Search Results

Search found 21719 results on 869 pages for 'password security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 133/869 | < Previous Page | 129 130 131 132 133 134 135 136 137 138 139 140  | Next Page >

  • Protecting the integrity of a game state while minimizing amount of data sent

    - by espais
    I'm developing a game in PHP/jQuery, and naturally have to be wary of any sort of data coming from the client. At present, I have tables of data representing the map (2D roguelike), monsters, items, and player(s). Initially, my thought was to simply package it all in a JSON object and send it every game tick, however when actually looking at the data I realized that's quite a large packet to be sending. So, my question is what is a good approach for minimizing data sent to the client? Obviously I would need to figure out some way of validating whatever it sends back. Initially we'd hoped to do some minimal verification on the client-side, but each time we thought of one thing we could do it is immediately invalidated with tools like Firebug. Kind of an open question I realize, but we want to get this right before we move on with our implementation so we don't have to shoehorn in bugfixes later on.

    Read the article

  • Making HTML5 videos stored on AWS S3 **difficult** to download (because I cant make it impossible)

    - by Jimmery
    I am building a website that hosts video's stored on AWS's S3 service. The videos are played thru a HTML5 player we have built. Ive just been asked to make sure "nobody can steal our video's". Now I know that if you really don't want something stolen, don't put it up on the internet. However I just need to secure these videos as good as possible, the videos need to at the very least resist someone going thru the source code and trying to download them manually. One option available to me is to completely rebuild the video player in flash. This is not ideal, for several reasons, notably because I would also then have to build an App for mobile devices to be able to view this site. So I am looking for other options. I have heard about using a token to make the file available only during certain times. I have heard of using a separate file to serve the videos that sits between the HTML5 page and the video file. I am also having a look at IAM, the Secure AWS Access Control, in the hopes AWS can solve this problem for me. Can anyone here recommend any of these options? Or perhaps suggest other options available to me? Any help would be greatly appreciated.

    Read the article

  • Patch Tuesday Fixes, Valentine`s Scams

    Microsoft plans to release nine bulletins on Tuesday that cover 21 vulnerabilities across its wide portfolio of products. Of the nine bulletins, four have been tagged with the software giant's critical rating, meaning they should be given the utmost importance with regard to the overall patching process exercised by users and organizations. The four critical updates address vulnerabilities in Microsoft's Internet Explorer browser, its Windows operating system, and Silverlight. As for the remaining five updates, Microsoft has labeled them as being important. Those will cover issues foun...

    Read the article

  • The server principal '<domain>\User' already exists. But it doesn’t

    - by simonsabin
    Interesting little situation occurred today, the person I was working with was trying to add a login to a server and was getting the following error. “The server principal '<domain>\User' already exists” They were using a command like this and couldn’t figure out why they were getting the error above because when they looked at the logins setup on the system the login definitely didn’t exist. CREATE LOGIN [<domain>\<user>] FROM WINDOWS WITH DEFAULT_DATABASE = [master] The...(read more)

    Read the article

  • Good quality Secure Software Development Training [closed]

    - by Patrick
    Just had my annual appraisal and found out my company is willing to pay for training and exams etc! Woohoo (they kept that one quiet). I'm interested in doing a course on secure development techniques. Has anyone got any suggestions for good quality distance learning courses in secure development (I could probably get a couple of days off to attend a conference/ course if required)? We're mostly an MS .Net house but I have no particular allegiance to MS or any other programming language (though, obviously, C++ is the best language in the world). I have 12 years development experience working in (what are now) PCI:DSS environments, including designing and developing a key management system and I have some knowledge of basic attacks (XSS, injection etc). I would prefer a hard course I struggle with to a basic course I learn 3 things from (but hopefully get something right at my level). A quick google found these two course which look good: http://www.sans.org/course/secure-coding-net-developing-defensible-applications https://www.isc2.org/csslpedu/default.aspx I don't really know how to choose between them, and finding other courses isn't going to make that job any easier, so I thought I'd ask those who know. EDIT : Hmm, care to share the reason for your down vote, will help me learn how to use the site better...

    Read the article

  • Can a whitespace regex character be used to perform a javascript injection? [migrated]

    - by webose
    if I want to validate the input of a <textarea>, and want it to contain, for example, only numerical values, but even want to give users the possibility to insert new lines, I can selected wanted characters with a javascript regex that includes even the whitespace characters. /[0-9\s]/ The question is: do a whitecharacter can be used to perform injections, XSS,even if I think this last option is impossible, or any other type of attack ? thanks

    Read the article

  • Windows 8: Paradigm Shift

    You've probably heard a lot about the loss of the Start button in Windows 8. While it isn't completely lost - you can still get to it via a convoluted path - its disappearance is merely a sign of the rethinking that went into the operating system's creation. Window 8's designers made certain assumptions while building the new system: Users will interact with the operating system predominantly through a touch interface. Users will do their computing on mobile devices, and may in fact use several different devices for the same purposes. They may even want to get work done on devices they do n...

