Search Results

Search found 22238 results on 890 pages for 'db security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 185/890 | < Previous Page | 181 182 183 184 185 186 187 188 189 190 191 192  | Next Page >

  • Html encoding in MVC input

    - by fearofawhackplanet
    I'm working through NerdDinner and I'm a bit confused about the following section... First they've added a form for creating a new dinner, with a bunch of textboxes delcared like: <%= Html.TextArea("Description") %> They then show two ways of binding form input to the model: [AcceptVerbs(HttpVerbs.Post)] public ActionResult Create() { Dinner dinner = new Dinner(); UpdateModel(dinner); ... } or: [AcceptVerbs(HttpVerbs.Post)] public ActionResult Create(Dinner dinner) { ... } Ok, great, that all looks really easy so far. Then a bit later on they say: It is important to always be paranoid about security when accepting any user input, and this is also true when binding objects to form input. You should be careful to always HTML encode any user-entered values to avoid HTML and JavaScript injection attacks Huh? MVC is managing the data binding for us. Where/how are you supposed to do the HTML encoding?

    Read the article

  • How to show / debug PEAR::DB errors in webpage?

    - by Markus Ossi
    I am connecting to MySQL database on my webpage and have this copy-pasted code for errors: if(DB::isError($db)) die($db->getMessage()); I have the connection code in an outside file called connection.inc that I include at the beginning of my page before the DOCTYPE and html tags. For debugging purposes, how can I print the database errors on my webpage? I thought I could do something like this: echo 'Could not connect to database. The error was:' . $db->getMessage(); but this returns: Fatal error: Call to undefined method DB_mysql::getMessage()

    Read the article

  • How to manually verify a user against the asp.net memberhip database

    - by Ekk
    I would like to know how I can verify a user's credential against an existing asp.net membership database. The short story is that we want provide single sign on access. So what I've done is to connect directly to the membership database and tried to run a sql query against the aspnet_Membership table: private bool CanLogin(string userName, string password) { // Check DB to see if the credential is correct try { string passwordHash = FormsAuthentication.HashPasswordForStoringInConfigFile(password, "SHA1"); string sql = string.Format("select 1 from aspnet_Users a inner join aspnet_Membership b on a.UserId = b.UserId and a.applicationid = b.applicationid where a.username = '{0}' and b.password='{1}'", userName.ToLowerInvariant(), passwordHash); using (SqlConnection sqlConn = new SqlConnection(ConfigurationManager.ConnectionStrings["LocalSqlServer"].ConnectionString)) using (SqlCommand sqlCmd = new SqlCommand(sql, sqlConn)) { sqlConn.Open(); int count = sqlCmd.ExecuteNonQuery(); sqlConn.Close(); return count == 1; } } catch (Exception ex) { return false; } } The problem is the password value, does anyone know how the password it is hashed?

    Read the article

  • MVC Serve audio files while preventing direct linking using HttpResponseBase

    - by VinceGeek
    I need to be able to serve audio files to an mvc app while preventing direct access. Ideally the page would render with a player control so the user can start/stop the audio linked to the database record (audio files are in a folder not the db). I have a controller action like this: Response.Clear(); Response.ContentType = "audio/wav"; Response.TransmitFile(audioFilename); Response.End(); return Response; and the view uses the RenderAction method <% Html.RenderAction("ServeAudioFile"); %> this works but it won't display inline on the existing view, it opens a new page with just the media control. Am I totally barking up the wrong tree or is there a way to embed the response in the existing view? works exactly as I would like but I can't control access to the file.

    Read the article

  • How are CD Keys generated?

    - by The Rook
    CD Keys are the defacto-standard as an anti-piracy measure. To be honest this strikes me as Security Though Obscurity, although I really have no idea how CD Keys are generated. What is a good (secure) example of CD Key generation? What cryptographic primitive (if any) are they using? Is it a message digest? If so what data would they be hashing? What methods do developers employ to make it difficult for crackers to build their own key generators?

    Read the article

  • Beginner, learning as I go - how to get C#/SQLite db set up and ready for testing?

