Search Results

Search found 22238 results on 890 pages for 'db security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 137/890 | < Previous Page | 133 134 135 136 137 138 139 140 141 142 143 144  | Next Page >

  • Can an Aspect conditionally render parts of a JSP page ?

    - by Scott The Scot
    At present the jsp pages have normal authorize tags to conditionally render links and information etc. The website is on the intranet, and we're using Spring Security 2.0.4. Ive now got a business user who wants to allow all roles to access everything for the first few weeks, then gradually add the security back in as feedback is gathered from the business. Rather than go through every page, removing the authorize tags, only to have to put them back in, is is possible to configure these through an aspect, or is there any other way to externalize this into a config file ? I've found Spring's MethodSecurityInterceptor and the meta data tags, but these wouldn't give me the externalization. I've been on google for the last hour, and am now pretty sure this can't be done, but would love to find out I haven't been asking the right questions. Advice appreciated

    Read the article

  • How to implement a good system for login/out into a webapp

    - by Brandon Wang
    I am one of the developers at PassPad, a secure password generator and username storage system. We're still working on it, but I have a few questions on the best way to implement a secure login/out system. Right now, what we plan on doing is to have the login system save a cookie with the username and a session key, and that's all that serves as authentication. The server verifies the two to match. Upon login/out a new key is created. This is a security-related webapp and while we don't actually store any information that might make the user queasy, because it is security-oriented it makes it a necessity for us to at least appear secure in a way that the user would be happy with. Is there a better way to implement a login/out system in PHP? Preferably it won't take too much coding time or server resources. Is there anything else I need to implement, like brute-force protection, etc? How would I go about that?

    Read the article

  • database transaction

    - by user121196
    If I'm using a mysql client(eg. squirrel) to execute an update query, after 10 seconds, I cancelled the query, would there be partial update or would everything that's done be rolled back?

    Read the article

  • Best Pratice to Implement Secure Remember Me

    - by Yan Cheng CHEOK
    Sometimes, I came across certain web development framework which doesn't provide authentication feature as in Authenication ASP.NET I was wondering what is the security measure needs to be considered, when implementing "Remember Me" login feature, by hand coding? Here are the things I usually did. 1) Store the user name in cookie. The user name are not encrypted. 2) Store a secret key in cookie. The secret key is generated using one way function based on user name. The server will verify secret key against user name, to ensure this user name is not being changed. 3) Use HttpOnly in cookie. http://www.codinghorror.com/blog/2008/08/protecting-your-cookies-httponly.html Any things else I could miss out, which could possible lead a security hole.

    Read the article

  • Are document-oriented databases any more suitable than relational ones for persisting objects?

    - by Owen Fraser-Green
    In terms of database usage, the last decade was the age of the ORM with hundreds competing to persist our object graphs in plain old-fashioned RMDBS. Now we seem to be witnessing the coming of age of document-oriented databases. These databases are highly optimized for schema-free documents but are also very attractive for their ability to scale out and query a cluster in parallel. Document-oriented databases also hold a couple of advantages over RDBMS's for persisting data models in object-oriented designs. As the tables are schema-free, one can store objects belonging to different classes in an inheritance hierarchy side-by-side. Also, as the domain model changes, so long as the code can cope with getting back objects from an old version of the domain classes, one can avoid having to migrate the whole database at every change. On the other hand, the performance benefits of document-oriented databases mainly appear to come about when storing deeper documents. In object-oriented terms, classes which are composed of other classes, for example, a blog post and its comments. In most of the examples of this I can come up with though, such as the blog one, the gain in read access would appear to be offset by the penalty in having to write the whole blog post "document" every time a new comment is added. It looks to me as though document-oriented databases can bring significant benefits to object-oriented systems if one takes extreme care to organize the objects in deep graphs optimized for the way the data will be read and written but this means knowing the use cases up front. In the real world, we often don't know until we actually have a live implementation we can profile. So is the case of relational vs. document-oriented databases one of swings and roundabouts? I'm interested in people's opinions and advice, in particular if anyone has built any significant applications on a document-oriented database.

