Search Results

Search found 5864 results on 235 pages for 'secure gateway'.

Page 182/235 | < Previous Page | 178 179 180 181 182 183 184 185 186 187 188 189  | Next Page >

• Best option for Google App Engine Datastore and external database?

  - by Alex

  I need to get an App Engine app talking to and sharing data with an external database, The best option i can come up with is outputting the external database data to an xml file and then processing this in my app engine app and storing it inside the datastore, although the data being shared is sensitive data such as login details so outputting this to an xml file is not exactly a great idea, is it possible for the app engine app to directly query the database? or is there a secure option for using xml files? oh and im using python/django and the external database will be hosted on another domain

  Read the article

• What is the current standard for authenticating Http requests (REST, Xml over Http)?

  - by CodeToGlory

  The standard should solve the following Authentication challenges like- Replay attacks Man in the Middle Plaintext attacks Dictionary attacks Brute force attacks Spoofing by counterfeit servers I have already looked at Amazon Web Services and that is one possibility. More importantly there seems to be two most common approaches: Use apiKey which is encoded in a similar fashion like AWS but is a post parameter to a request Use Http AuthenticationHeader and use a similar signature like AWS. Signature is typically obtained by signing a date stamp with an encrypted shared secret. This signature is therefore passed either as an apiKey or in the Http AuthenticationHeader. I would like to know weigh both the options from the community, who may have used one or more and would also like to explore other options that I am not considering. I would also use HTTPS to secure my services.

  Read the article

• What should I do to practice?

  - by simion

  I start a year long industrial placement in September where i will be coding in Java predominantly. I am going to use the summer to brush up on my Java as in year one of the degree Java was the main language taught for OOP modules. However this year i have had no Java exposure except for an algorithms module, which was one of eight, so as you can see i am probably getting really rusty!. What i wanted to know is, how does the "real world" java programming differ from university coding and what do you suggest i brush up on that would be different to my normal workings. As a start I definitely need to get familiar with a professional IDE like NetBeans, opposed to having used BlueJ throughout but more specifically what coding practices should I get more familiar with. I appreciate they wont expect me to be a qualified full developer and will give me time, but I would like to hit the ground running as it were, with me having full hopes to secure a permanent position after I finish my degree.

  Read the article

• Would it be faster to use CMS for building the first site in ASP.NET?

  - by rem

  I need an opinion and advise from experienced ASP.NET people, what way to go. Assuming that a developer has some practical background with HTML/JavaScript/PHP on one side and some .NET/C#/WPF experience on the other side. No previous hands on experience with ASP.NET - only theory and some read books on the topic. The task is to build ASP.NET web site with User Managment functionality (user authentication, user account, user buying history, user points and so on) and E-commerce functionality with shopping cart, checkout and all needed for this. Is it worth, i.e. will it be faster, more reliable and secure in the result to use a ASP.NET CMS system (for example Sitefinity from Telerik as declared developer friendly) to build such first site? In what case the learning curve will be more steep and it will take more time to achieve similar results? Notes to take into consideration: 1) Price of the CMS matters not very much 2) E-commerce module should be written from scratch in any case (and integrated in case of using CMS) due to very specific requirements

  Read the article

• Securing files on IPhone

  - by clearbrian

  Hi Is there a way to decompile the binary from an IPhone app. I jailbroke my IPhone and was surprised to find other app's dbs wide open to be copied. So I exported my most important table and hardcoded it into code. Instead of loading table into array from a db I just generated code to fill the array and kept only the most basic DB info so relationships still work. Took a while but now works fine. I was just wondering am I safe, could someone decompile the binary for the app easily and extract the data. In Java its easy to decompile *.class files though thats bytecode where I presume iphone apps are more low level. I know IPhone sdk 4 can mark files as secure. Anyone know can this be overridden by jailbreaks or is this an unix lock?

