It is secure to use malloc?
- by Felix Guerrero
A friend told me that allocating with malloc it is not secure anymore, I'm not a C/C++ guru but I've made some stuffs with malloc and C. Does anyone knows about what risks I'm into?.
Search Results
Search found 3707 results on 149 pages for 'f secure'.
Page 16/149 | < Previous Page | 12 13 14 15 16 17 18 19 20 21 22 23 | Next Page >
-
-
Secure comunication Between a Web Page and the Server
- by Jean Paul
I'm wondering if theres already a combo let say jQuery - Some C# DLL to proive a secure both way communication between ASPX forms with jQuery and a control layer based on ashx files with C# classes...Read the article
-
How are classes more secure than structures ?
- by Asad Hanif
Structure's member are public by default ans class's members are private by default. We can access private data members through a proper channel (using member function). If we have access to member functions we can read/write data in private data member, so how it is secure...we are accessing it and we are changing data too.....Read the article
-
Best practice for secure socket connection.
- by LnDCobra
What is the best practice for a secure socket connection (without SSL). I will be moving sensitive data (logins/passwords/accounts) across TCP Socket connection, and wondering if there is a good/fast way of Encrypting/Decrypting and avoiding malicious injection.Read the article
-
How classes are secure than structures ?
- by Asad Hanif
Structure's member are public by default ans class's members are private by default. We can access private data members through a proper channel (using member function). If we have access to member functions we can read/write data in private data member, so how it is secure...we are accessing it and we are changing data too.....Read the article
-
Decentralized synchronized secure data storage
- by Alberich
Introduction Hi, I am going to ask a question which seems utopic for me, but I need to know if there is a way to achieve what I need. And if not, I need to know why not. The idea Suppose I have a database structure, in MySql. I want to create some solution to allow anyone (no matter who, no matter where) to have a synchronized copy (updated clone) of this database (with its content) Well, and it is not going to be just one synchronized copy, it could (and should) be a multiple replication (supposing the basic, this means, for example, ten copies all over the world) And, the most important thing: It must be secure. By secure I mean only real-accepted transactions will be synchronized with all the others (no matter how many) database copies/clones. Note: Since it would be quite difficult to make the synchronization in real-time, I will design everything to make this feature dispensable. So it is not required. My auto-suggestion This is how I am thinking to manage it: Time identifiers and Updates checking: Every action (insert, update, delete...) will be stored as the action instruction itself, associated to the time identifier. [I think better than a DATETIME field, it'll be an INT one, with the number of miliseconds passed from 1st january 2013 on, for example]. So each copy is going to ask to the "neighbour copy" for new actions done since last update, and execute them after checking they are allowed. Problem 1: the "neighbour copy" could be outdated too. Solution 1: do not ask just one neighbour, create a random list with some of the copies/clones and ask them for news (I could avoid the list and ask ALL the clones for updates, but this will be inefficient if clones number ascends too much). Problem 2: Real-time global synchronization is not active. What if... Someone at CLONE_ENTERPRISING inserts a row into TABLE. ... this row goes to every clone ... Someone at CLONE_FIXEMALL deletes this row. ... and at the same time, somewhere in an outdated clone ... Someone at CLONE_DROPOUT edits this row (now inexistent at the other clones) Solution 2: easy stuff, force a GLOBAL synchronization before doing any new "depending-on-third-data action" (edit, for example). This global synch. will be unnecessary when making an INSERT, for instance. Note: Well, someone could have some fun, and make the same insert in two clones... since they're not getting updated in real-time, this row will exist twice. But, it's the same as when we have one single database, in some needed cases we check if there is an existing same-row before doing the final action. Not a problem. Problem 3: It is possible to edit the code and do not filter actions, so someone could spread instructions to delete everything, or just make some trolling activity. This is not a problem, since good clones will always be somewhere. Those who got bad won't interest anymore. I really appreciate if you read. I know this is not the perfect solution, it has possibly hundred of holes, but it is my basic start. I will now appreciate anything you can teach me now. Thanks a lot. PS.: It could be that all this I am trying already exists and has its own name. Sorry for asking then (I'd anyway thank this name, if it exists)Read the article
