Search Results

Search found 97980 results on 3920 pages for 'code security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 139/3920 | < Previous Page | 135 136 137 138 139 140 141 142 143 144 145 146  | Next Page >

  • Backup those keys, citizen

    - by BuckWoody
    Periodically I back up the keys within my servers and databases, and when I do, I blog a reminder here. This should be part of your standard backup rotation – the keys should be backed up often enough to have at hand and again when they change. The first key you need to back up is the Service Master Key, which each Instance already has built-in. You do that with the BACKUP SERVICE MASTER KEY command, which you can read more about here. The second set of keys are the Database Master Keys, stored per database, if you’ve created one. You can back those up with the BACKUP MASTER KEY command, which you can read more about here. Finally, you can use the keys to create certificates and other keys – those should also be backed up. Read more about those here. Anyway, the important part here is the backup. Make sure you keep those keys safe! Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!

    Read the article

  • Precautions during SSH

    - by Shagun
    I recently had to give away my Ubuntu 12.10 root password to one of my friends so that he could SSH into my system and send some files to me. Now he is my friend and I trust him so I was not reluctant in sharing my password. And I did change it afterwards. But it just struck me how can I view all the commands that were executed by some other user remote logging into my system (obviously not my friend. I mean in general).To what extent can they access my data (especially my passwords eg I use Last Pass so can they access my account passwords as well??) And if they open any browser after logging into my system do they have access to all my passwords provided I have saved them using the "remember password" option given by chrome Also what precautions I should take when I am allowing some one to remote login in my system and how can I track the various commands used by them or the changes they made in my system. Also is there some simple way to get notified whenever some one logs into my system apart from checking the /var/log/auth.log file??

    Read the article

  • How to prevent the google users found my index of admin page?

    - by krish
    I am running a website but for some days i stopped it and put the under-construction page because the Index of admin page is visible to the outside world through the Google search. One of my friend told me that your websites index is visible and its one step away to access the password file and he shows me that very simply using the Google search. How can i prevent this and i am hosting my site with a hosting company and i report about this to them but they simply replied to me still its secure so you no need to worry... am i really don need to worry and continue my site with the visible index of admin page?

    Read the article

  • Commenting Code AS3 - Not being an API

    - by Marcelo Noronha
    How should I comment a method? What are the best practices on commenting code? Example: /* Checks if a color is allowed in a given point * of the bitmapdata of the current floor * @param value - color to be checked * @return boolean - if color is allowed returns true, else, return false */ private function isAllowed(value:uint):Boolean { //code... } Is that the best way to comment a method? I´ve heard there´s the use of the tag @see. What should be on this tag? I wonder if it could be something that has a relation to the method, is that right? Thanks.

    Read the article

  • Coding style advice? [closed]

    - by user1064918
    I'm a newly grad. I've got a lot of complaints from my supervisor at work during code-review sessions with regard to my coding style (Surprise!). I don't know if it's just him being cranky or my style is really that annoying to read. I come from the low-level language world (assembly, mostly), so I've been taught to use bitwise ops and all the cool tricks to do math whenever possible. I also have the habits of doing some other things that've been regarded as "too excessively dense to read". So I'm hoping to get some feedback from any experienced programmers! :) Also how should I justify between code performance and readability? Thanks!!

    Read the article

  • Who spotted the omission?

    - by olaf.heimburger
    In my entry OFM 11g: Install OAM 10.1.4.3 (32-bit) on 64-bit RedHat AS 5 I explained how to install OAM 10.1.4.3 (32-bit) on 64-bit RedHat. This is great and works. If you seriously want to use OAM 10.1.4.3 you should consider OHS 11g 32-bit. But this installation is a bit tricky. Nearly all tricks to get this done are described in the above mentioned entry. Today I realized that I missed a small bit to get the installation successfully done.The missing part is within the script to create a vital piece of the OHS 11g package. This part is called genclientsh and resides in $OHS_HOME/bin. This script uses gcc to link binaries. By default this script works great, but on a 64-bit Linux it fails. To get around this, find the variable LD and change the value of gcc to gcc -m32.Done. Caveat On support.oracle.com you will find a Note that suggests to build a small shell script named gcc and includes the -m32 switch. Actually, I consider this as dangerous, because we are humans and tend to forget things quickly. Building a globally available script that changes things for a single setup has side effects that will result in unpredictable results.