  Read the article

• php open_socket

  - by sea_1987

  Hello, I am trying to open a socket to use with secure tradings xpay api, however when I check to see if the socket is open I get error returned, Can't assign requested address I need to open up 127.0.0.1:5000 is there something wring with my code that means I cannot do this? if (isset($xpay_port) and ($socket=socket_create(AF_INET, SOCK_STREAM, SOL_TCP)) and (socket_connect($socket, $address, $port))) { $text="Connection successful on IP $address, port $port"; socket_close($socket); } else $text="Unable to connect<pre>".socket_strerror(socket_last_error())."</pre>"; echo "<html><head></head><body>". $text. "</body></html>";

  Read the article

• Is it possible to shrink rt.jar with ProGuard?

  - by PatlaDJ

  Is there a procedure by which you can optimize/shrink/select/obfuscate only 'used by your app' classes/methods/fields from rt.jar provided by Sun by using some optimization software like ProGuard (or maybe other?). Then you would actually be able to minimize the download size of your application considerably and make it much more secure ? Right? Related questions: Do you know if Sun's "jigsaw project" which is waited to come out, is intended to automatically handle this particular issue? Did somebody manage yet to form an opinion about Avian java alternative? Please share it here. Thank you.

  Read the article

• Best practice for web server user/group permissions

  - by Poe

  What's the best practice in a secure manner to setup the user/group and permissions? Here's what we currently have; web server runs as www/www. Fastcgi Php runs as www/www. User's shell/ftp account is username/username. We want the user to be able to have full access to all files, including those created by the web server 'www' from the shell or ftp. Similarly, we want the scripts run by fastcgi/php to be able to create files in user created directories and modify user created files.

  Read the article

• How do I download a file from an FTP server using FTP over SSL using .NET?

  - by atconway

  My post title almost states it all: How do I download a file from an FTP server using FTP over SSL using .NET? I have read a bit and there are several 3rd party components to purchase that wrap up this functionality. The deal is, this is a very specefic need and is not going to grow much, so if downloading a file from an FTP server using FTP over SSL can be done using the .NET Framework (i.e. System.Net namespace or something), then that would be best. I don't need a ton of functionality, but if for some reason coding against a secure FTP server is a nightmare or not doable through the .NET Framework BCL that would be nice to know, as a 3rd party .dll might be best. Thank you!

  Read the article

• PHP Captcha without session

  - by Anton N

  Ok, here is an issue: in the project i'm working on, we can't rely on server-side sessions for any functionality. The problem is that common captcha solutions from preventing robotic submits require session to store the string to match captcha against. The question is - is there any way to solve the problem without using sessions? What comes to my mind - is serving hidden form field, containing some hash, along with captcha input field, so that server then can match these two values together. But how can we make this method secure, so that it couldn't be used to break captcha easily.

  Read the article

• How are CD Keys generated?

  - by The Rook

  CD Keys are the defacto-standard as an anti-piracy measure. To be honest this strikes me as Security Though Obscurity, although I really have no idea how CD Keys are generated. What is a good (secure) example of CD Key generation? What cryptographic primitive (if any) are they using? Is it a message digest? If so what data would they be hashing? What methods do developers employ to make it difficult for crackers to build their own key generators?

  Read the article

• Why wouldn't I be able to establish a trust relationship for a SSL/TLS channel?

  - by Abe Miessler

  I have a piece of .NET code that is erroring out when it makes a call to HTTPWebRequest.GetRequestStream. Here is the error message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. I've read a few things that suggest that I might need a certificate on the machine running the code, but i'm not sure if that's true or how to do it. If I need to get a certificate, how do I do it? Code: var request = (HttpWebRequest)HttpWebRequest.Create(requestUrl); //my url request.Method = StringUtilities.ConvertToString(httpMethod); // Set the http method GET, POST, etc. if (postData != null) { request.ContentLength = postData.Length; request.ContentType = contentType; using (var dataStream = request.GetRequestStream()) { dataStream.Write(postData, 0, postData.Length); } }

  Read the article

• protect (encrypt) password in the web.config file (asp.net)

  - by Hazro City

  <system.net> <mailSettings> <smtp from="[email protected]" deliveryMethod="Network"> <network clientDomain="www.domain.com" host="smtp.live.com" defaultCredentials="false" port="25" userName=" [email protected] " password="password" enableSsl="true" /> </smtp> </mailSettings> </system.net> This is the case where I need encryption for my password. I searched and googled much on the web but I can’t be able to encrypt anymore. Can anyone help me do this in a simple but secure way.