    Read the article

  • Zend_Db_Select: regrouping conditions in where clause

    - by pvledoux
    Hi, I would like to do something like this: $select = $myTbl->select() ->from('download_log') ->joinLeft(...... etc........ ->joinLeft(...... etc........ ->joinLeft(...... etc........); //Filter all configured bots (Google, Yahoo, etc.) if(isset($this->_config->statistics->bots)){ $bots = explode(',',$this->_config->statistics->bots); foreach ($bots as $bot){ $select = $select->orWhere("user_agent NOT LIKE '%$bot%'"); } } $select = $select->where("download_log.download_log_ts BETWEEN '".$start_date." 00:00:00' AND '".$end_date." 23:59:59'"); But the outputed query is not correct because of the orWhere clauses are not grouped together in a unique AND clause. I would like to know if it is possible to regrouped those OR clauses in a pair of parentheres. My current alternative is the following: //Filter all configured bots (Google, Yahoo, etc.) if(isset($this->_config->statistics->bots)){ $bots = explode(',',$this->_config->statistics->bots); foreach ($bots as $bot){ $stmt .= "user_agent NOT LIKE '%$bot%' OR "; } $stmt = substr($stmt,0,strlen($stmt)-3); //remove the last OR $select = $select->where("($stmt)"); } Thanks!

    Read the article

  • Integrating 3rd-party forum software to member-based website

    - by john
    When using some existing forum software in a larger web-site, how easy is it to: 1)Make your site's login functionality log the user into the forum 2)Make your site's registration functionality create forum login data I suppose in a way it might be easier to ONLY use the forum's database for maintaining users, but that means trusting it with sensitive data. I'm planning an integration between an existing bespoke desktop app and a new bespoke web-site which should include forums. I don't know which forums will be used but I know the new web functionality won't be PHP-based. I figure that's not a big deal but I'm wondering if forums typically allow configuration of where they look for login data, to avoid duplicating this data into my DB and the forum DB.

    Read the article

  • Define tables from a part of my ER Diagram.

    - by M R Jafari
    I have a ER-Diagram (Show in http://www.4freeimagehost.com/show.php?i=f82997ca4d5d.png). In the diagram you see 2 entities and a 1:N relataion together. Project has 2 columns as ProjectID, ProjectName. Employee has 3 colums as EmployeeID, EmployeeName and ProjectID. A project has ONLY 1 project-manager and project-manager is a employee. What columns add them?

    Read the article

  • What are the weaknesses of this user authentication method?

    - by byronh
    I'm developing my own PHP framework. It seems all the security articles I have read use vastly different methods for user authentication than I do so I could use some help in finding security holes. Some information that might be useful before I start. I use mod_rewrite for my MVC url's. Passwords are sha1 and md5 encrypted with 24 character salt unique to each user. mysql_real_escape_string and/or variable typecasting on everything going in, and htmlspecialchars on everything coming out. Step-by step process: Top of every page: session_start(); session_regenerate_id(); If user logs in via login form, generate new random token to put in user's MySQL row. Hash is generated based on user's salt (from when they first registered) and the new token. Store the hash and plaintext username in session variables, and duplicate in cookies if 'Remember me' is checked. On every page, check for cookies. If cookies set, copy their values into session variables. Then compare $_SESSION['name'] and $_SESSION['hash'] against MySQL database. Destroy all cookies and session variables if they don't match so they have to log in again. If login is valid, some of the user's information from the MySQL database is stored in an array for easy access. So far, I've assumed that this array is clean so when limiting user access I refer to user.rank and deny access if it's below what's required for that page. I've tried to test all the common attacks like XSS and CSRF, but maybe I'm just not good enough at hacking my own site! My system seems way too simple for it to actually be secure (the security code is only 100 lines long). What am I missing? I've also spent alot of time searching for the vulnerabilities with mysql_real_escape string but I haven't found any information that is up-to-date (everything is from several years ago at least and has apparently been fixed). All I know is that the problem was something to do with encoding. If that problem still exists today, how can I avoid it? Any help will be much appreciated.

    Read the article

  • I want define tables from a part of my ER Diagram.

    - by M R Jafari
    I have a ER-Diagram (Show in http://www.4freeimagehost.com/show.php?i=f82997ca4d5d.png). In the diagram you see 2 entities and a 1:N relataion together. Project has 2 columns as ProjectID, ProjectName. Employee has 3 colums as EmployeeID, EmployeeName and ProjectID. A project has ONLY 1 project-manager and project-manager is a employee. What columns add them?

    Read the article

  • Good strategy for copying a "sliding window" of data from a table?