    Read the article

  • How to improve testing your own code

    - by Peter
    Hi guys, Today I checked in a change on some code which turned out to be not working at all due to something rather stupid yet very crucial. I feel really bad about it and I hope I finally learn something from it. The stupid thing is, I've done these things before and I always tell myself, next time I won't be so stupid... Then it happens again and I feel even worse about it. I know you should keep your chin up and learn from your mistakes but here's the thing: I try to improve myself, I just don't see how I can prevent these things from happening. So, now I'm asking you guys: Do you have certain groundrules when testing your code?

    Read the article

  • Is there a way of listing files for a directory if it contains index.html?

    - by fredley
    On my server (over which I have little control), directories are listed by default, so for mysite.com/images I get: Index of /images Parent Directory BirdsAreHere.png CanYouSpot-AdBlank.jpg etc. Is putting an index.html in that directory enough to prevent people listing the files, or is there still a way of getting at that list? Is it the same for my web root directory (mysite.com)?

    Read the article

  • How to detect if an app was already installed before

    - by Dante
    How do software applications keep track of whether the user already installed the application before in it's Windows system? Say you install app X, trial version, remove it, then re install it, and when you run it again it detects you had already installed it before. If you uninstall and clean all registry information it shouldn't know you had already installed it before... Disclaimer: I'm not trying to "hack" any application, just thinking about how this is implemented.

    Read the article

  • Direct Code Support?

    - by Josh Kahane
    A few times in the past I've hit a major wall and simply couldn't progress with a certain aspect of an app as Im a beginner and still learning the ropes (Objective-C specifically). I was curious if anyone knows of any services which support programmers in real time, paid or free and will over video, audio or text chat sit and work a problem out till its fixed and look through your code? I understand Stackoverflow does a super job at this! However Im in need of something a little more tailored where someone can spend a little time to sit and look and what Im dealing with and delve into my a code if need be. Thanks.

    Read the article

  • Methodology for Documenting Existing Code Base

    - by George Stocker
    I work as part of a team on an existing application that has no inline documentation, nor does it have technical documentation. As I've been working on various bug reports on the application, I've written a sort of breadcrumb trail for myself - bug numbers in various places so that the next developer can refer to that bug number to see what was going on. My question is thus: What is the most effecient method for documenting this code? Should I document as I touch the area (the virus method, if you will), or should I document from each section on its own, and not follow paths that branch out into other areas of the application? Should I insert inline comments where none previously existed (with the fear that I may end up incorrectly identifying what the code does)? What method would you use to accurately and quickly document a rather large application that has no existing inline documentation, nor inline references to external documentation?

    Read the article

  • Windows RT Secured Only By Microsoft

    That disconcerting news is what Mark Hachman is reporting for Read Write Web. One can more or less safely assume that Microsoft will come up with its own antivirus software for Windows RT. Still, this is a rather unusual state of affairs; why is the company doing this? Hachman explains that apps for the Windows RT operating system can run just fine on Windows 8, but the reverse is not true, unless the Windows 8 app has been specially compiled to run on both Windows 8 and Windows RT. The difference apparently stems from the processors for which the two systems have been optimized. Windows 8 ru...

    Read the article

  • How to improve testing your own code

    - by Peter
    Today I checked in a change on some code which turned out to be not working at all due to something rather stupid yet very crucial. I feel really bad about it and I hope I finally learn something from it. The stupid thing is, I've done these things before and I always tell myself, next time I won't be so stupid... Then it happens again and I feel even worse about it. I know you should keep your chin up and learn from your mistakes but here's the thing: I try to improve myself, I just don't see how I can prevent these things from happening. So, now I'm asking you guys: Do you have certain groundrules when testing your code?

    Read the article

  • 25 Passwords to Avoid to Thwart Hackers

    SplashData, a vendor of smartphone productivity applications for consumers and businesses, recently released a list of the top 25 most commonly used passwords for 2011. The company compiled the list after analyzing files of stolen passwords that hackers posted online to share with their cybercriminal colleagues. Without further adieu, here is the list of passwords that made SplashData's top 25: password, 123456, 12345678, qwerty, abc123, monkey, 1234567, letmein, trustno1, dragon, baseball, 111111, iloveyou, master, sunshine, ashley, bailey, passw0rd, shadow, 123123, 654321, superman, qazwsx...

