Search Results

Search found 12541 results on 502 pages for 'secure the world'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 195/502 | < Previous Page | 191 192 193 194 195 196 197 198 199 200 201 202  | Next Page >

  • How should I use https in Ruby on Rails

    - by Daniel Cukier
    I'm developing an application in Rails (2.3.4) and there are some parts that need to run over a secure protocol, for example, the login form, the credit card form, etc. How can I do just these pages be https, and all other pages remain http? How can I test ssl in development environment?

    Read the article

  • RijndaelManaged: IV Generation?

    - by cam
    I want to implement the most secure, and most reliable form of symmetric key cryptography in my application. The user should input a password to encrypt/decrypt, and that's all. For RijndaelManaged, one must enter a key and an IV. I'm not sure how to address the situation. Right now, I have the entered password being hashed by SHA256 and then being used as the key for the Rijndael. What do I use for the IV? Another password?

    Read the article

  • Ideas for multiplatform encrypted java mobile storage system

    - by Fernando Miguélez
    Objective I am currently designing the API for a multiplatform storage system that would offer same interface and capabilities accross following supported mobile Java Platforms: J2ME. Minimum configuration/profile CLDC 1.1/MIDP 2.0 with support for some necessary JSRs (JSR-75 for file storage). Android. No minimum platform version decided yet, but rather likely could be API level 7. Blackberry. It would use the same base source of J2ME but taking advantage of some advaced capabilities of the platform. No minimum configuration decided yet (maybe 4.6 because of 64 KB limitation for RMS on 4.5). Basically the API would sport three kind of stores: Files. These would allow standard directory/file manipulation (read/write through streams, create, mkdir, etc.). Preferences. It is a special store that handles properties accessed through keys (Similar to plain old java properties file but supporting some improvements such as different value data types such as SharedPreferences on Android platform) Local Message Queues. This store would offer basic message queue functionality. Considerations Inspired on JSR-75, all types of stores would be accessed in an uniform way by means of an URL following RFC 1738 conventions, but with custom defined prefixes (i.e. "file://" for files, "prefs://" for preferences or "queue://" for message queues). The address would refer to a virtual location that would be mapped to a physical storage object by each mobile platform implementation. Only files would allow hierarchical storage (folders) and access to external extorage memory cards (by means of a unit name, the same way as in JSR-75, but that would not change regardless of underlying platform). The other types would only support flat storage. The system should also support a secure version of all basic types. The user would indicate it by prefixing "s" to the URL (i.e. "sfile://" instead of "file://"). The API would only require one PIN (introduced only once) to access any kind of secure object types. Implementation issues For the implementation of both plaintext and encrypted stores, I would use the functionality available on the underlying platforms: Files. These are available on all platforms (J2ME only with JSR-75, but it is mandatory for our needs). The abstract File to actual File mapping is straight except for addressing issues. RMS. This type of store available on J2ME (and Blackberry) platforms is convenient for Preferences and maybe Message Queues (though depending on performance or size requirements these could be implemented by means of normal files). SharedPreferences. This type of storage, only available on Android, would match Preferences needs. SQLite databases. This could be used for message queues on Android (and maybe Blackberry). When it comes to encryption some requirements should be met: To ease the implementation it will be carried out on read/write operations basis on streams (for files), RMS Records, SharedPreferences key-value pairs, SQLite database columns. Every underlying storage object should use the same encryption key. Handling of encrypted stores should be the same as the unencrypted counterpart. The only difference (from the user point of view) accessing an encrypted store would be the addressing. The user PIN provides access to any secure storage object, but the change of it would not require to decrypt/re-encrypt all the encrypted data. Cryptographic capabilities of underlying platform should be used whenever it is possible, so we would use: J2ME: SATSA-CRYPTO if it is available (not mandatory) or lightweight BoncyCastle cryptographic framework for J2ME. Blackberry: RIM Cryptographic API or BouncyCastle Android: JCE with integraced cryptographic provider (BouncyCastle?) Doubts Having reached this point I was struck by some doubts about what solution would be more convenient, taking into account the limitation of the plataforms. These are some of my doubts: Encryption Algorithm for data. Would AES-128 be strong and fast enough? What alternatives for such scenario would you suggest? Encryption Mode. I have read about the weakness of ECB encryption versus CBC, but in this case the first would have the advantage of random access to blocks, which is interesting for seek functionality on files. What type of encryption mode would you choose instead? Is stream encryption suitable for this case? Key generation. There could be one key generated for each storage object (file, RMS RecordStore, etc.) or just use one for all the objects of the same type. The first seems "safer", though it would require some extra space on device. In your opinion what would the trade-offs of each? Key storage. For this case using a standard JKS (or PKCS#12) KeyStore file could be suited to store encryption keys, but I could also define a smaller structure (encryption-transformation / key data / checksum) that could be attached to each storage store (i.e. using addition files with the same name and special extension for plain files or embedded inside other types of objects such as RMS Record Stores). What approach would you prefer? And when it comes to using a standard KeyStore with multiple-key generation (given this is your preference), would it be better to use a record-store per storage object or just a global KeyStore keeping all keys (i.e. using the URL identifier of abstract storage object as alias)? Master key. The use of a master key seems obvious. This key should be protected by user PIN (introduced only once) and would allow access to the rest of encryption keys (they would be encrypted by means of this master key). Changing the PIN would only require to reencrypt this key and not all the encrypted data. Where would you keep it taking into account that if this got lost all data would be no further accesible? What further considerations should I take into account? Platform cryptography support. Do SATSA-CRYPTO-enabled J2ME phones really take advantage of some dedicated hardware acceleration (or other advantage I have not foreseen) and would this approach be prefered (whenever possible) over just BouncyCastle implementation? For the same reason is RIM Cryptographic API worth the license cost over BouncyCastle? Any comments, critics, further considerations or different approaches are welcome.

