Search Results

Search found 120608 results on 4825 pages for 'code access security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 219/4825 | < Previous Page | 215 216 217 218 219 220 221 222 223 224 225 226  | Next Page >

  • Avoid SQL Injection with Parameters

    - by simonsabin
    The best way to avoid SQL Injection is with parameters. With parameters you can’t get SQL Injection. You only get SQL Injection where you are building a SQL statement by concatenating your parameter values in with your SQL statement. Annoyingly many TSQL statements don’t take parameters, CREATE DATABASE for instance, or really annoyingly ALTER USER. In these situations you have to rely on using QUOTENAME or REPLACE to avoid SQL Injection. (Kimberly Tripp takes about this in her recent blog post Little...(read more)

    Read the article

  • "Reverse" encryption? - EncFS the other way around?

    - by stwissel
    Currently I'm using EncFS to encrypt my directory "confidential" to ".encconfidential" and sync that encrypted directory using an online service (e.g. Dropbox, UbuntuOne etc). However my entire disk is already LUKS encrypted, so the double encryption takes a toll on performance. I wonder is there an "inverted" EncFS option? An unencrypted directory gets mounted and in the mounted directory you only see encrypted files. So I could work with the unencrypted documents while the sync tool sees and read/writes the encrypted files only.

    Read the article

  • FTP over ssh hangs on "Connection established: Waiting for Welcome Message"

    - by Siriss
    I have looked far and wide and have not quite found the answer. I am running ubuntu 11.10, openssh, and vsftpd. I am trying to configure my FTP to tunnel over ssh. My ssh connection works just fine and I can create the tunnel to my FTP port. When I go to use Filezilla to connect, it hangs at "Waiting for Welcome Message". I think it is an iptables issue, but I can't seem to figure out what needs to be changed. When I take iptables down, it connects just fine. I don't want to open any more external ports, just my one SSH port, and I can't seem to get it right on the internal port forwarding rule. I always end up opening it to the outside. I would love some help if anyone has any ideas and I hope I have made it clear. Thank you in advance!!

    Read the article

  • How can I convince management to deal with technical debt?

    - by Desolate Planet
    This is a question that I often ask myself when working with developers. I've worked at four companies so far and I've become aware of a lack of attention to keeping code clean and dealing with technical debt that hinders future progress in a software app. For example, the first company I worked for had written a database from scratch rather than use something like MySQL and that created hell for the team when refactoring or extending the application. I've always tried to be honest and clear with my manager when he discusses projections, but management doesn't seem interested in fixing what's already there and it's horrible to see the impact it has on team morale. What are your thoughts on the best way to tackle this problem? What I've seen is people packing up and leaving. The company then becomes a revolving door with developers coming in and out and making the code worse. How do you communicate this to management to get them interested in sorting out technical debt?

    Read the article

  • Motivating yourself to actually write the code after you've designed something

    - by dpb
    Does it happen only to me or is this familiar to you too? It's like this: You have to create something; a module, a feature, an entire application... whatever. It is something interesting that you have never done before, it is challenging. So you start to think how you are going to do it. You draw some sketches. You write some prototypes to test your ideas. You are putting different pieces together to get the complete view. You finally end up with a design that you like, something that is simple, clear to everybody, easy maintainable... you name it. You covered every base, you thought of everything. You know that you are going to have this class and that file and that database schema. Configure this here, adapt this other thingy there etc. But now, after everything is settled, you have to sit down and actually write the code for it. And is not challenging anymore.... Been there, done that! Writing the code now is just "formalities" and makes it look like re-iterating what you've just finished. At my previous job I sometimes got away with it because someone else did the coding based on my specifications, but at my new gig I'm in charge of the entire process so I have to do this too ('cause I get payed to do it). But I have a pet project I'm working on at home, after work and there is just me and no one is paying me to do it. I do the creative work and then when time comes to write it down I just don't feel like it (lets browse the web a little, see what's new on P.SE, on SO etc). I just want to move to the next challenging thing, and then to the next, and the next... Does this happen to you too? How do you deal with it? How do you convince yourself to go in and write the freaking code? I'll take any answer.