    Read the article

  • Is there a modern tutorial for setting up SSL on apache2?

    - by John Baber
    I've been running apache2 for ages on my ubuntu server without SSL. Now that I want to have some directories delivered by SSL, I can't find any straightforward tutorials that were written recently. The best I've found is http://vanemery.com/Linux/Apache/apache-SSL.html but it tells me to put stuff in /etc/httpd/conf I don't want to guess that that should translate to /etc/apache2/conf because guessing based on old tutorials has ruined my web serving before.

    Read the article

  • How to write efficient code in spite of heavy deadlines

    - by gladysbixly
    Hi all, I am working in an environment wherein we have many projects with strict deadlines on deliverables. We even talk directly to the clients so getting the jobs done and fast is a must. My issue is that i'd always write code for the first solution that comes to my mind, which of course I thought as best at that moment. It always ends up ugly though and i'd later realize that there are better ways to do it but can't afford to change due to time restrictions. Are there any tips by which I could make my code efficient yet deliver on time?

    Read the article

  • How do I trust an off site application

    - by Pieter
    I need to implement something similar to a license server. This will have to be installed off site at the customers' location and needs to communicate with other applications at the customers' site (the applications that use the licenses) and an application running in our hosting center (for reporting and getting license information). My question is how to set this up in a way I can trust that: The license server is really our application and not something that just simulates it; and There is no "man in the middle" (i.e. a proxy or something that alters the traffic). The first thing I thought of was to use with client certificates and that would solve at least 2. However, what I'm worried about is that someone just decompiles (this is build in .NET) the license server, alters some logic and recompiles it. This would be hard to detect from both connecting applications. This doesn't have to be absolutely secure since we have a limited number of customers whom we have a trust relationship with. However, I do want to make it more difficult than a simple decompile/recompile of the license server. I primarily want to protect against an employee or nephew of the boss trying to be smart.

    Read the article

  • Books or guides regarding secure key storage and database encryption

    - by Matty
    I have an idea for a SaaS product I want to create, however, this product will store extremely sensitive data that needs to be encrypted at rest. The trouble is not so much the encryption, but the problem of securely storing the keys so that in the event the server was somehow compromised, the keys couldn't just be recovered and used to decrypt the database. Are there any decent books to guides regarding database encryption, and in particular secure key storage? This seems to be a less than straightforward topic and something that is difficult to get right. I'm seeing multiple ways to attack such a system, but unable to come up with one that is secure enough to store highly confidential information.

    Read the article

  • Getting started with Team Foundation Server

    - by joe
    At work, we recently started using Team Foundation Server to manage our source code, i have no idea how to use this system. I do not know even know how to check source code in and out. Does anyone know of a step-by-step tutorial on how to work with TFS? Just for basic operations e.g. get latest version, upload your changes, etc. I am accessing it from Visual Studio 2010. I also have access to the TFS web interface.

    Read the article

  • What should a developer know before building a public web site?

    - by Joel Coehoorn
    What things should a programmer implementing the technical details of a web site address before making the site public? If Jeff Atwood can forget about HttpOnly cookies, sitemaps, and cross-site request forgeries all in the same site, what important thing could I be forgetting as well? I'm thinking about this from a web developer's perspective, such that someone else is creating the actual design and content for the site. So while usability and content may be more important than the platform, you the programmer have little say in that. What you do need to worry about is that your implementation of the platform is stable, performs well, is secure, and meets any other business goals (like not cost too much, take too long to build, and rank as well with Google as the content supports). Think of this from the perspective of a developer who's done some work for intranet-type applications in a fairly trusted environment, and is about to have his first shot and putting out a potentially popular site for the entire big bad world wide web. Also: I'm looking for something more specific than just a vague "web standards" response. I mean, HTML, JavaScript, and CSS over HTTP are pretty much a given, especially when I've already specified that you're a professional web developer. So going beyond that, Which standards? In what circumstances, and why? Provide a link to the standard's specification. This question is community wiki, so please feel free to edit that answer to add links to good articles that will help explain or teach each particular point. To search in only the answers from this question, use the inquestion:this option.