    Read the article

  • Is the using of dirname(__FILE__) a good practice?

    - by webose
    looking at the code of Joomla I see that in the first line of the index, it defines the base path of installation with the dirname(FILE) is this a font of possible risk for the site, I mean if a non controlled error message show the internal path of the Joomla directory, because of, for example a failed include, can it be used to perform some kind of attack to the site ? If yes, is it convenient to use this function ? Any idea is welcome. Thanks

    Read the article

  • AWS Amazon EC2 - password-less SSH login for non-root users using PEM keypairs

    - by Mark White
    We've got a couple of clusters running on AWS (HAProxy/Solr, PGPool/PostgreSQL) and we've setup scripts to allow new slave instances to be auto-included into the clusters by updating their IPs to config files held on S3, then SSHing to the master instance to kick them to download the revised config and restart the service. It's all working nicely, but in testing we're using our master pem for SSH which means it needs to be stored on an instance. Not good. I want a non-root user that can use an AWS keypair who will have sudo access to run the download-config-and-restart scripts, but nothing else. rbash seems to be the way to go, but I understand this can be insecure unless setup correctly. So what security holes are there in this approach: New AWS keypair created for user.pem (not really called 'user') New user on instances: user Public key for user is in ~user/.ssh/authorized_keys (taken by creating new instance with user.pem, and copying it from /root/.ssh/authorized_keys) Private key for user is in ~user/.ssh/user.pem 'user' has login shell of /home/user/bin/rbash ~user/bin/ contains symbolic links to /bin/rbash and /usr/bin/sudo /etc/sudoers has entry "user ALL=(root) NOPASSWD: ~user/.bashrc sets PATH to /home/user/bin/ only ~user/.inputrc has 'set disable-completion on' to prevent double tabbing from 'sudo /' to find paths. ~user/ -R is owned by root with read-only access to user, except for ~user/.ssh which has write access for user (for writing known_hosts), and ~user/bin/* which are +x Inter-instance communication uses 'ssh -o StrictHostKeyChecking=no -i ~user/.ssh/user.pem user@ sudo ' Any thoughts would be welcome. Mark...

    Read the article

  • iPhone SQLite Password Field Encryption

    - by Louis Russell
    Good Afternoon Guys and Girls, Hopefully this will be a quick and easy question. I am building an App that requires the user to input their login details for an online service that it links to. Multiple login details can be added and saved as the user may have several accounts that they would like to switch between. These details will be stored in an SQLite database and will contain their passwords. Now the questions are: 1: Should these passwords be encrypted in the database? My instinct would say yes but then I do not know how secure the device and system is and if this is necessary. 2: If they should be encrypted what should I use? I think encrypting the whole database file sounds a bit over-kill so should I just encrypt the password before saving it to the database? If this is case what could I use to achieve this? I have found reference to a "crypt(3)" but am having trouble finding much about it or how to implement it. I eagerly await your replies!

    Read the article

  • I get an Exception when trying to implement reset password with Authlogic

    - by Tam
    Hi, I'm using Ruby on Rails 2.3.5 and Ruby 1.9 and implmeneted Authlogic as my authentication engine. Authlogic works fine. But now I have been trying to implement password reset using the following tutorial: http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic/ But I'm getting the following exception when I type mysite.com/password_resets/new Processing PasswordResetsController#new (for 127.0.0.1 at 2010-03-13 01:09:45) [GET] Completed in 9ms (DB: 0) | 200 [http://localhost/password_resets/new] [2010-03-13 01:09:45] ERROR TypeError: can't convert Array into String /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/activesupport-2.3.5/lib/active_support/core_ext/string/output_safety.rb:34:in `concat' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/activesupport-2.3.5/lib/active_support/core_ext/string/output_safety.rb:34:in `concat_with_safety' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/rack-1.0.1/lib/rack/handler/webrick.rb:63:in `block in service' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/actionpack-2.3.5/lib/action_controller/response.rb:158:in `each' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/actionpack-2.3.5/lib/action_controller/response.rb:158:in `each' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/actionpack-2.3.5/lib/action_controller/string_coercion.rb:16:in `send' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/actionpack-2.3.5/lib/action_controller/string_coercion.rb:16:in `method_missing' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/actionpack-2.3.5/lib/action_controller/reloader.rb:22:in `method_missing' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/rack-1.0.1/lib/rack/handler/webrick.rb:62:in `service' /Users/tammam56/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/webrick/httpserver.rb:111:in `service' /Users/tammam56/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/webrick/httpserver.rb:70:in `run' /Users/tammam56/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/webrick/server.rb:183:in `block in start_thread' Honestly I'm not sure where to start debugging for this. Is it because I'm using Ruby 1.9? some people seem to be having trouble with Authlogic and Ruby 1.9: http://isitruby19.com/authlogic Please advise me how to go about solving/debugging this issues? Thanks, Tam