-
Le premier virus sur PC a 25 ans, le Directeur du Laboratoire de Recherche de F-Secure retrace son histoire en vidéo depuis le Pakistan
Le premier virus sur PC a 25 ans L'éditeur F-Secure retrace son histoire en vidéo En collaboration avec Gordon Fowler Le premier virus ayant infecté un PC a été découvert en 1986. Et curieusement pour aujourd'hui, ce virus contenaient les contacts de ses auteurs au Pakistan. A l'occasion de cet anniversaire, Mikko Hyppönen, Directeur du Laboratoire de Recherche de F-Secure, s'est donc rendu dans la ville de Lahore au Pakistan pour retrouver ces créateurs, deux frères, Amjad et Basit Farooq Alvi. qui sont aujourd'hui à la tête d'un FAI florissant (Brain Telecommunication Ltd). F-Secure propose un reportage v...Read the article
-
WebClient The request was aborted: Could not create SSL/TLS secure channel
- by Tomas
I am using WebClient in ASP.NET app to call PayPal secured url to create payment button. While calling secured PayPal Url I get error below. How to solve this problem? Do I need to purchase certificate to just call secured url? The request was aborted: Could not create SSL/TLS secure channel. My code ServicePointManager.Expect100Continue = true; ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3; using (var client = new WebClient()) { var postBytes = Encoding.ASCII.GetBytes(param); client.Headers.Add("Content-Type", "application/x-www-form-urlencoded"); responseBytes = client.UploadData(_paymentProcessorCredentials.PayPalApiUrl, "POST", postBytes); }Read the article
-
websphere-mq security changes in 7.0 + - Is it possible to secure MQ objects without using security
- by avinash
We are using security exits in WebsphereMQ 6.0 to provide security in java clients connecting to MQ and MQ - MQ connectivity. We use security exits to provide secure way to connect to Queue managers , Queue , channel. IS there any change in security mechanism in latest version so that we can completely avoid using security exits ? This is what our requirement/goal in MQ security Queuemanagers should be only accessible with providing proper username and password (I know this is not possible in 6.0 without security exits ) A legal user after authenticating queuemanager connection should be able to access only his queue / channel. ThanksRead the article
-
Security failure - This is not a secure document but has security embed parameters
- by dimitris mistriotis
I try to create a private version and therefore I used something like this in php: var scribd_doc = scribd.Document.getDoc( 28394353, 'xxx'); scribd_doc.addParam("use_ssl", true); scribd_doc.addParam('public', false); scribd_doc.grantAccess("cbccf6e7-1ff7-9034-8a7c-a0c2a5b225ed", <?php echo "'" . trim($_COOKIE['PHPSESSID']) . "'" ?>, <?php echo "'" . scribd_calculate_signature($documentID = '28394353', $sessionID = trim($_COOKIE['PHPSESSID']), $userID = "cbccf6e7-1ff7-9034-8a7c-a0c2a5b225ed") . "'" ?>); ... ... scribd_doc.write( 'embedded_flash' ); Which is the api of scribd for javascript with the addition of the signature. My result is the "Security failure - This is not a secure document but has security embed parameters" Error, which is not well documented. The document is set to private. Any ideas?Read the article
-
Web Services: Secure? Asp.net
- by Jacques
Hey there, Something I can't wrap my head around is how secure web services are. For example we're writing a desktop application that will interact with data on one of our websites as well as local data. This data is sensitive though and the last thing we want is anybody calling the web services. I've not yet found anything that says web services has some kind of authentication methods and the only security I've seen people talk about is using certificates to encrypt the message. I'm no guru on this and would appreciate anyone's input and perhaps a link to somewhere that will explain this in simple terms. Thanks JacquesRead the article
-
How to secure licensekey generation
- by Jakob Gade
Scenario, simplified for brevity: A developer creates an application for a customer. The customer sells this app to end-users. The app requires a license key to run, and this key is generated by the customer for each end-user with a simple tool created by the developer. The license key contains an expiry date for the license and is encrypted so the end-user can’t tamper with it. The problem here is that the developer (or anybody who has a copy of the license key generator) can easily create valid license keys. Should this generator fall into the wrong hands, it could spell disaster for the customers business. Ideally, the customer would have to use a password to create new license keys. And this password would be unknown to the developer, and somehow baked into the decryption algorithm in the application so it will fail if an attempt to use an unauthorized key is made. How would you implement a solution for this problem that is both transparent and secure?Read the article
