Search Results

Search found 13853 results on 555 pages for 'soa security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 186/555 | < Previous Page | 182 183 184 185 186 187 188 189 190 191 192 193  | Next Page >

  • How to secure phpMyAdmin

    - by Andrei
    Hi, I have noticed that there are strange requests to my website trying to find phpmyadmin, like /phpmyadmin/ /pma/ etc. Now I have installed PMA on Ubuntu via apt and would like to access it via webaddress different from /phpmyadmin/. What can I do to change it? Thanks

    Read the article

  • Documents/links on preventing HTML form fiddling?

    - by larryq
    Hi everyone, I'm using ASP.Net but my question is a little more general than that. I'm interested in reading about strategies to prevent users from fooling with their HTML form values and links in an attempt to update records that don't belong to them. For instance, if my application dealt with used cars and had links to add/remove inventory, which included as part of the URL the userid, what can I do to intercept attempts to munge the link and put someone else's ID in there? In this limited instance I can always run a check at the server to ensure that userid XYZ actually has rights to car ABC, but I was curious what other strategies are out there to keep the clever at bay. (Doing a checksum of the page, perhaps? Not sure.) Thanks for your input.

    Read the article

  • Is it safe to read regular expressions from a file?

    - by Zilk
    Assuming a Perl script that allows users to specify several text filter expressions in a config file, is there a safe way to let them enter regular expressions as well, without the possibility of unintended side effects or code execution? Without actually parsing the regexes and checking them for problematic constructs, that is. There won't be any substitution, only matching. As an aside, is there a way to test if the specified regex is valid before actually using it? I'd like to issue warnings if something like /foo (bar/ was entered. Thanks, Z. EDIT: Thanks for the very interesting answers. I've since found out that the following dangerous constructs will only be evaluated in regexes if the use re 'eval' pragma is used: (?{code}) (??{code}) ${code} @{code} The default is no re 'eval'; so unless I'm missing something, it should be safe to read regular expressions from a file, with the only check being the eval/catch posted by Axeman. At least I haven't been able to hide anything evil in them in my tests. Thanks again. Z.

    Read the article

  • what is file verification system for php project or licence checking the configuration files

    - by Jayapal Chandran
    Hi, My colleague asked me a question like "license check to config file". when i searched i got this http://www.google.com/search?q=file+verification+system&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a and in the result i got this http://integrit.sourceforge.net/texinfo/integrit.html but could not grasp much of its idea. Here is my thoughts... Our project is written in codeigniter. The project owner is providing it to their customer. The owner is a business partner with that concept. Besides, the owner needs control of the project code so that the customer will not break rules with him like changing the code or moving it go another server or validity. So the owner needs a system to enable disable the site. Let me give an example... owner.com will have an admin panel where he can either disable or enable the client.com. when he disables the client.com should display a custom message instead of loading the files. client.com is written i a way that i will process requests from owner.com and also the other way round. so, here i want a list of the concepts with which we can implement the ownership and control over client.com any suggestions, links, references, answers will be helpful. If i am missing something in my question i will update my question according to your comments if any so that the users can give in their idea without confusing of what i had asked. THX

    Read the article

  • Should I convert overlong UTF-8 strings to their shortest normal form?

    - by Grant McLean
    I've just been reworking my Encoding::FixLatin Perl module to handle overlong UTF-8 byte sequences and convert them to the shortest normal form. My question is quite simply "is this a bad idea"? A number of sources (including this RFC) suggest that any over-long UTF-8 should be treated as an error and rejected. They caution against "naive implementations" and leave me with the impression that these things are inherently unsafe. Since the whole purpose of my module is to clean up messy data files with mixed encodings and convert them to nice clean utf8, this seems like just one more thing I can clean up so the application layer doesn't have to deal with it. My code does not concern itself with any semantic meaning the resulting characters might have, it simply converts them into a normalised form. Am I missing something. Is there a hidden danger I haven't considered?

    Read the article

  • How to make a secure login using UDID or device token?