    Read the article

  • Account sharing among Ubuntu machines

    - by muckabout
    I'd like a simple and secure system to have allow users in our network to have their account (e.g., 'myname') work on every machine in the network (e.g., such that they could ssh to any machine and have the same userid, mounted smb share). Any suggestions?

    Read the article

  • HTML5 Web DB Security

    - by darrenc
    Hi all! I'm looking into an offline web app solution using HTML5. The functionality is everything I need BUT the data stored can be directly queried right in the browser and therefore completely unsecure! Is there anyway to encrypt/hide so that the data is secure? Thanks, D.

    Read the article

  • SmtpClient, send email through smtp.gmail.com, but From another account.

    - by dynback.com
    I wonna send email through gmail smtp, but users should see my corporative "From" SmtpClient smtp = new SmtpClient("smtp.gmail.com", 587); smtp.EnableSsl = true; smtp.Credentials = new NetworkCredential("[email protected]", "pass", "mail.dynback.com"); I am getting SmtpException: "The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required" I heard its all possible and called "Relay", but I am not sure, do i need to put somehow google credentials?

    Read the article

  • authentication on gui application written on perl

    - by oren
    Its not specific perl question I am building a perl gui/wxperl application that connect to DB . I want my application to be a password protected i.e first the user should enter the user and password and then use the appication . what is the best secure method to store the password could someone provide an idea what is the best method to how should i store the user and the password and how should i retrieve them for authentication ? if possible could someone provide some perl code how to do this ?

    Read the article

  • Troubleshooting Multiple Endpoints Problem in WCF

    - by omatase
    I have been using WCF for a few years now and am fairly comfortable with it, however there is one simple WCF concept that I have yet to employ and am having difficulties with it. Following this article about WCF addressing as it specifically relates to multiple endpoints in IIS I see these two excerpts: "Suppose you have a file named calc.svc and you place it in a virtual directory that corresponds to (http://localhost:8080/calcservice). The base address for this service will be (http://localhost:8080/calcservice/calc.svc)." and "Now, consider the endpoint configuration found in the virtual directory’s web.config file (in Figure 3). In this case, the address of the first endpoint becomes the same as the base address (http://localhost:8080/calcservice/calc.svc) since I left the endpoint address empty. The address of the second endpoint becomes the combination of the base address appended with "secure", like this: (http://localhost:8080/calcservice/calc.svc/secure)." Now in my application I'm trying to create two endpoints for the same service (shown below). The service name is MainService.svc. For endpoint one I have address="" and endpoint two has address="Soap11". Bringing the site up in IIS I can successfully hit this URL: (https://localhost:444/MainService.svc). This is the base address for the service according to all the documentation I can find. According to this article and others I have seen that confirm its information I should have the second endpoint at (https://localhost:444/MainService.svc/Soap11) but if I navigate to that URL I get a .Net exception indicating the resource is not found. Is there a tool I can use to see where my different endpoints will be available? Maybe some IIS or aspnet_isapi.dll logging I can turn on? My web.config section defining my endpoints follows. Thanks in advance for your help <service behaviorConfiguration="MyService.MainServiceBehavior" name="MyService.MainService"> <endpoint address="" binding="wsHttpBinding" bindingConfiguration="WSBindingConfig" contract="MyService.IMainService"> <identity> <dns value="localhost" /> </identity> </endpoint> <endpoint address="Soap11" binding="basicHttpBinding" bindingConfiguration="BasicBindingWithCredentials" contract="MyService.IMainService"> <identity> <dns value="localhost" /> </identity> </endpoint> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> </service>

    Read the article

  • How to detect Java agents, JVMTI, etc...

    - by Andrew Westberg
    How does one secure the Java environment when running on a machine you don't control? What is to stop someone from creating a java agent or native JVMTI agent and dumping bytecode or re-writing classes to bypass licensing and/or other security checks? Is there any way to detect if any agents are running from Java code? From JNI? From a JVMTI agent?