    - by ChrisC
    I've messed with Access a little bit in the past, had one class on OO theory, and one class on console c++ apps. Now, as a hobby project, I'm undertaking to write an actual app, which will be a database app using System.Data.SQLite and C#. I have the db's table structure planned. I have System.Data.SQLite installed and connected to VS Pro. I entered my tables and columns in VS, but that's where I'm stuck. I really don't know how to finish the db set up so I can start creating queries and testing the db structure. Can someone give me guidance to online resources that will help me learn how to get the db properly set up so I can proceed with testing it? I'm hoping for online resources specific to beginners using C# and System.Data.SQLite, but I'll use the closest I can get. Thanks.

    Read the article

  • Disadvantages of hard coding credentials? What's the resolution?

    - by SeeBees
    I am building a Sharepoint web part that will be used by all users. The web part connects to a web service which needs credentials with higher privileges than common users. I hard coded credentials in the web part's code. query.Credentials = new System.Net.NetworkCredential("username", "password", "domain"); query is an instance of the web service class This may not be a good approach. In regard with security, source code of the web apart is available to people who are not allowed to see the credential. This is bad enough, But is there any other drawback of this approach? How to prevent hard coding credentials into the source code? Thanks

    Read the article

  • does it make sense to send password information during email communication from websites

    - by Samuel
    Most of the online sites on registration do send a link to activate the site and on any further correspondence with the end user they provide information about the site and also provide the login credentials with password in clear text (as given below) Username - [email protected] Password - mysecretpassword What would you do in such a case? From a usability perspective does it make sense to send the password information in clear text or should you just avoid sending this information. I was under the impression that most of the passwords are MD5 hashed before storing in the database and hence the service provider will not have any access to clear text passwords, is this a security violation?

    Read the article

  • The risk of granting to IUSR* NTFS permissions on a folder on the server

    - by vtortola
    I have two web applications that must share a file in the server file system. Both apps are inside of "Inetpub\wwwroot". The file cannot be accessed freely from outside, so it is in a folder out of "Inetpub". I have granted full NTFS permissions to the user "IUSR_whatever" (is the user that runs IIS in anonymous requests) in that folder. The folder has only that file, and has no other use. It works so far :) But, what is the risk? what should I be afraid of? As I see it, as long the folder is out of the "InetPub" cannot be accessed, and as long the apps don't have any security flaw like "path traversal" or server side code injection, it should be safe enough.... But I'm always keen to be wrong :) What do you think? May the file or even the server itself get compromised because of this? Thanks.

    Read the article

  • WYSIWYG-editor with "add custom html feature" and secure (validated) html output?

    - by Tom
    I've been looking into some of the WYSIWYG editors (TinyMCE, FCKEditor, etc.) and they all seem to offer a lot of options. However, one vital feature that seems to lack is a simple "add custom html" option which would allow the user to input any of these embed-snippets you find all around the web these days, for example a youtube video. This is different than a "edit html/source" feature as that requires actual knowledge of html and there is the risk of the user writing invalid code. Another issue that I couldn't find much about is the output html. How would I make sure that this output causes no security invulnerabilities? Even when the user has the ability to add his own html? So, basically, is there an open source WYSIWYG editor which covers these 2 features?

    Read the article

  • URIs vs Hidden Forms

    - by NateDogg
    I'm working in the Codeigniter framework, and want to send requests to my controller/model that have several variables involved. Is there a difference between passing those variables via a hidden form (i.e. using "post") as opposed to passing them through URIs (e.g. 'travel/$month/$day/')? What about security concerns? e.g. URIs: http://www.example.com/travel/$month/$day/ Hidden Form: form_hidden('month',$month); form_hidden('day',$day);

    Read the article

  • Sending passwords over the web

    - by Falmarri
    So I'm working on a mobile platform application that I'd like to have users authenticate over the web. I was wondering the best way to do security. The user is sending a password for HTTP to a php server wich authenticates against a mysql database on the same server. Obviously I don't want to send the password in plain text over the internet, but I also don't want to do 2 SHA hashes. This is what the server looks like (in pseudocode) $pass = $_POST['pass']; if ((get PASSWORD where USERNAME = USERNAME) == SHA($pass)) return PASS; This is pretty standard and I don't think there's any other way to do this. But I was wondering how I should prepare the data before sending it over the internet.