    - by chiborg
    I have a MySQL table from a third-party application that has millions of rows and only one index - the timestamp of each entry. Now I want to do some heavy self-joins and queries on the data using fields other than the timestamp. Doing the query on the original table would bring the database to a crawl, adding indexes to the table is not an option. Additionally, I only need entries that are newer than one week. My current strategy for doing the queries efficiently is to use a separate table (aux_table) that has the necessary indexes. My questions are: Is there another way to do the queries? and if not, How do I update the data in the indexed table efficiently? So far I have found two approaches for updating aux_table: Truncate aux_table and insert the desired data from the original table. Not very efficient because all the indexes must be re-crated. Check for the biggest timestamp in aux_table and insert all entries with a greater or equal timestamp from the original table. Occasionally drop older entries. Only copying entries with greater timestamp leads to dropped entries (because of entries with same timestamp that were inserted into the original table after the last update).

    Read the article

  • Using WCF HttpBindings on a LAN

    - by dcw
    We have a WCF-based client server that operates over a LAN. We've been getting along ok by using the NetTcpBinding, chosen because we couldn't get either HttpBinding to work between hosts. (Within a single host works fine, but is not useful for the production environment.) We're now back at the point where we want to explore using either BasicHttpBinding or WsHttpBinding, but we simply can't see the server from the client: even putting in the path to the endpoint into IE fails to see the server. Is there something simple we've overlooked? We're not specifying any security settings (or anything else, for that matter). Should we be doing so (e.g. explicitly setting security settings to None)?

    Read the article

  • Zend Framework - Database Table Singleton

    - by Sonny
    I have found myself doing this in my code to 'cache' the work done when instantiating my Zend_Db_Table models: if (Zend_Registry::isRegistered('x_table')) { $x_table = Zend_Registry::get('x_table'); } else { $x_table = new Default_Model_DbTable_X; Zend_Registry::set('x_table', $x_table); } It bothered me that this method isn't very DRY and it dawned on me today that a singleton pattern would probably be a better way to do this. Problem is, I've never written a singleton class. When I did some web searches, I found some offhand comments about Zend_Db_Table singletons, but no real examples. I already have meta-data caching configured. How do I make my Zend_Db_Table models singletons? Are there pitfalls or downsides?

    Read the article

  • Should I stick only to AWS RDS Automated Backup or DB Snapshots?

    - by James Wise
    I am using AWS RDS for MySQL. With it comes on backup, I understand that amazon provides two types of backup - automated backup and database (DB) snapshot. The difference is explain in here - http://aws.amazon.com/rds/faqs/#23. However, I am still confuse if should I stick to automated backup only or both automated and manual (db snapshots). What do you think guys? What's the setup of your own? I heard to others that automated backup is not reliable due to some unrecoverable database when the DB instance is crashed so the DB snapshots are the way to rescue you. If I will do daily DB snapshots as similar settings to automated backup, I have gonna pay much bunch of bucks. Hope anyone could enlighten me or advise me the right set up. Thanks. James

    Read the article

  • How to secure authiorization of methods

    - by Kurresmack
    I am building a web site in C# using MVC.Net How can I secure that no unauthorized persons can access my methods? What I mean is that I want to make sure that only admins can create articles on my page. If I put this logic in the method actually adding this to the database, wouldn't I have business logic in my data layer? Is it a good practise to have a seperate security layer that is always in between of the data layer and the business layer to make? The problem is that if I protect at a higher level I will have to have checks on many places and it is more likely that I miss one place and users can bypass security. Thanks!

    Read the article

  • Dealing with passwords securely

    - by Krt_Malta
    Hi I have a Java web service and a Java web client making use of this service. One of the functions is to create a new user account. My two concerns are: How will I send the user's password securely from the client. How will I store the user's password securely on the server. How can I achieve these? I know the theory basically behind security, security algorithms etc but can anyone give me some advice on how I should go about in coding? Could anyone point me to some good (and if possible not complicated) examples to follow since I found some examples on the Internet very contorted? Thanks a lot and regards, Krt_Malta