    Read the article

  • Investigating a big C++ project from its source code [closed]

    - by user827992
    Possible Duplicate: What is the best method to start understanding BIG project source code? I have a project that I would like to dissect to learn something new from it. This project is about 200 megabytes. For me, it is just impossible to open every cpp and hpp file and read each and every one. I also don't know what is the best approach in this case. Many people on the internet are looking for an UML tool to generate some kind of graph. I think that UML works well when you are starting a project and you want to express the business logic of your classes and methods. In my opinion UML is totally useless when studying a project only from its source code. Also UML is an OO language, in a large sized C++ project I find a lot of stuff that is not an object and can express some other kind of paradigm. Can you name a tool or a class of software that can help with this?

    Read the article

  • How should a site respond to automated login attempts with phony usernames?

    - by qntmfred
    For the last couple weeks I've been seeing a consistent stream of 15-30 invalid login attempts per hours on my site. Many of them are non-sensical usernames that nobody would ever register for real, and often contain typical spam-related keywords. They all come from different IP addresses so I can't just IP block/throttle the requests. I'm not worried about unauthorized access to real accounts since they aren't using real usernames. And if it were a member of my site trying to brute force logins, they could easily scrape the valid usernames from the site, so I'm not worried about that kind of malicious behavior either. But what's the point of this type of activity? What would whichever bot operator is doing this have to gain by attempting all these logins?

    Read the article

  • Avoid SQL Injection with Parameters

    - by simonsabin
    The best way to avoid SQL Injection is with parameters. With parameters you can’t get SQL Injection. You only get SQL Injection where you are building a SQL statement by concatenating your parameter values in with your SQL statement. Annoyingly many TSQL statements don’t take parameters, CREATE DATABASE for instance, or really annoyingly ALTER USER. In these situations you have to rely on using QUOTENAME or REPLACE to avoid SQL Injection. (Kimberly Tripp takes about this in her recent blog post Little...(read more)

    Read the article

  • Dot Net Code Coverage Test Tools - there is now a choice

    - by TATWORTH
    I have been pleasantly surprised this week to discover that there is a choice of tools for measuring Code Coverage. If you have Visual Studio Team edition, then if you are using MSTEST, then you have built-in code coverage, however even then you may need a standalone tool. The tools I have found are (costs are per seat): 1) NCover  http://www.ncover.com/ (from $199 to $658 per seat) I have used it but it is very expensive. 2) PartCover http://sourceforge.net/projects/partcover/ - Free!  Steep initial learning curve to get it to work. 3) Dot Cover from http://www.jetbrains.com/dotcover/ - Personal licence - normally $99 but at a introductory price of $75 and free for OpenSource Developers (details at http://www.jetbrains.com/dotcover/buy/buy.jsp#opensource_) 4) Test Matrix from http://submain.com/products/testmatrix.aspx - $149 for a licence

    Read the article

  • methods DSA_do_verify and SHA1 (OpenSSL library for Windows)