    Read the article

  • Flask Admin didn't show all fields

    - by twoface88
    I have model like this: class User(db.Model): __tablename__ = 'users' __table_args__ = {'mysql_engine' : 'InnoDB', 'mysql_charset' : 'utf8'} id = db.Column(db.Integer, primary_key=True) username = db.Column(db.String(80), unique=True) email = db.Column(db.String(120), unique=True) _password = db.Column('password', db.String(80)) def __init__(self, username = None, email = None, password = None): self.username = username self.email = email self._set_password(password) def _set_password(self, password): self._password = generate_password_hash(password) def _get_password(self): return self._password def check_password(self, password): return check_password_hash(self._password, password) password = db.synonym("_password", descriptor=property(_get_password, _set_password)) def __repr__(self): return '<User %r>' % self.username I have ModelView: class UserAdmin(sqlamodel.ModelView): searchable_columns = ('username', 'email') excluded_list_columns = ['password'] list_columns = ('username', 'email') form_columns = ('username', 'email', 'password') But no matter what i do, flask admin didn't show password field when i'm editing user info. Is there any way ? Even just to edit hash code. UPDATE: https://github.com/mrjoes/flask-admin/issues/78

    Read the article

  • I'm trying to implement 2 factor authentication on the cheap. How would I do that?

    - by Biff MaGriff
    Ok so I need 2 of the 3. Something the user knows. Something the user has. Something the user is. I have a system that is exposed to the internet and we need clients to connect in a secure manner to satisfy our security standards. I'm thinking when a user registers to use our system we send them an application that they install on their home system. The application generates a key based on a timed randomness algorithm. Our application server has the same algorithm so when the user submits their credentials with the key we know that they are a legitimate user. Is this a valid method of 2 factor authentication? What is another way of doing this? Are there any pitfalls that I should be aware of? Thanks for your help!

    Read the article

  • MD5 password twice

    - by NoviceCoding
    I know MD5's safety is under question lately and this is the reason a lot of people are using salt (I dont understand this at all btw) but I was wondering if you wanted to easily implement a safe system in php can you just md5 something twice? like test 098f6bcd4621d373cade4e832627b4f6 fb469d7ef430b0baf0cab6c436e70375 So basically: $val = 'test'; $val = md5($val); $val = md5($val); Would that solve the whole rainbow security stuff? Is there an easy/noob proof way of making secure database passwords in php?

    Read the article

  • SGBD : Demos lance la 3ème promotion de son cycle CQP Administrateur DB et revient sur les précédentes éditions de cette formation

    SGBD : Demos lance la 3ème promotion de son cycle CQP Administrateur DB Et revient sur les précédentes éditions de cette formation La toute première promotion du CQP Administrateur de Bases de Données de Demos s'est achevée le 29 Juin. La formation avait débuté sept mois plus tôt, le 5 décembre 2011. Avec comme épilogue les 11 et 12 septembre derniers, une soutenance des 11 participants du cycle. Des participants qui ont alterné cours et période en entreprise toutes les 4 à 8 semaines. Avant la soutenance, ces participants avaient remis en mai leurs rapports de projet (projet de fin de formation de deux semaines en équipe) et leurs rapports de stage en entreprise.

    Read the article

  • Securing an ajax request

    - by asdasdsa
    i have a website that uses session cookies for security. it works fine and all, but any ajax requests right now are not secure. example being lets say a user is on a page. they can only get to this page if they are logged in with a session - so far so good. but now the ajax request they ask for is ajaxpages/somepage.php?somevar=something&anothervar=something if any other user decides to just go to that link themselves (without a session) they still get the same ajax output that was meant for logged in people. so obviously im going to have to pass session data across when i send an ajax request. anyone have any tips for the best way of doing this? ive never done this before and would rather use trusted methods than make up my own.

    Read the article

  • Persisting sensitve data in asp.net, odd implementation

    - by rawsonstreet
    For reasons not in scope of this question I have implemented a .net project in an iframe which runs from a classic asp page. The classic asp site persisted a few sensitive values by hitting the db on each page. I have passed there variables as xml to the aspx page, now I need to make these values available on any page of this .net site. I've looked into the cache object but we are on a web farm so I am not sure it would work. Is there a way I can can instantiate an object in a base page class and have other pages inherit from the base page to access these values? What is the best way to persist these values? A few more points to consider the site runs in https mode and I cannot use session variables, and I would like to avoid cookies if possible..

