Search Results

Search found 16593 results on 664 pages for 'adf security deploy'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 207/664 | < Previous Page | 203 204 205 206 207 208 209 210 211 212 213 214  | Next Page >

  • Securing database keys for client-side processing

    - by danp
    I have a tree of information which is sent to the client in a JSON object. In that object, I don't want to have raw IDs which are coming from the database. I thought of making a hash of the id and a field in the object (title, for example) or a salt, but I'm worried that this might have a serious effect on processing overhead. SELECT * FROM `things` where md5(concat(id,'some salt')) = md5('1some salt'); Is there a standard practice for obscuring IDs in this kind of situation?

    Read the article

  • Secure C# Assemblies from unauthorized Callers

    - by Creepy Gnome
    Is there any way to secure your assembly down to the class/property & class/method level to prevent the using/calling of them from another assembly that isn't signed by our company? I would like to do this without any requirements on strong naming (like using StrongNameIdentityPermission) and stick with how an assembly is signed. I really do not want to resort to using the InternalsVisibleTo attribute as that is not maintainable in a ever changing software ecosystem. For example: Scenario One Foo.dll is signed by my company and Bar.dll is not signed at all. Foo has Class A Bar has Class B Class A has public method GetSomething() Class B tries to call Foo.A.GetSomething() and is rejected Rejected can be an exception or being ignored in someway Scenario Two Foo.dll is signed by my company and Moo.dll is also signed by my company. Foo has Class A Moo has Class C Class A has public method GetSomething() Class C tries to call Foo.A.GetSomething() and is not rejected

    Read the article

  • compromised site

    - by pinniger
    So, I have a web site that has been compromised twice in two weeks. every index.php and .js file gets a script injecting into the source code of the file. The problem is that I have no idea how they're doing it. I've seen this done via sql injection before, but I don't know how they are actually writing to the file. I've dug through the Apache logs but didn't find anything interesting. The site is built using the cakephp framework on a godaddy shared server. Anybody know what secturity settings or log files to check to see how they are doing this?

    Read the article

  • Hiding "Print to file" in a Java print dialog

    - by Carl Smotricz
    I'm maintaining this Swing app that has a "print" option. Users need to be kept from interacting in any way with the underlying file system, but the print dialog offers "print to file" as one printer, and that of course allows selecting a directory and file from the file system. Is there a painless way to override/modify the print dialog to hide the "to file" printer from this dialog? I understand the API will let me do this piecemeal but I'd rather not have to re-create most of the dialog GUI and functionality to do this.

    Read the article

  • In Rails, what could cause a user to have another user's session?

    - by DavidNorth
    I have a Rails application using with an authentication system using Restful Authentication without any modification. Users have reported finding themselves logged in as the wrong user. In at least one case it was on their very first page view, never having logged in before. Is it possible their session ids are getting mixed up? Would switching to CookieStore make it impossible for this to happen since no session data is stored on the server this way? I suspect the problem is related to Passenger but I don't know where to start debugging this. Its only happened about 4 times in several months of being live so its virtually impossible to reproduce. Environment: ActiveRecord session storage Rails 2.2.2 Passenger 2.0.1 Apache 2 Ruby 1.8.6 Many thanks

    Read the article

  • Post data with jQuery to ASP.net, am I doing this secure enough?

    - by Wim Haanstra
    For a website I am building, I am using jQuery to post data to Generic Handlers I created for this purpose. Because you need to be logged in, to do most post actions (like 'rate a picture'), I am currently using the following technique: User visits page Page determines if user is logged in On Page_Load the page fills a hidden field with an encrypted string, which contains several needed variables, like User ID, Picture ID (of the picture they are currently viewing), the DateTime when the page was rendered. When the user clicks a "I like this picture"-button, I do a $.ajax post to my Generic Handler, with the encrypted string and the value whether or not they liked the picture. The Generic Handler decrypts the supplied encrypted string and takes a look at the DateTime to determine if it was not too long ago When everything works out, the vote is submitted to the database. In my understanding this is a pretty secure way to handle a situation like this. But maybe I am missing a very important point here. Any advice would be very welcome.