-
How to secure Java webservices with login and session handling
- by hubertg
I'd like to secure my (Java metro) webservice with a login. Here's how I'm planning to do that: Steps required when calling a webservice method are: call login(user,pwd), receive a session token 1.1 remember the token call servicemethod (token, arg1, arg2...) webservice checks if the token is known, if not throw exception otherwise proceed logout or timeout after x time periods of inactivity my questions: 1. what's your opinion on this approach? does it make sense? 2. are there any libraries which take the burden of writing a session handling (maybe with database persistence to survive app restarts) (the solution should be simple and easily usable with Java and .NET clients) thanks!Read the article
-
How to secure connection between PHP and Android
- by Elad Cohen
I am developing an application for the Android that requires a connection with PHP pages in order to add sensitive data to a database that will affect the application. Since it's very easy to reverse engineer an android app, one can simply find the url where the data is sent to and manipulate it. I thought about creating a registration based on IMEI, but one can still able to manipulate it for his malicious purposes. I have also checked OAuth but I didn't really understand how it works and if it can help in my condition. What can I do to fully secure my application? Thanks in advance! EDIT: By the way, what I am mostly trying to achieve here is to make sure the requests are being sent from an Android and not from any other device.Read the article
-
Secure login on your domain with Google App Engine
- by mhost
Hi, We are starting a very large web based service project. We are trying to decide what hosting environment to use. We would really like to use Google App Engine for scalability reasons and to eliminate the need to deal with servers ourselves. Secure logins/registrations is very important to us, as well as using our own domain. Our target audience is not very computer savvy. For this reason, we don't want to have the users have to sign up with OpenID as this can't be done within our site. We also do not want to force our customers to sign up with Google. As far as I can see, I am out of luck. I am hoping to have a definite answer to this question. Can I have an encrypted login to our site accessed via our domain, without having to send the customers to another site for the login (OpenID/Google). Thanks.Read the article
-
How to secure authorization of methods
- by Kurresmack
I am building a web site in C# using MVC.Net How can I secure that no unauthorized persons can access my methods? What I mean is that I want to make sure that only admins can create articles on my page. If I put this logic in the method actually adding this to the database, wouldn't I have business logic in my data layer? Is it a good practise to have a seperate security layer that is always in between of the data layer and the business layer to make? The problem is that if I protect at a higher level I will have to have checks on many places and it is more likely that I miss one place and users can bypass security. Thanks!Read the article
-
Windows secure pinned website tile
- by Stijn de Voogd
I'm currently working on a pinned website tile for my website and instead of using a static XML file i'm linking the tile to a web api that returns user specific XML. My question is: Is it possible to secure this tile so that a user needs to be logged in before the data loads? The pinned website livetile doesn't send any security request headers/ cookies: - Http: Request, GET /v1/livetile/firsttile Command: GET + URI: /v1/livetile/firsttile ProtocolVersion: HTTP/1.1 UserAgent: Microsoft-WNS/6.3 Host: 192.168.14.109:2089 Cache-Control: no-cache HeaderEnd: CRLF Sidenote: Notice how it's not even sending an accept header even though it only wants xml. Info: http://msdn.microsoft.com/en-US/library/ie/dn455106 http://msdn.microsoft.com/en-us/library/ie/hh761491.aspx# Thanks in advance!Read the article
-
How do I secure all the admin actions in all controllers in cakePHP
- by Gaurav Sharma
Hello Everyone, I am developing an application using cakePHP v 1.3 on windows (XAMPP). Most of the controllers are baked with the admin routing enabled. I want to secure the admin actions of every controller with a login page. How can I do this without repeating much ? One solution to the problem is that "I check for login information in the admin_index action of every controller" and then show the login screen accordingly. Is there any better way of doing this ? The detault URL to admin (http://localhost/app/admin) is pointing to the index_admin action of users controller (created a new route for this in routes.php file) ThanksRead the article
-
How secure is my website?