    - by Rei
    i am working on a program to authenticate an ENC signature file by using OpenSSL for windows, and specifically methods DSA_do_verify(...) and SHA1(...) hash algorithm, but is having problems as the result from DSA_do_verify is always 0 (invalid). I am using the signature file of test set 4B from the IHO S-63 Data Protection Scheme, and also the SA public key (downloadable from IHO) for verification. Below is my program, can anyone help to see where i have gone wrong as i have tried many ways but failed to get the verification to be valid, thanks.. The signature file from test set 4B // Signature part R: 3F14 52CD AEC5 05B6 241A 02C7 614A D149 E7D6 C408. // Signature part S: 44BB A3DB 8C46 8D11 B6DB 23BE 1A79 55E6 B083 7429. // Signature part R: 93F5 EF86 1FF6 BA6F 1C2B B9BB 7F36 0C80 2F9B 2414. // Signature part S: 4877 8130 12B4 50D8 3688 B52C 7A84 8E26 D442 8B6E. // BIG p C16C BAD3 4D47 5EC5 3966 95D6 94BC 8BC4 7E59 8E23 B5A9 D7C5 CEC8 2D65 B682 7D44 E953 7848 4730 C0BF F1F4 CB56 F47C 6E51 054B E892 00F3 0D43 DC4F EF96 24D4 665B. // BIG q B7B8 10B5 8C09 34F6 4287 8F36 0B96 D7CC 26B5 3E4D. // BIG g 4C53 C726 BDBF BBA6 549D 7E73 1939 C6C9 3A86 9A27 C5DB 17BA 3CAC 589D 7B3E 003F A735 F290 CFD0 7A3E F10F 3515 5F1A 2EF7 0335 AF7B 6A52 11A1 1035 18FB A44E 9718. // BIG y 15F8 A502 11C2 34BB DF19 B3CD 25D1 4413 F03D CF38 6FFC 7357 BCEE 59E4 EBFD B641 6726 5E5F 0682 47D4 B50B 3B86 7A85 FB4D 6E01 8329 A993 C36C FD9A BFB6 ED6D 29E0. dataServer_pkeyfile.txt (extracted from above) // BIG p C16C BAD3 4D47 5EC5 3966 95D6 94BC 8BC4 7E59 8E23 B5A9 D7C5 CEC8 2D65 B682 7D44 E953 7848 4730 C0BF F1F4 CB56 F47C 6E51 054B E892 00F3 0D43 DC4F EF96 24D4 665B. // BIG q B7B8 10B5 8C09 34F6 4287 8F36 0B96 D7CC 26B5 3E4D. // BIG g 4C53 C726 BDBF BBA6 549D 7E73 1939 C6C9 3A86 9A27 C5DB 17BA 3CAC 589D 7B3E 003F A735 F290 CFD0 7A3E F10F 3515 5F1A 2EF7 0335 AF7B 6A52 11A1 1035 18FB A44E 9718. // BIG y 15F8 A502 11C2 34BB DF19 B3CD 25D1 4413 F03D CF38 6FFC 7357 BCEE 59E4 EBFD B641 6726 5E5F 0682 47D4 B50B 3B86 7A85 FB4D 6E01 8329 A993 C36C FD9A BFB6 ED6D 29E0. Program abstract: QbyteArray pk_data; QFile pk_file("./dataServer_pkeyfile.txt"); if (pk_file.open(QIODevice::Text | QIODevice::ReadOnly)) { pk_data.append(pk_file.readAll()); } pk_file.close(); unsigned char ptr_sha_hashed[20]; unsigned char *ptr_pk_data = (unsigned char *)pk_data.data(); // openssl SHA1 hashing algorithm SHA1(ptr_pk_data, pk_data.length(), ptr_sha_hashed); DSA_SIG *dsasig = DSA_SIG_new(); char ptr_r[] = "93F5EF861FF6BA6F1C2BB9BB7F360C802F9B2414"; //from tset 4B char ptr_s[] = "4877813012B450D83688B52C7A848E26D4428B6E"; //from tset 4B if (BN_hex2bn(&dsasig->r, ptr_r) == 0) return 0; if (BN_hex2bn(&dsasig->s, ptr_s) == 0) return 0; DSA *dsakeys = DSA_new(); //the following values are from the SA public key char ptr_p[] = "FCA682CE8E12CABA26EFCCF7110E526DB078B05EDECBCD1EB4A208F3AE1617AE01F35B91A47E6DF63413C5E12ED0899BCD132ACD50D99151BDC43EE737592E17"; char ptr_q[] = "962EDDCC369CBA8EBB260EE6B6A126D9346E38C5"; char ptr_g[] = "678471B27A9CF44EE91A49C5147DB1A9AAF244F05A434D6486931D2D14271B9E35030B71FD73DA179069B32E2935630E1C2062354D0DA20A6C416E50BE794CA4"; char ptr_y[] = "963F14E32BA5372928F24F15B0730C49D31B28E5C7641002564DB95995B15CF8800ED54E354867B82BB9597B158269E079F0C4F4926B17761CC89EB77C9B7EF8"; if (BN_hex2bn(&dsakeys->p, ptr_p) == 0) return 0; if (BN_hex2bn(&dsakeys->q, ptr_q) == 0) return 0; if (BN_hex2bn(&dsakeys->g, ptr_g) == 0) return 0; if (BN_hex2bn(&dsakeys->pub_key, ptr_y) == 0) return 0; int result; //valid = 1, invalid = 0, error = -1 result = DSA_do_verify(ptr_sha_hashed, 20, dsasig, dsakeys); //result is 0 (invalid)

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 135 136 137 138 139 140 141 142 143 144 145 146  | Next Page >