    Read the article

  • "slash before every quote" problem

    - by Camran
    I have a php page which contains a form. Sometimes this page is submitted to itself (like when pics are uploaded). I wouldn't want users to have to fill in every field again and again, so I use this as a value of a text-input inside the form: value="<?php echo htmlentities(@$_POST['annonsera_headline'],ENT_COMPAT,'UTF-8');?>"> This works, except it adds a "\" sign before every double-quote... For instance writing 19" wheels gives after page is submitted to itself: 19\" wheels And if I don't even use htmlentities then everything after the quotes dissappears. What is the problem here?

    Read the article

  • Is there a way to test my nonce validation fails when it should?

    - by MrsLannister
    I'm using nonce validation in a wordpress plugin. When I submit the form from the admin menu it processes correctly, so I believe the nonce validation is working. What I'm not sure is if the validation will fail when it is supposed to and I don't know what the best way to test this is. I tried putting the url for the php file in directly, but all it does it take me to a wordpress not found page. Is there some recommended way to test this? Here is my code. Again, the test passes when it is supposed to, I just don't know if it fails when it is supposed to. if ( !wp_verify_nonce( $ecbs_post_data['_wpnonce'], 'ecbs-edit-templates' ) ) { wp_die( __( 'You do not have permission to update this page.' ) ); }

    Read the article

  • Is it possible to password protect an SQL server database even from administrators of the server ?

    - by imanabidi
    I want to install an application (ASP.Net + SQL server 2005 express) in local network of some small company for demo but I also want nobody even sysadmin see anything direct from the database and any permission wants a secure pass . I need to spend more time on this article Database Encryption in SQL Server 2008 Enterprise Edition that i found from this answer is-it-possible-to-password-protect-an-sql-server-database but 1.I like to be sure and more clear on this because the other answer in this page says : Yes. you can protect it from everyone except the administrators of the server. 2.if this is possible, the db have to be enterprise edition ? 3.is there any other possible solutions and workaround for this? thanks in advance

    Read the article

  • What reasons are there NOT to use OpenID?

    - by cletus
    You see a fair bit (in the Geek community anyway) about OpenID. It seems like a good idea. I'm developing a website that will be targeted at a somewhat less geeky audience (but not quite Mom and Pops either) so I have to wonder if OpenID is going to be "too hard" for some audiences. What do you think? That aside, are there any other technical or non-technical reasons NOT to use OpenID?

    Read the article

  • securing a webservice for use from a custom iphone app only

    - by mme
    I want to create an iphone application which consists of two parts: The app itself and a server side component. On a users request, the app sends data to the server which is to be handled by human operators. To prevent abuse from an iphone app user, the id of the iphone is sent along with the request, and the operators can blacklist pranksters to deny their iphone access to the service. So far so good. Now the problem is: Someone could easily discover the address of the serverside component, and write a script to send bogus requests, using multiple IP addresses etc. So my question is: how can I defend myself against this? Captchas to protect against scripted attacks or requiring the user to register himself are not an option for this particular application. If I had control of the download, I would associate a unique ID with each downloaded app, but obviously this is not an option with the appstore. What would be your approach to make the server side part more secure?

    Read the article

  • What's the big deal with brute force on hashes like MD5

    - by Jan Kuboschek
    I just spent some time reading http://stackoverflow.com/questions/2768248/is-md5-really-that-bad (I highly recommend!). In it, it talks about hash collisions. Maybe I'm missing something here, but can't you just encrypt your password using, say, MD5 and then, say, SHA-1 (or any other, doesn't matter.) Wouldn't this increase the processing power required to brute-force the hash and reduce the possibility of collision?

    Read the article

  • Strongest cipher available to use with C/C++ ?