  Read the article

• Encoding license file for privacy

  - by Swingline Rage

  Hi, We're using XML Digital Signatures for signing and verifying our license keys. The signing works fine and has been running smoothly. The XML license file contains a few (plaintext) details about the license, along with a binary signature. We'd like to encode (I don't say encrypt) those plaintext details (license duration, user name, etc, etc.) so they're not immediately visible to prying eyes. Is there a standard (eg, base 64 or something else) that people use in this situation? It doesn't need to be secure or particularly clever, just enough to conceal the information in Notepad. Thanks : )

  Read the article

• Java Security filter together with thickbox pop-ups

  - by user197127

  Hi, I have a java application that uses a security filter to protect certain resources. If there is no user logged on, it will keep in session the request path and redirect to a logon page. After a successful logon, user is redirected to the original requested page. I have now added some thickbox (ajax bases pop-up) popups to the application. Unfortunately, when I get now a popup that is "secure" the filter redirects to a logon page (which is not a popup) and makes the whole application messy. Anyone with ideas on how to solve this? Thanks

  Read the article

• SSL: can the secret key be sniffed before the actual encryption begins?

  - by Jorre

  I was looking into SSL and some of the steps that are involved to set up an encrypted connection between a server and a client computer. I understand that a server key and certificate is sent to the browser, and that a secret code is being calculated, like they say in the following video: http://www.youtube.com/watch?v=iQsKdtjwtYI around 5:22, they talk about a master secret code that is being calculated to start talking in an encrypted way. My question now is: before the connection is actually encrypted (the handshake phase), all communication between the server and the client can be sniffed by a packet sniffer. Isn't it then possible to sniff the encryption key or other data that is used to set up a secure connection?

  Read the article

• Rainbow Tables: How to improve upon them??

  - by CVS-2600Hertz-wordpress-com

  I recently obtained the l0pht-CD for windows and tried it out on my PC and It WORKS!! http://2600hertz.wordpress.com/2009/12/22/100-windows-xp-vista-7-password-recovery/ I have also read http://kestas.kuliukas.com/RainbowTables/ I'm designing a "Login-Simulator" that stores pwd-s in a similar manner. The current implementation will be vulnerable to the above attack. Plz could anyone illustrate (in as simple terms as possible), how to strengthen the rainbow tables against such an attack. MY GOAL : Build "Login-Simulator" to be as secure as possible. (Read Hacking Competition ;-) ) Thank You.

  Read the article

• What's a good way to encrypt data using an asymmetric key, that's available to both java and ruby?

  - by Michael Campbell

  I have a customer that wants to encrypt some data in his database (not passwords; this needs actual encryption, not hashing). The application which will be doing the encrypting/writing is in Java, but the process which will DECRYPT it is behind a secure firewall, and is written in ruby. The idea was to use a public/private key scheme; the java system would encrypt it with the public key, then the process on his local box would use the private key to decrypt it as needed. I'm looking for any experience anyone has doing something like that; my main question is what sorts of libraries on java and ruby can interoperate with the same keys and data.

  Read the article

• What the difference between zend framework and Wordpress as framework ?

  - by justjoe

  i only know wordpress and start to seek another alternative framework, zend. i heard hearsay that zend's better from others framework. if you're "a serous coder", or try to act like one, you need to use it on building your web app. some said zend is better. But it's subjective. It's fast ans secure. But nobody tell me the reason or at leas compare it with with wordpress. ultimate question : Do zend have theme or plugin just like wordpress ? any hint will be helpful

  Read the article

• How to transfer large files from desktop to server ( .NET)

  - by rahulchandran

  I am writing a .NET 2.0 based desktop client that will send large files ( well largish under 2GB) to a server. Need to develop the server as well. Server can be on any technology It should be secure so an underlying SSL stream is needed What are my options. Any obvious caveats etc I should be aware of To my mind the simplest solution is to open a tcp\ip connection over SSL to the server and send n packets each of size M bytes and then have the server append the chunks to the file and finally send an EOF packet as well IS this horrible. Will the perf suck on the server with all these disk writes What are any other clever options. I am limited to .NET 2.0 on the client if I did move to a WCF client will it buy be something magical and cool for this scenario Thanks

  Read the article

• How can I know if a file has been changed in .NET C#?