    Read the article

  • Out of memory while iterating through rowset

    - by Phliplip
    Hi All, I have a "small" table of 60400 rows with zipcode data. I wan't to iterate through them all, update a column value, and then save it. The following is part of my Zipcodes model which extends My_Db_Table that a totalRows function that - you guessed it.. returns the total number of rows in the table (60400 rows) public function normalizeTable() { $this->getAdapter()->setProfiler(false); $totalRows = $this->totalRows(); $rowsPerQuery = 5; for($i = 0; $i < $totalRows; $i = $i + $rowsPerQuery) { $select = $this->select()->limit($i, $rowsPerQuery); $rowset = $this->fetchAll($select); foreach ($rowset as $row) { $row->{self::$normalCityColumn} = $row->normalize($row->{self::$cityColumn}); $row->save(); } unset($rowset); } } My rowClass contains a normalize function (basicly a metaphone wrapper doing some extra magic). At first i tried a plain old $this-fetchAll(), but got a out of memory (128MB) right away. Then i tried splitting the rowset into chunks, only difference is that some rows actually gets updated. Any ideas on how i can acomplish this, or should i fallback to ye'olde mysql_query()

    Read the article

  • Is it possible for a XSS attack to obtain HttpOnly cookies?

    - by Dan Herbert
    Reading this blog post about HttpOnly cookies made me start thinking, is it possible for an HttpOnly cookie to be obtained through any form of XSS? Jeff mentions that it "raises the bar considerably" but makes it sound like it doesn't completely protect against XSS. Aside from the fact that not all browser support this feature properly, how could a hacker obtain a user's cookies if they are HttpOnly? I can't think of any way to make an HttpOnly cookie send itself to another site or be read by script, so it seems like this is a safe security feature, but I'm always amazed at how easily some people can work around many security layers. In the environment I work in, we use IE exclusively so other browsers aren't a concern. I'm looking specifically for other ways that this could become an issue that don't rely on browser specific flaws.

    Read the article

  • how to delete findDependentRowset result in Zend Framework

    - by Behrang
    I have place model & entry model that entry is parent everything is fine but how can I delete the result row $categoryPlacements in place model: $entryModel = new Model_EntryModel(); $entryRow = $entryModel-find ( $entryId )-current (); $categoryPlacements = $entryRow-findDependentRowset($this); in this case i want to delete the $categoryPlacements result in place model I can use categoryPlacements-toarray() and then delete but is another easy way?

    Read the article

  • Securing files on IPhone

    - by clearbrian
    Hi Is there a way to decompile the binary from an IPhone app. I jailbroke my IPhone and was surprised to find other app's dbs wide open to be copied. So I exported my most important table and hardcoded it into code. Instead of loading table into array from a db I just generated code to fill the array and kept only the most basic DB info so relationships still work. Took a while but now works fine. I was just wondering am I safe, could someone decompile the binary for the app easily and extract the data. In Java its easy to decompile *.class files though thats bytecode where I presume iphone apps are more low level. I know IPhone sdk 4 can mark files as secure. Anyone know can this be overridden by jailbreaks or is this an unix lock?

    Read the article

  • Optimising (My)SQL Query

    - by Simon
    I usually use ORM instead of SQL and I am slightly out of touch on the different JOINs... SELECT `order_invoice`.*, `client`.*, `order_product`.*, SUM(product.cost) as net FROM `order_invoice` LEFT JOIN `client` ON order_invoice.client_id = client.client_id LEFT JOIN `order_product` ON order_invoice.invoice_id = order_product.invoice_id LEFT JOIN `product` ON order_product.product_id = product.product_id WHERE (order_invoice.date_created >= '2009-01-01') AND (order_invoice.date_created <= '2009-02-01') GROUP BY `order_invoice`.`invoice_id` The tables/ columns are logically names... it's an shop type application... the query works... it's just very very slow... I use the Zend Framework and would usually use Zend_Db_Table_Row::find(Parent|Dependent)Row(set)('TableClass') but I have to make lots of joins and I thought it'll improve performance by doing it all in one query instead of hundreds... Can I improve the above query by using more appropriate JOINs or a different implementation? Many thanks.

    Read the article

  • Can you reuse a mysql result set in PHP?

    - by MarathonStudios
    I have a result set I pull from a large database: $result = mysql_query($sql); I loop through this recordset once to pull specific bits of data and get averages using while($row = mysql_fetch_array($result)). Later in the page, I want to loop through this same recordset again and output everything - but because I used the recordset earlier, my second loop returns nothing. I finally hacked around this by looping through a second identical recordset ($result2 = mysql_query($sql);), but I hate to make the same SQL call twice. Any way I can loop through the same dataset multiple times?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 133 134 135 136 137 138 139 140 141 142 143 144  | Next Page >