Search Results

Search found 14771 results on 591 pages for 'security policy'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 199/591 | < Previous Page | 195 196 197 198 199 200 201 202 203 204 205 206  | Next Page >

  • What are the downside of not having an index.html file to some directories

    - by Pennf0lio
    Hi, I'm curious what are some effects/downside of not putting an index.html file to your directories (e.g images). I know when an index file is not present to a directory, files inside that directory are no longer private and will be visible to the browsers when point (eg yoursite.com/images/). Aside from that what are some big effects to consider? and how to properly secure them. thanks!

    Read the article

  • Validate authenticity of website owner

    - by Cyber Junkie
    Hello all! I'm planning to develop a web app where users will list their site/blog. When people submit their sites, how can I confirm that they are the owners of it? So for instance there is a user Mark who wants to submit someone else's website without their approval. I want to restrict Mark from doing so unless he is the actual owner. My idea was to do a comparison between the user's email domain and the website domain she/he wants to submit. If they match allow the user to submit the website. However most people don't register with their website domain address.. or perhaps I'll implement a Facebook connect in the future. What other methods would you suggest?

    Read the article

  • Should default passwords always be empty?

    - by mafutrct
    I'm currently designing a system that requires an admin to log in using a password. For certain reasons, it is difficult to set this password during installation, but it can be changed later. My idea is this: If I leave the default password empty, it is so horridly insecure that every admin is going to fix this as soon as possible. If I were to use some kind of predefined password instead, admins may think "ah.. nobody would think I've got 'defaultpassword' as my password so it's not very important to change." So the basic thought is to make it so terrible that even the most lazy people are going to do something about it.

    Read the article

  • In Rails, what could cause a user to have another user's session?

    - by DavidNorth
    I have a Rails application using with an authentication system using Restful Authentication without any modification. Users have reported finding themselves logged in as the wrong user. In at least one case it was on their very first page view, never having logged in before. Is it possible their session ids are getting mixed up? Would switching to CookieStore make it impossible for this to happen since no session data is stored on the server this way? I suspect the problem is related to Passenger but I don't know where to start debugging this. Its only happened about 4 times in several months of being live so its virtually impossible to reproduce. Environment: ActiveRecord session storage Rails 2.2.2 Passenger 2.0.1 Apache 2 Ruby 1.8.6 Many thanks

    Read the article

  • "slash before every quote" problem

    - by Camran
    I have a php page which contains a form. Sometimes this page is submitted to itself (like when pics are uploaded). I wouldn't want users to have to fill in every field again and again, so I use this as a value of a text-input inside the form: value="<?php echo htmlentities(@$_POST['annonsera_headline'],ENT_COMPAT,'UTF-8');?>"> This works, except it adds a "\" sign before every double-quote... For instance writing 19" wheels gives after page is submitted to itself: 19\" wheels And if I don't even use htmlentities then everything after the quotes dissappears. What is the problem here?

    Read the article

  • Authentication Sceme for RESTful API used by desktop app.

    - by user346087
    I'm providing a RESTful API. This API is used by a third party desktop application. The API is currently secured using Basic Authentication. That isn't very secure because the credentials have to be stored in the client application. The communication between the desktop and API can also easily be intercepter. The desktop application also communicates with a third party server (run by the publisher of the desktop application) I am unable to figure out how the secure the API in a good way. Ideas?