    Read the article

  • How to solve: "Connect to host some_hostname port 22: Connection timed out"

    - by Aufwind
    I have two Ubuntu machines. Both have openssh-client and openssh-server installed on them. ssh-ing from machine G (fresh Ubuntu 11.10 installation) to machine K works great. But ssh-ing from machine K to machine G results always in the Error: Connect to host some_hostname port 22: Connection timed out I went through the troubleshooting section of help.ubuntu.com and I got the following results: ps -A | grep sshd # results in 848 ? 00:00:00 sshd - sudo ss -lnp | grep sshd # results in 0 128 :::22 :::* users:(("sshd",848,4)) 0 128 *:22 *:* users:(("sshd",848,3)) - ssh -v localhost # works! - sudo ufw status verbose # yields: "Status: inactive" I haven't change anything in the config file. What can I do to locate the Problem and solve it? Glad about every hint! Edit: ping was succesful in both directions! I did a telnet <machineK> 22 from machin G which resulted in Trying and then in telnet: Unable to connect to remote host: Connection timed out. But telnet the other way around worked just fine! Edit 2: ssh start/running, process 966 # yields: ssh start/running, process 966 /etc/hostname # contains my hostname, let's call it blubb /etc/hosts # contains the following 127.0.0.1 localhost # 127.0.1.1 blubb 129.26.68.74 blubb # I added this! - sudo service ufw status # yields: ufw start/running I installed Gufw and set it to ON. Then I selected from Incoming the option ALLOW. Then I sshed to another machine from where I sshed back to my machine. Still the same error as above: connect to host blubb port 22: Connection timed out Any more hints, what I can check?

    Read the article

  • Investigating a big C++ project from its source code [closed]

    - by user827992
    Possible Duplicate: What is the best method to start understanding BIG project source code? I have a project that I would like to dissect to learn something new from it. This project is about 200 megabytes. For me, it is just impossible to open every cpp and hpp file and read each and every one. I also don't know what is the best approach in this case. Many people on the internet are looking for an UML tool to generate some kind of graph. I think that UML works well when you are starting a project and you want to express the business logic of your classes and methods. In my opinion UML is totally useless when studying a project only from its source code. Also UML is an OO language, in a large sized C++ project I find a lot of stuff that is not an object and can express some other kind of paradigm. Can you name a tool or a class of software that can help with this?

    Read the article

  • Identity Management: The New Olympic Sport

    - by Naresh Persaud
    How Virgin Media Lit Up the London Tube for the Olympics with Oracle If you are at Open World and have an interest in Identity Management, this promises to be an exciting session. Wed, October 3rd Session CON3957: Delivering Secure Wi-Fi on the Tube as an Olympics Legacy from London 2012 Session Time: 11:45am-12:45pm Session Location: Moscone West L3, Room 3003 Speakers: Perry Banton - IT Architect, Virgin Media                    Ben Bulpett - Director, aurionPro SENA In this session, Virgin Media, the U.K.'s first combined provider of broadband, TV, mobile, and home phone services, shares how it is providing free secure Wi-Fi services to the London Underground, using Oracle Virtual Directory and Oracle Entitlements Server, leveraging back-end legacy systems that were never designed to be externalized. As an Olympics 2012 legacy, the Oracle architecture will form a platform to be consumed by other Virgin Media services such as video on demand. Click here for more information.

    Read the article

  • Placing of copyright notice in source code

    - by Diana Dcn
    I'm about to release a project of mine that I'm really proud of under the GNU GPL and I have some questions: Should one attach a copyright notice on each and every source code file from their project? I think it's a bit ridiculous to claim copyright on a 3 line abstract class. Should I attach a copyright notice only to really important source code files? Can I not attach the whole standard thingy? Because it's big and bulky and gets in the way... If so, is the variant below ok/enough? Copyright year firstname lastname. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation.

    Read the article

  • Situations that require protecting files against tampering when stored on a users computer

    - by Joel
    I'm making a 'Pokémon Storage System' with a Client/Server model and as part of that I was thinking of storing an inventory file on the users computer which I do not wish to be edited except by my program. An alternative to this would be to instead to store the inventory file on the server and control it's editing by sending commands to the server but I was wondering if there are any situations which require files to be stored on a users computer where editing would be undesirable and if so how do you protect the files? I was thinking AES with some sort of checksum?

    Read the article

  • Are python's cryptographic modules good enough?