    Read the article

  • How to record different authentication types (username / password vs token based) in audit log

    - by RM
    I have two types of users for my system, normal human users with a username / password, and delegation authorized accounts through OAuth (i.e. using a token identifier). The information that is stored for each is quite different, and are managed by different subsytems. They do however interact with the same tables / data within the system, so I need to maintain the audit trail regardless of whether human user, or token-based user modified the data. My solution at the moment is to have a table called something like AuditableIdentity, and then have the two types inheriting off that table (either in the single table, or as two seperate tables with 1 to 1 PK with AuditableIdentity. All operations would use the common AuditableIdentity PK for CreatedBy, ModifiedBy etc columns. There isn't any FK constraint on the audit columns, so any text can go in there, but I want an easy way to easily determine whether it was a human or system that made the change, and joining to the one AuditableIdentity table seems like a clean way to do that? Is there a best practice for this scenario? Is this an appropriate way of approaching the problem - or would you not bother with the common table and just rely on joins (to the two seperate un-related user / token tables) later to determine which user type matches which audit records?

    Read the article

  • Working with Java using methods and arrays [closed]

    - by jordan
    Hi i'm a newb at java and for one of my labs I have to create a instant messenger client with these requirements: add buddyList instance variable add IMClient constructor to create ArrayList addBuddy method removeBuddy method findBuddy method printBuddyList method what's the best way to go about this? so far I have this: public class IMClient { private String userId; // User id private String password; // Password private int status; // Status code for user: 1 - Online, 2 - Off-line, 3 - Away public IMClient(String userId, String password, int status) { super(); this.userId = userId; this.password = password; this.status = status; } // Returns true if password as a parameter matches password instance variable. public boolean checkPassword(String password) { return this.password.equals(password); } public String toString() { StringBuffer buf = new StringBuffer(100); buf.append(" User id: "); buf.append(userId); buf.append(" Password: "); buf.append(password); buf.append(" Status: "); buf.append(status); return buf.toString(); } public String getUserId() { return userId; } public void setUserId(String userId) { this.userId = userId; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } public int getStatus() { return status; } public void setStatus(int status) { this.status = status; } public static void main(String[] args) { } }

    Read the article

  • Using System.Security.SecureString in .NET Remoting App?

    - by Beaner
    I am developing a Remoting application where a client looks up store specific information to login to a web server. It sets the user name and passwords in a class that stores the properties as System.Security.SecureString. I then try to pass the class with the login credentials to a server object that uses it to connect to the web host, get and some information back. When I call the server method I this error:Type 'System.Security.SecureString' in Assembly 'mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' is not marked as serializable. The class that contains the SecureStrings is marked as serializeable, and this was working while developing until I added the SecureString properties. Is there something I need to do to make this work, or am I going to have to change SecureString to String?

    Read the article

  • CC.NET Dashboard Error: Could not load type 'System.Security.Authentication.ExtendedProtection.Chann

    - by Leslie
    Late last week I upgraded CC.NET locally and on the build server. The build server is still fine, but locally I am now getting the following error: Exception Details: Exortech.NetReflector.NetReflectorTypeLoadException: Unable to load types from assembly System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089: Failed to load 1 of the 3612 types defined in the assembly. Exceptions: - Unable to load type: System.Security.Authentication.ExtendedProtection.ChannelBinding Exception: System.TypeLoadException: Could not load type 'System.Security.Authentication.ExtendedProtection.ChannelBinding' from assembly 'System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'. I'm afraid this started after a batch of Windows updates this morning. I had another two updates that won't run, 979909 and 982168 (I had an update that wouldn't run last month). Anyone else having any issues? Thanks!