  - by Anthony D

  I have an application that requires a secure way to store its configuration. There are users that can change the configuration. I need some sort of signature scheme where I can verify that the config file has not changed with out a valid user. I had thought about using RSA, where the private key is encrypted with the users password, and the public key is used to sign the config. However there is nothing to prevent someone from changing the user file and adding their own public key, thus circumventing my security. Any ideas?

  Read the article

• .htaccess redirect https to http not working

  - by Ira Rainey

  I am trying to catch any https traffic to the front of my site so: https://www.domain.com is redirected to: http://www.domain.com However other subdomains need to be redirected elsewhere. For the most part this is all working, apart from the https - http redirection. Here's my .htaccess file at the moment: RewriteEngine On RewriteCond %{HTTPS} on RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} RewriteCond %{HTTP_HOST} ^domain\.com [NC] RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301] RewriteCond "%{HTTP_HOST}" !^www.* [NC] RewriteCond "%{HTTP_HOST}" ^([^\.]+).*$ RewriteRule ^(.*)$ https://secure.domain.com/a/login/%1 [L,R=301] It would seem that this bit: RewriteCond %{HTTPS} on RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} isn't working as I would imagine. In fact it doesn't seem to redirect at all. In another subdirectory I have the opposite in effect which works fine: RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} so my thinking is the opposite should have done the job, but seemingly not. Any thoughts anyone?

  Read the article

• .NET Compact Framework Connection String encryption/securing

  - by Crazydog

  I'm writing an application in C# for a smart device running Windows Mobile 6.1. It's pretty basic. Just querying a database and getting results. Nothing too fancy. This program is only going to be deployed internally, but we still want to be secure with our SQL connection info. What's the best way I should go about encrypting/securing my connection string in the program? I've seen examples for .NET programs using AppSettings, but I'm not seeing a Setting stab in my Solution properties. This is my first time developing an application in C#/Visual Studio 2008, so there might be some kind of setting I'm missing. Thanks for the help.

  Read the article

• Are SqlCipher open cursors a security concern?

  - by user1178479

  I'm using SqlCipher with content providers. Right now, when I want to lock the app I just clear out the cached password. However, the app can continue to work with any open cursors. This means that re-opening the app grants access to the sensitive data. I fix this issue on the surface by redirecting to a login screen if the app doesn't have passwords. However, I'm concerned if there are any security issues with these open cursors or if I should just continue to block UI access and not worry? SqlCipher's docs say that it reads/writes encrypted pages on the fly, as opposed to decrypting the entire DB, this makes me think that open cursors are still secure. The main concern here is that someone loses their phone and then a knowledgeable individual can use these open cursors to extract sensitive data.

  Read the article

• RequireHttpsAttribute and Encrypted Request Data

  - by goatshepard

  I have a controller action that is accepting sensitive data. public ActionResult TakeSensitiveData(SensitiveData data){ data.SaveSomewhere(); } To ensure the data is secure I want to be certain requests are made using HTTPS (SSLv3, TLS 1). One of the approaches I've considered using was the RequireHttpsAttribute on my action: [RequireHttps] public ActionResult TakeSensitiveData(SensitiveData data){ data.SaveSomewhere(); } However, upon testing this I fiddler revealed that an HTTP request made to the action is 302 redirected to HTTPS. My question is this: If I've made a request that is 302 redirected to HTTPS haven't I already sent the sensitive data over HTTP before the redirect?

  Read the article

< Previous Page | 178 179 180 181 182 183 184 185 186 187 188 189  | Next Page >