    Read the article

  • refresh a <ui:composition when j_security_check connection interrupted (http 408)

    - by José Osuna Barrios
    I have a "j_security_check connection interrupted (http code 408)" and proposed solution is <meta http-equiv="refresh" content="#{session.maxInactiveInterval}"/> by http://stackoverflow.com/a/2141274/1852036 but my page structure is a composition using a template.xhtml and a view.xhtml like a <ui:composition: my template.xhtml: <html ... <f:view ... <h:body ... <ui:insert name="content"> ... my view.xhtml to refresh when session.maxInactiveInterval <ui:composition ... <ui:define name="content"> ... may anyone help me to do this? I want to refresh this <ui:composition view, I can't use <meta http-equiv="refresh" content="#{session.maxInactiveInterval}"/> on template.xhtml because it's used by several views

    Read the article

  • Permission based access control

    - by jellysaini
    I am trying to implement permission based access control in ASP.NET. To implement this I have created some database tables that hold all the information about which roles are assigned what permissions and which roles are assigned to what user. I am checking the permissions in the business access layer. Right now I have created a method which checks the permissions of the user. If the user has permissions then okay otherwise it redirects to another page. I want to know if the following things are possible? class User { [PremissionCheck(UserID,ObjectName,OperationName)] public DataTable GetUser() { //coding for user } } I have seen it in MVC3. Can I Create it in ASP.NET? If yes then how can I implement it?

    Read the article

  • Where should I place a function that I want to run before the cached page is served (Drupal)

    - by kidbrax
    We have a intranet site that runs on Drupal. If an employee hits the site from outside our network they are required to login first. If they are already in our network, they can browse around freely. So we have a function that checks where they are coming from and redirects them to a login page if they are from outside. If we enable caching, they are not redirected because the cached page is rendered without running our function. The code currently exists inside of the theme_preprocess function. Where can I put it so that it always runs before the cached pages are served?

    Read the article

  • Url rewriting : prevent to display xml

    - by Frank
    Edit : I've got an aspx file (default.aspx) that loads a flash file (index.swf), but this swf needs a xml file (foo.xml) to load correctly. However, I would like to block any request aiming directly at the xml file. Is it possible, using a rewritting engine (isapi_rewrite for example) to detect if the xml file is being 'hotlinked' or being loaded by the 'index.swf'(inside default.aspx)? Any ideas? Thank you.

    Read the article

  • Post data with jQuery to ASP.net, am I doing this secure enough?

    - by Wim Haanstra
    For a website I am building, I am using jQuery to post data to Generic Handlers I created for this purpose. Because you need to be logged in, to do most post actions (like 'rate a picture'), I am currently using the following technique: User visits page Page determines if user is logged in On Page_Load the page fills a hidden field with an encrypted string, which contains several needed variables, like User ID, Picture ID (of the picture they are currently viewing), the DateTime when the page was rendered. When the user clicks a "I like this picture"-button, I do a $.ajax post to my Generic Handler, with the encrypted string and the value whether or not they liked the picture. The Generic Handler decrypts the supplied encrypted string and takes a look at the DateTime to determine if it was not too long ago When everything works out, the vote is submitted to the database. In my understanding this is a pretty secure way to handle a situation like this. But maybe I am missing a very important point here. Any advice would be very welcome.

    Read the article

  • Ways to restrict WCF Service so only our apps can access it.

    - by RP
    I have a public WCF Service. I have a WPF Desktop app & a silverlight app. My apps does not have any login requirements. I want to make it difficult for another developer / website to make use of my service. What's the best way to restrict access to my service? Use SSL and have the desktop / silverlight app store a token inside of it?

    Read the article

  • What Java tools/apis to use for decrypting/encrypting

    - by Java_bear
    I am trying to decrypt (and later encrypt) an email message (ebXML). The message contains a Signature element that contains child elements to specify the SignedInfo, SignatureValue and KeyInfo. Also, the message contains an encrypted attachment. Question: What Java tools/apis should be used for decrypting? I would like to find some tool/api that would (automagically) instantiate objects based on whatever is included with the Signature element, so that the data (message) could be easily validated. And the other way around: Creating objects (specifying methods, signature value and keyinfo) and then outputting the xml to go into the message.