    Read the article

  • wcf data service security configuration

    - by Daniel Pratt
    I'm in the process of setting up a WCF Data Services web service and I'm trying to sort out the security configuration. Although there's quite a lot of documentation out there for configuring WCF security, a lot of it seems to be outmoded or does not apply to my scenario. Ultimately, I am planning on managing authorization of operations via change interceptors. Thus, all I really need is the simplest way to permit a client to pass credentials along with a request and to be able to authenticate those credentials against either AD or an ASP.NET membership provider (I'd much prefer the latter unless it makes things much more complicated). I'm intending to manage encryption at the transport level (i.e. HTTPS). I'm hoping that the eventual solution does not involve a huge web.config. Likewise, I'd much prefer to avoid writing custom code for the purpose of authentication.

    Read the article

  • OCR an RSA key fob (security token)

    - by user130582
    I put together a quick WinForm/embedded IE browser control which logs into our company's bank website each morning and scrapes/exports the desired deposit information (the bank is a smallish regional bank). Since we have a few dozen "pseudoaccounts" that draw from the same master account, this actually takes 10-15 minutes to retrieve. Anyway, the only problem is that our business bank account reuires an RSA security token (http://www.rsa.com/node.aspx?id=1156)--if you are not familiar, it is a small device which shows a random 6 digit number every 15(?) seconds, so I have to prompt for this value before starting. This is on top of the website's login based security model, so even if you create a read-only account that can't do anything, you still have to put the RSA number in. We have 5 of these tokens for different people in the company. From our perspective this is nusiance security. I was joking about using a web camera to OCR the digits from the key fob so they didn't have to type it in -- mainly so that the scraping/export would be done before anyone arrives in the morning. Well, they asked if I could really do it. So now I ask you, how hard (how many hours) do you think it would take to OCR these digits reliably from a JPEG image produced by the camera? I already know I can get the JPEG easily. I think you get 3 tries to log in, so it really needs to hit a 99% accuracy rate. I could work on this on my off time, but they don't want me to put more than a few hours into it, so I want to leverage as much existing code as possible. This is a 7-segment display (like an alarm clock) so it's not exactly text that an OCR package would be used to seeing. Also--there is a countdown timer on the side of the display; typically when it is down to 1 bar, you wait until the next number appears and it starts over at 5 bars (like signal strength on your cell phone). So this would need to be OCRd as well but it is not text. Anyway the more I think about it as I type this, the less convinced I am that I can truly get this right, so maybe I should just work on it in my spare time?

    Read the article

  • Security behaviour in Adobe Air

    - by t.stamm
    Hi everyone! I am trying to load external SWFs in my Adobe AIR App. The loaded SWF is trying to access an URL to retrieve some informations via XML. When starting the SWF by itself it works fine. When loading the SWF from the File.applicationStorageDirectory i will get an Security-Error because the loaded App is executed in a local-with-filesystem Sandbox appareantly. First Question: Is there a way to change this? That the loaded SWF is running in a network Sandbox? Since that first attempt didn't worked i've moved the SWF to the app:// directory. Now i'll get a Security-Error because there is no policy file on the Server available where the XML data should be retrieved. Second Question: Why is the policy file not necessary when running the SWF by itself, but is necessary when trying to load the data from the application Sandbox? What am i doing wrong? Thanks in advance!

    Read the article

  • GoDaddy and ASP.NET Security exception thrown

    - by stighy
    Hi guys, i'm having a problem when i try to host my website on godaddy. This is what i receive from website: Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. To discover the problem, i've tried changin my web.config, adding "trust level='Medium'". But i get an error when i try to access godaddy mysql server with the mysql connector. Any ideas ? Thanks in advance !

    Read the article

  • error with Security Exception

    - by Alexander
    I am getting the following error on my page: Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. The problem is with the following code SmtpClient mailClient = new SmtpClient("smtp.gmail.com", 587); What's weird is that when testing it at my localhost, everything works fine, but when I put it on my 1and1 web host it generates the error above. I contacted their support and here's their answer. We do check the error logs and the operation require a FullTrust environment which currently fall under restriction on .NET Framewor k What should I do?

    Read the article

  • actionscript calling javascript with Security Exception

    - by Jeffrey Chee
    I have a swf hosted at domain A, and I have a html at domain B My swf is able to be loaded from accessing the html at domain B. However, the swf gets a SecurityError: Error #2060: Security sandbox violation: ExternalInterface caller http://domainA.com/TrialApp.swf cannot access http://DomainB.com/. The as3 is just the below: ExternalInterface.call("javascript:_invite();"); I've also loaded the crossdomain policy file from Domain B during initialization. Security.loadPolicyFile( "http://DomainB/crossdomain.xml" ); How do I go about solving this? in my html, I have allowscriptaccess='always' Thanks in Advance

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 129 130 131 132 133 134 135 136 137 138 139 140  | Next Page >