    Read the article

  • MS Access vs SQL Server and others ? Is it worth taking a db server when less than 2 Gb and only 20

    - by asksuperuser
    After my experiment with MSAccess vs MySQL which shows MS Access hugely overperforming Mysql odbc insert by a factor 1000% before I would do the same experiment with SQL Server I searched for some other's people and found this one: http://blog.nkadesign.com/2009/access-vs-sql-server-some-stats-part-1/ which says "As a side note, in this particular test, Access offers much better raw performance than SQL Server. In more complex scenarios it’s very likely that Access’ performance would degrade more than SQL Server, but it’s nice to see that Access isn’t a sloth." So is worth bother with some db server when data is less than 2 Gb and users are about 20 (knowing that MS Access theorically supports up to 255 concurrent users though practically it's around a dozen concurrent users only). Are there any real world studies that really compare MS Access with other db in these specific use case ? Because professionaly speaking I keep hearing people systematically recommend DB server from people who have never used Access just because they think DB Server can only perform better in every case which I used to think myself I confess.

    Read the article

  • How long can a hash left out in the open be considered safe?

    - by Xeoncross
    If I were to leave a SHA2 family hash out on my website - how long would it be considered safe? How long would I have before I could be sure that someone would find a collision for it and know what was hashed? I know that the amount of time would be based on the computational power of the one seeking to break it. It would also depend on the string length, but I'm curious just how secure hashes are. Since many of us run web-servers we constantly have to be prepared for the day when someone might make it all the way to the database which stores the user hashes. So, move the server security out of the way and then what do you have? This is a slightly theoretical area for many of the people I have talked with, so I would love to actually have some more information about average expectations for cracking.

    Read the article

  • Can Spring access-denied-handler refer to popup?

    - by Rens Groenveld
    I am working with Spring Security 3.1.x and have implemented method annotation securities. As I want, when I perform a certain action while being logged in as a used that doesn't have the rights, I get a 403 acces is denied in my console! Perfect! Now I would like to catch this 403, and give the user a popup with a custom message. I don't want to redirect users to a page saying that they have no rights. Is there any way the access-denied-handler of Spring can take care of a popup? Or can it only redirect to another page? Maybe there are other options for me? Thanks in advance!