    - by George0x77
    I am just wondering if you are supposed to write a sort of really secure application with data being transmitted over insecure networks, what kind of encryption algorithm will you use it in order to make it safe ? I know several c++ libraries for encryption providing nice functions with different algorithms, but i'm not quite sure which cipher to use - AES, DES, RSA, Blowfish or maybe something more different ? Please provide your ideas and suggestions. Thank you.

    Read the article

  • Block upload of executable images (PHP)

    - by James Simpson
    It has come to my attention that a user has been trying to create an exploit through avatar image uploads. This was discovered when a user reported to me that they were getting a notice from their Norton Anti-virus saying "HTTP Suspicious Executable Image Download." This warning was referencing the user's avatar image. I don't think they had actually achieved anything in the way of stealing information or anything like that, but I assume it could be possible if the hole is left open long enough. I use PHP to upload the image files, and I check if the file being uploaded is a png, jpg, or gif.

    Read the article

  • How can I cut down on this spam, and what is the point of it anyway?

    - by Steven
    I run a small, niche personal ads site. People post ads and then other people reply to them, which sends an email to the original creator of the ad telling them that someone is interested and giving them contact information for that interested person. Lately there's been some weird spam. People are receiving nonsense replies to their ads. Here is an example of one: Name: xkauwvyr Reply: vRYmbI <a href="http://rypmoxdkfblf.com/">rypmoxdkfblf</a>, url=http://pnjlwvhizwbq.com/]pnjlwvhizwbq[/url], [link=http://hmenwoujxrfv.com/]hmenwoujxrfv[/link], http://ogsekuhoyeud.com/ They vary in length and composition but they all look roughly like that. The first idea I had was to simply throw out any reply that contained the string " Also, is this spam just some ass playing a trick on my website, or is it something more malicious?

    Read the article

  • Captcha Decoded

    - by Web Lover
    Hi, I have seen some captchas being decode using javascript, php, etc. How do they do it? For example, very popular megaupload site's captcha has also been decoded.

    Read the article

  • Where should I place a function that I want to run before the cached page is served (Drupal)

    - by kidbrax
    We have a intranet site that runs on Drupal. If an employee hits the site from outside our network they are required to login first. If they are already in our network, they can browse around freely. So we have a function that checks where they are coming from and redirects them to a login page if they are from outside. If we enable caching, they are not redirected because the cached page is rendered without running our function. The code currently exists inside of the theme_preprocess function. Where can I put it so that it always runs before the cached pages are served?

    Read the article

  • Prevent Apache from answering invalid requests

    - by nickdnk
    I have an Apache web-server that acts as a web front-end for iPhone and iPad applications that communicate by POST and JSON only. Is there any way to prevent Apache from answering requests that are invalid? I can see my error log is filled with attempts to open files such as /admin.php /index.php etc - files that don't exist on my server. I believe this is possible with IIS, but can you do the same thing with Apache? Basically I want the request to appear timed out unless you post exactly the right content to the right file - or at least if you do not request an existing file. This would make the server appear non-existing to everyone but my iPhone users as all communication is SSL and directories are not really guess-able. I did disable the ServerTokens and all that, but I still get File not found etc. when I access the server requesting a random file, which is what these bots do constantly.

    Read the article

  • How can I add one line into all php files' beginning?

    - by Tom
    So, ok. I have many php files and one index.php file. All files can't work without index.php file, because I include them in index.php. For example. if somebody click Contact us the URL will become smth like index.php?id=contact and I use $_GET['id'] to include contacts.php file. But, if somebody find the file's path, for example /system/files/contacts.php I don't want that that file would be executed. So, I figured out that I can add before including any files in index.php line like this $check_hacker = 1 and use if in every files beginning like this if($check_hacker <> 1) die();. So, how can I do it without opening all files and adding this line to each of them? Is it possible? Because I actually have many .php files. And maybe there is other way to do disable watching separate file? Any ideas? Thank you.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 203 204 205 206 207 208 209 210 211 212 213 214  | Next Page >