: error: Could not find libevent >= 1.4.11 in /usr/local/ I tried installing the libevent-dev and libevent1 packages, but same error. I then removed the packages, downloaded and compiled libevent from source. Same error. Locate shows that libevent was installed to /usr/local/lib/libevent.so with all its friends in /usr/local/lib/. I tried configuring with the option: --with-libevent-dir=/usr/local/lib/ Basically the same error: checking for libevent >= 1.4.11 install prefix... configure: error: Could not find libevent >= 1.4.11 in /usr/local/lib/ Any suggestions??

Read the article
Problem to connect to MySQL server (error #2002) in PHP

- by Martin

I installed ZWAMP 1.0.7 (on Windows 7), but I'm having a weird problem. I can't connect to my MySQL server from any PHP script. If I try to use MySQL command line everything works fine but PHPMyAdmin retruns error #2002. I'm not sure whether it's important or not but MySQL server is not able to create socket file. I don't know what's the problem but I think everything is configured in my.cnf properly. Do you have any ideas?

Read the article

< Previous Page | 109 110 111 112 113 114 115 116 117 118 119 120 | Next Page >