    Read the article

  • How should my main web application (A) securely retrieve data from my content storage web applicatio

    - by fonacule
    I have two web applications (A) and (B). (A) is my primary web application. (B) is purely for content storage, such as file uploads by users of (A). What's best way to securely retrieve data from (B) into (A) but in a way that does not expose the data in (B) to potential discovery by third-parties over the public internet or nosy users of (A)? For example, if I use a HTML form POST from (A) to (B) to retrieve user data, and have a hidden form field called user_id=1, then someone could simply change this to user_id=2 and see the content owned by another user of the application. That would be a problem.

    Read the article

  • php web based portal authentication through IP.

    - by user434885
    i have a web portal running which involves basic data entry. The issue being that this is highly sensitive data. And the credibility of the data entry personel is very low. Therefore i have implemented recording of IP when an entry is made. The Problem i am facing is if this if this person starts forwarding his IP from a proxy server then i am unable to track authenticity of the data. How do i detect if the IP forwarding is happening/ get the real ip address of the person.

    Read the article

  • How to check for a file's authenticity ?

    - by Ale_x
    Let's say I write a game application. I want the level of the player to be stored in an external file. How can I prevent a hacker from writing and modifying the file to put another level ? I want the file to be modified by my application only. I can sign the file's content with a key, but then this key will be stored in the application, therefore it would be possible for a hacker to decompile the binary and find the key. Is there any way to do this ?

    Read the article

  • Block upload of executable images (PHP)

    - by James Simpson
    It has come to my attention that a user has been trying to create an exploit through avatar image uploads. This was discovered when a user reported to me that they were getting a notice from their Norton Anti-virus saying "HTTP Suspicious Executable Image Download." This warning was referencing the user's avatar image. I don't think they had actually achieved anything in the way of stealing information or anything like that, but I assume it could be possible if the hole is left open long enough. I use PHP to upload the image files, and I check if the file being uploaded is a png, jpg, or gif.

    Read the article

  • How can I gain root access on a Mac OS X system without wiping the OS?

    - by Richard T
    My father died recently and I've inherited his Mac. I'd love to put it to use in my own life, but I don't want to wipe its brains out just so I can reconfigure it to use in my network, etc. His old files are historically important to me—I trust you can understand my desire to keep them. I can log in as I had an account on the machine before he passed, but that's about it.

    Read the article

  • Execute a batch script from Firefox

    - by danilo
    I have written an intranet application from which you can directly connect to a virtual machine by clicking on a RDP-button. The click calls a .bat file, which opens the connection. With IE, this is no problem, as you can choose to directly execute the batch file. But with Firefox, I can only download the script, and have to start it manually afterwards. Is there a way to trust the intranet domain (about:config?) so Firefox allows it to execute scripts directly? Or is there an even better (easier) way to start an RDP connection from Firefox?

    Read the article

  • How can I add one line into all php files' beginning?

    - by Tom
    So, ok. I have many php files and one index.php file. All files can't work without index.php file, because I include them in index.php. For example. if somebody click Contact us the URL will become smth like index.php?id=contact and I use $_GET['id'] to include contacts.php file. But, if somebody find the file's path, for example /system/files/contacts.php I don't want that that file would be executed. So, I figured out that I can add before including any files in index.php line like this $check_hacker = 1 and use if in every files beginning like this if($check_hacker <> 1) die();. So, how can I do it without opening all files and adding this line to each of them? Is it possible? Because I actually have many .php files. And maybe there is other way to do disable watching separate file? Any ideas? Thank you.

    Read the article

  • Hiding "Print to file" in a Java print dialog

    - by Carl Smotricz
    I'm maintaining this Swing app that has a "print" option. Users need to be kept from interacting in any way with the underlying file system, but the print dialog offers "print to file" as one printer, and that of course allows selecting a directory and file from the file system. Is there a painless way to override/modify the print dialog to hide the "to file" printer from this dialog? I understand the API will let me do this piecemeal but I'd rather not have to re-create most of the dialog GUI and functionality to do this.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 195 196 197 198 199 200 201 202 203 204 205 206  | Next Page >