    Read the article

  • Database with 5 Tables with Insert and Select

    - by kirbby
    hi guys, my problem is that i have 5 tables and need inserts and selects. what i did is for every table a class and there i wrote the SQL Statements like this public class Contact private static String IDCont = "id_contact"; private static String NameCont = "name_contact"; private static String StreetCont = "street_contact"; private static String Street2Cont = "street2_contact"; private static String Street3Cont = "street3_contact"; private static String ZipCont = "zip_contact"; private static String CityCont = "city_contact"; private static String CountryCont = "country_contact"; private static String Iso2Cont = "iso2_contact"; private static String PhoneCont = "phone_contact"; private static String Phone2Cont = "phone2_contact"; private static String FaxCont = "fax_contact"; private static String MailCont = "mail_contact"; private static String Mail2Cont = "mail2_contact"; private static String InternetCont = "internet_contact"; private static String DrivemapCont = "drivemap_contact"; private static String PictureCont = "picture_contact"; private static String LatitudeCont = "latitude_contact"; private static String LongitudeCont = "longitude_contact"; public static final String TABLE_NAME = "contact"; public static final String SQL_CREATE = "CREATE TABLE IF NOT EXISTS " + TABLE_NAME + "(" + IDCont + "INTEGER not NULL," + NameCont + " TEXT not NULL," + StreetCont + " TEXT," + Street2Cont + " TEXT," + Street3Cont + " TEXT," + ZipCont + " TEXT," + CityCont + " TEXT," + CountryCont + " TEXT," + Iso2Cont + " TEXT," + PhoneCont + " TEXT," + Phone2Cont + " TEXT," + FaxCont + " TEXT," + MailCont + " TEXT," + Mail2Cont + " TEXT," + InternetCont + " TEXT," + //website of the contact DrivemapCont + " TEXT," + //a link to a drivemap to the contact PictureCont + " TEXT," + //a photo of the contact building (contact is not a person) LatitudeCont + " TEXT," + LongitudeCont + " TEXT," + "primary key(id_contact)" + "foreign key(iso2)"; and my insert looks like this public boolean SQL_INSERT_CONTACT(int IDContIns, String NameContIns, String StreetContIns, String Street2ContIns, String Street3ContIns, String ZipContIns, String CityContIns, String CountryContIns, String Iso2ContIns, String PhoneContIns, String Phone2ContIns, String FaxContIns, String MailContIns, String Mail2ContIns, String InternetContIns, String DrivemapContIns, String PictureContIns, String LatitudeContIns, String LongitudeContIns) { try{ db.execSQL("INSERT INTO " + "contact" + "(" + IDCont + ", " + NameCont + ", " + StreetCont + ", " + Street2Cont + ", " + Street3Cont + ", " + ZipCont + ", " + CityCont + ", " + CountryCont + ", " + Iso2Cont + ", " + PhoneCont + ", " + Phone2Cont + ", " + FaxCont + ", " + MailCont + ", " + Mail2Cont + ", " + InternetCont + ", " + DrivemapCont + ", " + PictureCont + ", " + LatitudeCont + ", " + LongitudeCont + ") " + "VALUES (" + IDContIns + ", " + NameContIns +", " + StreetContIns + ", " + Street2ContIns + ", " + Street3ContIns + ", " + ZipContIns + ", " + CityContIns + ", " + CountryContIns + ", " + Iso2ContIns + ", " + PhoneContIns + ", " + Phone2ContIns + ", " + FaxContIns + ", " + MailContIns + ", " + Mail2ContIns + ", " + InternetContIns + ", " + DrivemapContIns + ", " + PictureContIns + ", " + LatitudeContIns + ", " + LongitudeContIns +")"); return true; } catch (SQLException e) { return false; } } i have a DBAdapter class there i created the database public class DBAdapter { public static final String DB_NAME = "mol.db"; private static final int DB_VERSION = 1; private static final String TAG = "DBAdapter"; //to log private final Context context; private SQLiteDatabase db; public DBAdapter(Context context) { this.context = context; OpenHelper openHelper = new OpenHelper(this.context); this.db = openHelper.getWritableDatabase(); } public static class OpenHelper extends SQLiteOpenHelper { public OpenHelper(Context context) { super(context, DB_NAME, null, DB_VERSION); } @Override public void onCreate(SQLiteDatabase db) { // TODO Auto-generated method stub db.execSQL(Contact.SQL_CREATE); db.execSQL(Country.SQL_CREATE); db.execSQL(Picture.SQL_CREATE); db.execSQL(Product.SQL_CREATE); db.execSQL(Project.SQL_CREATE); } @Override public void onUpgrade(SQLiteDatabase db, int oldVersion, int newVersion) { // TODO Auto-generated method stub Log.w(TAG, "Upgrading database from version " + oldVersion + " to " + newVersion + ", which will destroy all old data"); db.execSQL(Contact.SQL_DROP); db.execSQL(Country.SQL_DROP); db.execSQL(Picture.SQL_DROP); db.execSQL(Product.SQL_DROP); db.execSQL(Project.SQL_DROP); onCreate(db); } i found so many different things and tried them but i didn't get anything to work... i need to know how can i access the database in my activity and how i can get the insert to work and is there sth wrong in my code? thanks for your help thats how i tried to get it into my activity public class MainTabActivity extends TabActivity { private Context context; @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.maintabactivity); TabHost mTabHost = getTabHost(); Intent intent1 = new Intent().setClass(this,MapOfLight.class); //Intent intent2 = new Intent().setClass(this,Test.class); //Testactivity //Intent intent2 = new Intent().setClass(this,DetailView.class); //DetailView Intent intent2 = new Intent().setClass(this,ObjectList.class); //ObjectList //Intent intent2 = new Intent().setClass(this,Gallery.class); //Gallery Intent intent3 = new Intent().setClass(this,ContactDetail.class); mTabHost.addTab(mTabHost.newTabSpec("tab_mol").setIndicator(this.getText(R.string.mol), getResources().getDrawable(R.drawable.ic_tab_mol)).setContent(intent1)); mTabHost.addTab(mTabHost.newTabSpec("tab_highlights").setIndicator(this.getText(R.string.highlights),getResources().getDrawable(R.drawable.ic_tab_highlights)).setContent(intent2)); mTabHost.addTab(mTabHost.newTabSpec("tab_contacts").setIndicator(this.getText(R.string.contact),getResources().getDrawable(R.drawable.ic_tab_contact)).setContent(intent3)); mTabHost.setCurrentTab(1); SQLiteDatabase db; DBAdapter dh = null; OpenHelper openHelper = new OpenHelper(this.context); dh = new DBAdapter(this); db = openHelper.getWritableDatabase(); dh.SQL_INSERT_COUNTRY("AT", "Austria", "AUT"); } } i tried it with my country table because it has only 3 columns public class Country { private static String Iso2Count = "iso2_country"; private static String NameCount = "name_country"; private static String FlagCount = "flag_image_url_country"; public static final String TABLE_NAME = "country"; public static final String SQL_CREATE = "CREATE TABLE IF NOT EXISTS " + TABLE_NAME + "(" + Iso2Count + " TEXT not NULL," + NameCount + " TEXT not NULL," + FlagCount + " TEXT not NULL," + "primary key(iso2_country)"; public boolean SQL_INSERT_COUNTRY(String Iso2CountIns, String NameCountIns, String FlagCountIns) { try{ db.execSQL("INSERT INTO " + "country" + "(" + Iso2Count + ", " + NameCount + ", " + FlagCount + ") " + "VALUES ( " + Iso2CountIns + ", " + NameCountIns +", " + FlagCountIns + " )"); return true; } catch (SQLException e) { return false; } } another question is it better to put the insert and select from each table into a separate class, so i have 1 class for each table or put them all into the DBAdapter class?