    Read the article

  • ASP.NET The underlying connection was closed: Could not establish trust relat

    - by David Lively
    When attempting to use HttpWebRequest to retrieve a page from my dev server, I get a web exception: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel." The remote certificate is invalid according to the validation procedure... The url I'm attempting to read from is a plain-old http://myserver.com/mypage.asp - no SSL. The production server has a valid certificate so this shouldn't be an issue, but our dev server doesn't. Help!

    Read the article

  • Cakephp Shopping Cart

    - by Fabian Brenes
    Hi all, I was wondering which php based carts will be the easiest to integrate with cakephp. I've heard about bakesale but I have no info on it whether is up to par with magento, cubecart or other carts out there. It's been a while since they have updated info on bakesale (August 2008). So if anyone has any info how reliable and secure bakesale is or is it better to use other php carts any info wil be appreciated.

    Read the article

  • executing pages built in 1.1 and 2.0 framework in same website

    - by Technovault
    I am having an application which is built in 1.1 framework.This application is now rebuilt in 2.0 framework but due to some reason we have to use some of the pages of 1.1 framework. So for this we are executing both the applications simultaneously and n carrying out the work using querystrings. So my question can we include pages made in 1.1 and 2.0 framework in one website , if not then please suggest me any other alternative because me method is not that secure... waiting for response ....

    Read the article

  • Cloud security and privacy

    - by Rakesh K
    Hi, I have a very basic doubt regarding cloud computing that is catching up pretty fast these days. To my understanding, cloud computing is a paradigm in which companies put up their data and applications on somebody else's machines aka 'The Cloud'. I want to know just how secure is it to put up my data on some third party machines, especially if my data contains private details. In particular, how can an enterprise trust the cloud computing service providers in this data privacy aspect? Thanks, rakesh.

    Read the article

  • C# Wrapping an application within another application

    - by Gio Borje
    I want to secure some applications for some people without teaching them how to add an encryption or authentication, so I thought about mocking up a simple application that launches another application if some password or authentication function returns true. How would I wrap the application so that only the launcher would be able to access the file?

    Read the article

  • Setting Cookie Port

    - by MasterMax1313
    I'm trying to set the port on a cookie in ASP.NET (code below), but I'm getting a very unusual error at runtime (below the code). Any thoughts? target.Cookie = new Cookie { Comment = "Test Comment", CommentUri = new System.Uri("http://www.tempuri.org"), Discard = false, Domain = "tempuri.com", Expired = false, Expires = new DateTime(2015, 12, 31), HttpOnly = false, Name = "TestCookie", Path = "/", Port = "443", Secure = false, Value = "Test Value", Version = 1, }; Exception: System.Net.CookieException: The 'Port'='443' part of the cookie is invalid..

    Read the article

  • Why use Soap as authenitcation in webservice?

    - by chobo2
    Hi I am looking at this tutorial http://www.codeproject.com/KB/cpp/authforwebservices.aspx and I am wondering what the reason for using authentication through soap is? Like why not just pass the username and password through the parameters instead? Is it more secure to do it like the way the guy is in the tutorial verus just using passing it through as parameters? Thanks

    Read the article

  • Android: how to share code between projects signed with the same certificate

    - by tomash
    In Android documentation concerning code signing we can read: "By signing multiple applications with the same certificate and using signature-based permissions checks, your applications can share code and data in a secure manner." How exactly such code sharing can be done? Is it possible to release main application and multiple exchangeable plugins then discover them at runtime? What does source code looks like and what are advantages over "standard" intents calls from/to different APK packages?

    Read the article

  • False sense of security with `snprintf_s`

    - by xtofl
    MSVC's "secure" sprintf funcions have a template version that 'knows' the size of the target buffer. However, this code happily paints 567890 over the stack after the end of bytes... char bytes[5]; _snprintf_s( bytes, _TRUNCATE, "%s", "1234567890" ); Any idea what I do wrong, or is this a known bug? (I'm working in VS2005 - didn't test in 2008 or 2010)

    Read the article

  • Paypal IPN security

    - by keithics
    Hello! I am developing a website which will allow users to pay via Paypal. Paypal IPN seems to be easy to integrate and it works on my localhost. Now the problem is that, the amount and the business name are passed to paypal using POST Data. I know it's very dangerous to put it that way, but I am not sure what are the alternatives. How can I make Paypal IPN secure?

    Read the article

  • java database backup restore

    - by jawath
    how do i backup /restore any kind of databases inside my java application to flate files.Are there any tools framework available to backup database to flat file like CSV, XML,or secure encrypted file,or restore from csv or xml files to databases ,it should be also capable of dumping table vise restore and backup also

    Read the article

  • Is pdf virus proof? [closed]

    - by Jonathan
    I am creating a secure document portal for a client. One of the things that they are worried about is having someone upload a document with a virus. One solution that might work is to enforce that they only upload pdf files. My question is two fold: Most importantly, is a pdf document virus proof? How can you determine in a *nix environment that a file is a pdf, besides just looking at the extension. Thanks! Jonathan

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 191 192 193 194 195 196 197 198 199 200 201 202  | Next Page >