    - by Erik B
    So I'm making an app where I want the users to be able add, edit and rate content, but I do not want to force them to register. Instead I was planning on just using their device id or device token to identify them. I'm planning on making both an iPhone and Android version, so I'm looking for a general solution, but the iPhone version has higher priority, so an iPhone specific solution would also be welcome. The problem is that I don't want just anyone to be able to use my web service by sending a phony device id or someone else's device id. How would the client prove to the server that it is providing the correct device id?

    Read the article

  • What's the best, Escape then store Or store then escape the output?

    - by Axel
    Hi, After doing a long search on stackoverflow i didn't find any one talked about this even if it's a big choice, the Question is what's the best in order to prevent both of XSS and SQL injection, Escaping the data then store it in the DB or Store it as it is and escape when output it? Note: it is better if you give some examples of practics if possible. Thanks

    Read the article

  • Should I Use Anchor, Button Or Form Submit For "Follow" Feature In Rails

    - by James
    I am developing an application in Rails 3 using a nosql database. I am trying to add a "Follow" feature similar to twitter or github. In terms of markup, I have determined that there are three ways to do this. 1) Use a regular anchor. (Github Uses This Method) <a href="/users/follow?target=Joe">Follow</a> 2) Use a button. (Twitter Uses This Method) <button href="/friendships/create/">Follow</button> 3) Use a form with a submit button. (Has some advantages for me, but I haven't see anyone do it yet.) <form method="post" id="connection_new" class="connection_new" action="/users/follow"> <input type="hidden" value="60d7b563355243796dd8496e17d36329" name="target" id="target"> <input type="submit" value="Follow" name="commit" id="connection_submit"> </form> Since I want to store the user_id in the database and not the username, options 1 and 2 will force me to do a database query to get the actual user_id, whereas option 3 will allow me to store the user_id in a hidden form field so that I don't have to do any database lookups. I can just get the id from the params hash on form submission. I have successfully got each of these methods working, but I would like to know what is the best way to do this. Which way is more semantic, secure, better for spiders, etc...? Is there a reason both twitter and github don't use forms to do this? Any guidance would be appreciated. I am leaning towards using the form method since then I don't have to query the db to get the id of the user, but I am worried that there must be a reason the big guys are just using anchors or buttons for this. I am a newb so go easy on me if I am totally missing something. Thanks!

    Read the article

  • CSRF protecting and cross site form access

    - by fl00r
    Hi. I aw working on cross site authentication (some domains have got common authentication). So I want to send authentication data (login, password) to main domain from others. How should I use protect_from_forgery and how can I check if data received from valid domain? What I am thinking now is to turn off protect_from_forgery for session controller and check domain name of received data. But maybe I can configure CSRF protection for not only one domain?

    Read the article

  • Too much data for RSA block fail. What is PKCS#7?

    - by Tom Brito
    Talking about javax.crypto.Cipher; I was trying to encrypt data using Cipher.getInstance("RSA/None/NoPadding", "BC"); but I got the exception: ArrayIndexOutOfBoundsException: too much data for RSA block Looks like is something related to the "NoPadding", so, reading about padding, looks like CBC is the best approach to use here. I found at google something about "RSA/CBC/PKCS#7", what is this "PKCS#7"? And why its not listed on sun's standard algorithm names?

    Read the article

  • Use Apache authentication in Django without popup

    - by chernevik
    I am using Apache to authenticate users for Django, but I would like to do so without the popup form that Apache uses in its basic configuration. How do I embed the login form within a page while still using Apache for authentication? That is, I'd like a page that says "Please login" and provides a form asking for username and password, and passes this information on to Apache for authentication. (I'd do this over an SSL connection, of course.)

    Read the article

  • Self signed Certificate Based Authentication

    - by Tadi Vijay Kumar
    Hi All.. I have started a project based on Client server communication in java. What i'm doing is client and server have their own self signed certificates. In initial communication both client and server will exchange their certificates. Server has to verify clients certificate and should grant authentication. Where i struck was on what topic server can validate or invalidate a particular client..? I am unable to proceed from here. So please any of you can give brief explanation about it? if possible some Pseudocode in java..?

