Search Results

Search found 15441 results on 618 pages for 'ssl security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 150/618 | < Previous Page | 146 147 148 149 150 151 152 153 154 155 156 157  | Next Page >

  • json webservice security

    - by crisgomez
    I have a problem regarding json web service security. I tried to developed a sample web application using json webservice,but the problem is the url was exposed on the client side.So from there,anybody can make a program and call the service for a thousand times. Please take note, that the web service will be using for a registration page, in which checks if the user was exist on the database.So there is no authentication happened on this process. What are the approach to secure the calling of the exposed web service?

    Read the article

  • SharePoint Navigation Custom Link Security Trimming

    - by ifunky
    Hi, We've got our navigation setup so that subsites show in the global navigation but we have a requirement to also put custom links to external sites which is straight forward. The tricky part is that some of the custom links need security trimming which you don't get when you add your own links to the navigation. Just wondering if anyone has got some ideas on how to work around this? Thanks Dan

    Read the article

  • .net example of using client certificates in web service call?

    - by Rory
    I'd like to use client certificates to verify the identity of administrative callers to my web service. Then I can issue certificates only to the people I want to call my web service and be pretty sure noone else can call it. This is in a very controlled scenario where only one or two people will get the client certificate, so distribution isn't a hard problem. This article provides a good example of how to call a web service using a client certificate. But how can I check details of the client certificate from within my web service? This old article talks about configuring IIS to do it, but I'd like to do it programmatically within my app. I think? thanks for any suggestions!

    Read the article

  • Paypal's "Security header is not valid"

    - by Paypal
    I'm implementing the Express Checkout? I have no problem with the first two steps:SetExpressCheckout and GetExpressCheckout,but met the "Security header is not valid" at DoExpressCheckout. The API credentials are the same! I've fixed it by changing the $environment to live in DoExpressCheckout.(The difference is that it'll use https://api.sandbox.paypal.com/nvp/ instead of https://api-3t.$environment.paypal.com/nvp) But why? Is there something wrong with https://api-3t.$environment.paypal.com/nvp?

    Read the article

  • Turn off IIS 7.5 Attach security warning

    - by Miau
    IIS 7 and Visual Studio 2008, every time you attach to w3wp.exe you get an Attach Security Warning, How do you turn this of? It would be cool to know also, how to keep it attached for linger, as this seems to time out after a while Btw: I Added this as a comment to the answer below, the first thing i did was try the msdn article http://msdn.microsoft.com/en-us/library/ms241736.aspx that doesn't work

    Read the article

  • What do I need to do to get IE8 to accept a self signed certificate?

    - by Jay
    We use self signed certificates on our intranet. What do I need to do to get IE8 to accept them without showing an error message to the user? What we did for IE7 apparently isn't working. EDIT: IE7 wouldn't show any errors if I put the certificate into trusted root certification authorities. IE8 seems to show errors even with the certificate there.

    Read the article

  • Make a Method of the Business Layer secure. best practice / best pattern [.net/c#]

    - by gsharp
    Hi We are using ASP.NET with a lot of AJAX "Page Method" calls. The WebServices defined in the Page invokes methods from our BusinessLayer. To prevent hackers to call the Page Methods, we want to implement some security in the BusinessLayer. We are struggling with two different issues. First one: public List<Employees> GetAllEmployees() { // do stuff } This Method should be called by Authorized Users with the Role "HR". Second one: public Order GetMyOrder(int orderId) { // do sutff } This Method should only be called by the owner of the Order. I know it's easy to implement the security for each method like: public List<Employees> GetAllEmployees() { // check if the user is in Role HR } or public Order GetMyOrder(int orderId) { // check if the order.Owner = user } What I'm looking for is some pattern/best practice to implement this kind of security in a generic way (without coding the the if then else every time) I hope you get what i mean :-) Thanks for you help.

    Read the article

  • Which CA issues Timestamping certificate

    - by frx
    Hello! Our company currently implementing TSA (Time Stamp Authority) service. And now we are searching CA (Certification Authority), which could issue certificate with intended usage: Timestamping. I contacted with few CA's, but they offer just Digital ID certificates, and know nothing about TSA. Maybe someone has experience with such problem? Thank You!