    Read the article

  • Sql server execute permission; failure to apply permissions

    - by WestDiscGolf
    I've just migrated from SQL2000 to SQL2008 and I have started getting an execute permission issue on a stored proc which uses sp_OACreate. The rest of the system works fine with the db login which has been setup and added to the database. I've tried: USE master GO GRANT EXEC ON sp_OACreate TO [dbuser] GO But this fails with the following error: Msg 15151, Level 16, State 1, Line 1 Cannot find the user 'dbuser', because it does not exist or you do not have permission. I'm logged into the server as sa with full permissions. I can execute a similar sql statement and apply the permissions to a server role, however not a login/user. How do I apply the changes to the specific user/login? I can apply the permissions to the public role and it resolves my issue; however this seems to be a security issue to me which I don't really want to apply to the live server.

    Read the article

  • Secure to store an ID in an ASP.NET control ID?

    - by Curtis White
    I'm auto-generating a form in my ASP.NET page. This is already tested and working. I want to know if: If there are any security problems with storing the database ID as part of my controls ID? I can see think of 2 issues: the id will be visible in page source (not really important in this case), and the possibility someone could change the name of the control somehow? This second possibility is more serious. Is this a potential problem and how to void it? If there would be a better preferred way to associate a unique data with any type of control? Is it possible to store a custom item in the viewstate for the control?

    Read the article

  • Best way to Store Passwords, User information/Profile data and Photo/Video albums for a social websi

    - by Nick
    Need some help figuring out how to best Store Passwords, User information/Profile data and Photo/Video albums for a social website? For photos/videos the actual photo/video + even encrypting the URL with the IDs to the photo/videos so other users cannot figure it out. Creating a site like myspace and designing retirement documents but i am unsure how to specify the security requirements for the database. Two things: 1) Protect from outside users 2) Protect all these from employees being able to access this info For #2, the additional question is: If we encrypt the user info and password so even the system admins cannot get in, how can we retrieve the user data tomorrow if someone flags the user's account as spam and admin needs to check it out or if law enforcement wants info on a user? Thanks.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 181 182 183 184 185 186 187 188 189 190 191 192  | Next Page >