    Read the article

  • How to secure the communication between an MSSQL database and a c# administrative tool?

    - by citronas
    How can I secure the communication between a C# programm running locally on my computer and a MSSQL Server in a hosted environment? I have an asp.net application that is secured by SSL encryption. So using the asp.net from an open wlan connection is no problem. How can I achieve the same kind of encryption for my administrative tool? Would it be best to write a service? But how would that connection to the service be secured?

    Read the article

  • Self-signed ceritificates for many users/browsers/sites

    - by Demiurg
    Here is my problem - I have a lot of users using different browsers accessing many internal web sites using https. I can create my own Certificate Authority, than create a certificate for each server and after that have all the users import it. Obviously, it cannot work in reality - there are too many users and too many sites, and some sites will be added in the future. I'm looking for a way to automate this. Is there a way to create a certificate so that all major browsers (IE, FF, Opera, Chrome and Safari) would trust it for all servers ? If so, what is the best way to install it automatically in all major browsers ?

    Read the article

  • Can this be imporved? Scrubing of dangerous html tags.

    - by chobo2
    Hi I been finding that for something that I consider pretty import there is very little information or libraries on how to deal with this problem. I found this while searching. I really don't know all the million ways that a hacker could try to insert the dangerous tags. I have a rich html editor so I need to keep non dangerous tags but strip out bad ones. So is this script missing anything? It uses html agility pack. public string ScrubHTML(string html) { HtmlDocument doc = new HtmlDocument(); doc.LoadHtml(html); //Remove potentially harmful elements HtmlNodeCollection nc = doc.DocumentNode.SelectNodes("//script|//link|//iframe|//frameset|//frame|//applet|//object|//embed"); if (nc != null) { foreach (HtmlNode node in nc) { node.ParentNode.RemoveChild(node, false); } } //remove hrefs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("href", "#"); } } //remove img with refs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("src", "#"); } } //remove on<Event> handlers from all tags nc = doc.DocumentNode.SelectNodes("//*[@onclick or @onmouseover or @onfocus or @onblur or @onmouseout or @ondoubleclick or @onload or @onunload]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("onFocus"); node.Attributes.Remove("onBlur"); node.Attributes.Remove("onClick"); node.Attributes.Remove("onMouseOver"); node.Attributes.Remove("onMouseOut"); node.Attributes.Remove("onDoubleClick"); node.Attributes.Remove("onLoad"); node.Attributes.Remove("onUnload"); } } // remove any style attributes that contain the word expression (IE evaluates this as script) nc = doc.DocumentNode.SelectNodes("//*[contains(translate(@style, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'expression')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("stYle"); } } return doc.DocumentNode.WriteTo(); }

    Read the article

  • How can I create and use a web service in public but still restrict its use to only my app?

    - by Glenn
    I'm creating a web service with create/update/delete calls. But for now I'd like to restrict use of it on my own web app and no other clients. How can I have clear text javascript code that makes these calls but still be confident the credentials won't be used elsewhere? My idea is to use server side generated nonces for each request. But I am open to different ideas you guys may have. Thanks.

    Read the article

  • Is DB logging more secure than file logging for my PHP web app?

    - by iama
    I would like to log errors/informational and warning messages from within my web application to a log. I was initially thinking of logging all of these onto a text file. However, my PHP web app will need write access to the log files and the folder housing this log file may also need write access if log file rotation is desired which my web app currently does not have. The alternative is for me to log the messages to the MySQL database since my web app is already using the MySQL database for all its data storage needs. However, this got me thinking that going with the MySQL option is much better than the file option since I already have a configuration file with the database access information protected using file system permissions. If I now go with the log file option I need to tinker the file and folder access permissions and this will only make my application less secure and defeats the whole purpose of logging. Is this correct? I am using XAMPP for development and am a newbie to LAMP. Please let me know your recommendations for logging. Thanks.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 182 183 184 185 186 187 188 189 190 191 192 193  | Next Page >