    Read the article

  • Make a Method of the Business Layer secure. best practice / best pattern

    - by gsharp
    We are using ASP.NET with a lot of AJAX "Page Method" calls. The WebServices defined in the Page invokes methods from our BusinessLayer. To prevent hackers to call the Page Methods, we want to implement some security in the BusinessLayer. We are struggling with two different issues. First one: public List<Employees> GetAllEmployees() { // do stuff } This Method should be called by Authorized Users with the Role "HR". Second one: public Order GetMyOrder(int orderId) { // do sutff } This Method should only be called by the owner of the Order. I know it's easy to implement the security for each method like: public List<Employees> GetAllEmployees() { // check if the user is in Role HR } or public Order GetMyOrder(int orderId) { // check if the order.Owner = user } What I'm looking for is some pattern/best practice to implement this kind of security in a generic way (without coding the the if then else every time) I hope you get what i mean :-)

    Read the article

  • Where can I find a deliberately insecure open source web application?

    - by Phil Laliberte
    As a developer, I've learned that I usually gain a better understanding of best/worst practices through experience. The area of web application security isn't really somewhere where my organization can afford to let developers learn through trial and error. So looking for a hands-on approach to knowledge sharing of best practices in web application security, I was thinking that it would be useful to have an open source application that was deliberately built to be insecure in order to help teach junior developers about application security. Does anyone out there know where to find something like this?

    Read the article

  • .htaccess redirect https to http not working

    - by Ira Rainey
    I am trying to catch any https traffic to the front of my site so: https://www.domain.com is redirected to: http://www.domain.com However other subdomains need to be redirected elsewhere. For the most part this is all working, apart from the https - http redirection. Here's my .htaccess file at the moment: RewriteEngine On RewriteCond %{HTTPS} on RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} RewriteCond %{HTTP_HOST} ^domain\.com [NC] RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301] RewriteCond "%{HTTP_HOST}" !^www.* [NC] RewriteCond "%{HTTP_HOST}" ^([^\.]+).*$ RewriteRule ^(.*)$ https://secure.domain.com/a/login/%1 [L,R=301] It would seem that this bit: RewriteCond %{HTTPS} on RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} isn't working as I would imagine. In fact it doesn't seem to redirect at all. In another subdirectory I have the opposite in effect which works fine: RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} so my thinking is the opposite should have done the job, but seemingly not. Any thoughts anyone?

    Read the article

  • osCommerce Security Issue

    - by Auxi
    Hi, I am planning to integrate some opensource shopping cart with my site and I am bit worried about it's security. Is it that easy to hack osCommerce based website? Because I am thinking to use osCommerce.. Kindly advise.

    Read the article

  • Web based interface for open SSL client certificates

    - by Felix
    Hi there! We are currently developing a apache2-based web application and want to invite some beta testers to give it a try. To be on the safe side, access should be provided by individual browser certificates (.p12) which are issued using a (fake) CA. Our users should be passing a complete register/login process and some of them will be granted administrative privileges within the application. That's why a preceding simple web-based authentication won't be sufficient. Atm, I using a serverside shellscript to generate the certificates each time. Do you know about a small, web-based tool to simplify the process of generating / revoking those certificates? Maybe an overview of the CA's index.txt plus the option to revoke a cert and a link to download them directly?

    Read the article

  • HTTPS on iPhone

    - by Rob
    I need to be able to use https to connect to a server and I'm wondering if there's recommended way of doing this on the iPhone that's NOT: - an undocumented api call - does not require manually storing certificates in the app bundle Thanks all.

    Read the article

  • How to add chain of certificate in spring ws client request

    - by hudi
    I have simply spring ws client which sending request to some url: @SuppressWarnings("unchecked") private JAXBElement<O> sendSyncSoapRequest(final JAXBElement<I> req, final String iszrUrl) { if (iszrUrl != null) { return (JAXBElement<O>) this.wsTemplate.marshalSendAndReceive(iszrUrl, req); } else { return (JAXBElement<O>) this.wsTemplate.marshalSendAndReceive(req); } } Now I need attach chain of certificate to the soap request. How should I do this ? Please help