- by Doug
As a beginning web developer, I try my best to clean up all the user inputs through checks and what not. However, today, I found out my website was hacked (I'll share their website on request) and it really made my wonder how did they do it. I'm in the process of getting my website back together. What should I do to prevent these things? Is there people I should talk to and ask how secure my website is? What can I do to to keep my website safe?Read the article
-
iphone: is there any secure way to establish 2-way SSL from an application
- by pmilosev
Hi I need to establish a HTTPS 2-way SSL connection from my iPhone application to the customer's server. However I don't see any secure way to deliver the client side certificates to the application (it's an e-banking app, so security is really an issue). From what I have found so far the only way that the app would be able to access the certificate is to provide it pre-bundeled with the application itself, or expose an URL from which it could be fetched (http://stackoverflow.com/questions/2037172/iphone-app-with-ssl-client-certs). The thing is that neither of this two ways prevent some third party to get the certificate, which if accepted as a risk eliminates the need for 2-way SSL (since anyone can have the client certificate). The whole security protocol should look like this: - HTTPS 2-way SSL to authenticate the application - OTP (token) based user registration (client side key pair generated at this step) - SOAP / WSS XML-Signature (requests signed by the keys generated earlier) Any idea on how to establish the first layer of security (HTTPS) ? regardsRead the article
-
How to secure authiorization of methods
- by Kurresmack
I am building a web site in C# using MVC.Net How can I secure that no unauthorized persons can access my methods? What I mean is that I want to make sure that only admins can create articles on my page. If I put this logic in the method actually adding this to the database, wouldn't I have business logic in my data layer? Is it a good practise to have a seperate security layer that is always in between of the data layer and the business layer to make? The problem is that if I protect at a higher level I will have to have checks on many places and it is more likely that I miss one place and users can bypass security. Thanks!Read the article
-
How to load secure S3 images into Flex with temporary URLs
- by Yarin
I have some secure images on S3 that I need to load into Flex. I was expecting to be able to do this using signed temporary URLs but can't get it working. I know the URLs I'm generating are correct, because they load fine in my browsers' address bar. Moreover, Flex has no problem loading my images with a non-signed url when they are public, but as soon as I try signing the urls all the images fail, whether public or not. I've tried image.source = signedURL, image.load(signedURL), etc. If I try loading the file with URLLoader/URLStream, it looks like I'm getting the data OK, but I'm not sure how to translate those results to an Image control. Is this just an issue with the Image control not being able to recognize signed urls? Do I have to load the image from a byte array? What would that look like?Read the article
-
Spring security oauth2 provider to secure non-spring api
- by user1241320
I'm trying to set up an oauth 2.0 provider that should "secure" our restful api using spring-security-oauth. Being a 'spring fan' i thought it could be the quicker solution. main point is this restful thingie is not a spring based webapp. boss says the oauth provider should be a separate application, but i'm starting to doubt that. (got this impression by reading spring-security-oauth) i'm also new here so haven't really got my hands into this other (jersey-powered) restul api (core of our business). any help/hint will be much appreciated.Read the article
-
Is it secure to use malloc?
- by Felix Guerrero
Somebody told me that allocating with malloc is not secure anymore, I'm not a C/C++ guru but I've made some stuff with malloc and C/C++. Does anyone know about what risks I'm into? Quoting him: [..] But indeed the weak point of C/C++ it is the security, and the Achilles' heel is indeed malloc and the abuse of pointers. C/C++ it is a well known insecure language. [..] There would be few apps in what I would not recommend to continue programming with C++."Read the article
-
htpasswd, secure specific files in zend framework
- by AKFourSeven
Hi I have been bashing my head against the wall with this riddle and cannot find the way to solve this. I would like to secure couple of files to restrict access to certain pages but my attempts so far are unsuccessful. I do not want to use Zend Auth as it is a very small web site doing simple stuff. Here is a sample of what I have done: AuthUserFile /path/to/my/.htpasswd AuthName "Admin Restriction" AuthType Basic <Files file.phtml> require valid-user </Files> Is there any way to achieve this ?Read the article