    Read the article

  • Storing a NTFS Security Descriptor in C

    - by Doori Bar
    My goal is to store a NTFS Security Descriptor in its identical native state. The purpose is to restore it on-demand. I managed to write the code for that purpose, I was wondering if anybody mind to validate a sample of it? (The for loop represents the way I store the native descriptor) This sample only contains the flag for "OWNER", but my intention is to apply the same method for all of the security descriptor flags. I'm just a beginner, would appreciate the heads up. Thanks, Doori Bar #define _WIN32_WINNT 0x0501 #define WINVER 0x0501 #include <stdio.h> #include <windows.h> #include "accctrl.h" #include "aclapi.h" #include "sddl.h" int main (void) { DWORD lasterror; PSECURITY_DESCRIPTOR PSecurityD1, PSecurityD2; HANDLE hFile; PSID owner; LPTSTR ownerstr; BOOL ownerdefault; int ret = 0; unsigned int i; hFile = CreateFile("c:\\boot.ini", GENERIC_READ | ACCESS_SYSTEM_SECURITY, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL); if (hFile == INVALID_HANDLE_VALUE) { fprintf(stderr,"CreateFile() failed. Error: INVALID_HANDLE_VALUE\n"); return 1; } lasterror = GetSecurityInfo(hFile, SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION , &owner, NULL, NULL, NULL, &PSecurityD1); if (lasterror != ERROR_SUCCESS) { fprintf(stderr,"GetSecurityInfo() failed. Error: %lu;\n", lasterror); ret = 1; goto ret1; } ConvertSidToStringSid(owner,&ownerstr); printf("ownerstr of PSecurityD1: %s\n", ownerstr); /* The for loop represents the way I store the native descriptor */ PSecurityD2 = malloc( GetSecurityDescriptorLength(PSecurityD1) * sizeof(unsigned char) ); for (i=0; i < GetSecurityDescriptorLength(PSecurityD1); i++) ((unsigned char *) PSecurityD2)[i] = ((unsigned char *) PSecurityD1)[i]; if (IsValidSecurityDescriptor(PSecurityD2) == 0) { fprintf(stderr,"IsValidSecurityDescriptor(PSecurityD2) failed.\n"); ret = 2; goto ret2; } if (GetSecurityDescriptorOwner(PSecurityD2,&owner,&ownerdefault) == 0) { fprintf(stderr,"GetSecurityDescriptorOwner() failed."); ret = 2; goto ret2; } ConvertSidToStringSid(owner,&ownerstr); printf("ownerstr of PSecurityD2: %s\n", ownerstr); ret2: free(owner); free(ownerstr); free(PSecurityD1); free(PSecurityD2); ret1: CloseHandle(hFile); return ret; }

    Read the article

  • default file/folder security permissions sbs 2003

    - by Floris
    I have lost all file/folder security permissions of a SBS 2003 installation and was wondering is there some command I can run to restore system file/folder permissions to there default values. I lost the permissions when I had boot error and had to restore the primary boot sector from backup primary boot sector and had to tun fixboot to get the system booting again. Many Thanks Floris

    Read the article

  • How to structure web application with part of it being secured (SSL)

    - by spirytus
    What is the common pattern to structure web application where part of it has to be secured. So lets say I have page_a and page_b which do not need to be secured, although should display login information (login fields or login details once user logged in). This web app. also would have secured pages (admin, checkout or similar) secure_page_c and secure_page_d. My questions are: What is the common folder structure for such assuming I code in php with no frameworks? Also how shall I deal with session variables in case user navigates lets say from secure_page_b to non secure page_a or vice versa? What else might be a problem and should be considered when coding that kind of app in php? Thank you all for any suggestions

    Read the article

  • Writable folder by all users on the same pc

    - by Catalin DICU
    I have a desktop .NET WPF application witch uses an embedded database (SQLite). Where to put the database file ? It's the same database for all users. I tried to use CommonAppData but it's not writable by non-admin users. So I tried to use a custom installer action to give write rights to all users to this folder but it fails on domain PCs. The code is: DirectorySecurity security = Directory.GetAccessControl(appDataPath); FileSystemAccessRule rule = new FileSystemAccessRule("Users", FileSystemRights.WriteData, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow); security.AddAccessRule(rule); Directory.SetAccessControl(appDataPath, security); Would ".\Users" insead of "Users" work on a domain ? Is this the best approach ? Is there any other folder I could use ?

    Read the article

  • tomcat 6.0.18 HTTPS not working

    - by user180152
    Hi, I am trying to configure tomcat for HTTPS on localhost. I am using self signed certification. I added folowing line of code to server.xml. <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" SSLEngine="on" keystoreFile="path-to-keystore" keystorePass="password" /> I am getting following error in browser: An error occurred during a connection to localhost:8443. Peer reports it experienced an internal error. (Error code: ssl_error_internal_error_alert) Can anybody guide me to proper direction. Thanks.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 146 147 148 149 150 151 152 153 154 155 156 157  | Next Page >