    - by Aerovistae
    I mean, say you were writing professional grade software that would involve sensitive client information. (Take this in the context of me being an amateur programmer.) Would you use hlib and hmac? Are they good enough to secure data? Or would you write something fancier by hand? Edit: In context of those libraries containing more or less the best hashing algorithms in the world, I guess it's silly to ask if you'd "write something fancier." What I'm really asking here is whether it's enough on its own.

    Read the article

  • UPMC Picks Oracle Identity Management

    - by Naresh Persaud
    UPMC, a $10-billion integrated global health enterprise, has selected Oracle as a key technology partner in UPMC’s $100-million analytics initiative designed to help “unlock the secrets of human health and disease” by consolidating and analyzing data from 200 separate sources across UPMC’s far-flung network.As part of the project UPMC also selected Oracle Identity Management to secure the interaction and insure regulatory compliance. Read complete article here. As healthcare organizations create new services on-line to provide better care Identity Management can provide a foundation for collaboration.

    Read the article

  • Solera Networks Threat Predictions for 2012, Solutions

    Legitimate sites are often trusted by their visitors, which makes them a perfect target for cybercriminals. Solera lists attacks on legitimate, yet compromised sites as a growing trend for 2012 due to the increased amount of such sites containing unpatched vulnerabilities. Once compromised, hackers can use the legitimate sites to redirect unsuspecting visitors and put them in harm's way. According to Solera, malicious spam is another undesirable item that should increase in 2012. Various methods, such as email, instant messaging, attachments, malicious links, and social networks will cont...

    Read the article

  • Can I use Ubuntu as a wireless media server which performs all decoding/processing server-side?

    - by AthloX
    I want to setup UBUNTU 12.04 desktop as Home media server. I have window 7 netbook and UBUNTU 12.04lts laptop even a samsun galaxy note tablet (android). Two desktop in other room with dualboot win7 and ubuntu. SHARP AQUOS Plasma Tv with Wi-Fi connected. I want to install ubuntu as media server to stream audio/video files over wi-fi. Not only this i want this media server to use its own processing power to decode ans stream so that on remote end only file can play without using their own resource. Is it possible to use ubuntu as media server to stream files without making the remote end to use there own resource. I want only bandwidth of Wi-Fi to be use in this and media center hardware resource.Remote end gadget should use only speaker and screen and not processing power of their own. Please any suggestion is it possible to do so ?

    Read the article

  • How to backup encrypted home in encrypted form only?

    - by Eric
    I want to backup the encrypted home of a user who might be logged in at backup time. Which directories should I backup if I want to ensure that absolutely no plaintext data can be leaked? Are the following folders always encrypted? /home/user/.Private /home/user/.ecryptfs Just want to make sure that no data leaks, as the backup destination is untrustworthy. Edit: Yes, as Lord of Time has suggested, I'd like to know which folders and/or files I need to backup if I need to store only encrypted content in a way that allows me to recover it later with the right passphrase.

    Read the article

  • More than one way to skin an Audit

    - by BuckWoody
    I get asked quite a bit about auditing in SQL Server. By "audit", people mean everything from tracking logins to finding out exactly who ran a particular SELECT statement. In the really early versions of SQL Server, we didn't have a great story for very granular audits, so lots of workarounds were suggested. As time progressed, more and more audit capabilities were added to the product, and in typical database platform fashion, as we added a feature we didn't often take the others away. So now, instead of not having an option to audit actions by users, you might face the opposite problem - too many ways to audit! You can read more about the options you have for tracking users here: http://msdn.microsoft.com/en-us/library/cc280526(v=SQL.100).aspx  In SQL Server 2008, we introduced SQL Server Audit, which uses Extended Events to really get a simple way to implement high-level or granular auditing. You can read more about that here: http://msdn.microsoft.com/en-us/library/dd392015.aspx  As with any feature, you should understand what your needs are first. Auditing isn't "free" in the performance sense, so you need to make sure you're only auditing what you need to. Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!

    Read the article

  • Microsoft Unveils New Logo

    Indeed, with those four familiar colored squares - set in a bigger square rather than standing on a point in a diamond - Microsoft's new corporate logo seems almost inevitable. As you'd expect, the company's name makes up part of the logo, but instead of the thick italic letters it has used for the past two and a half decades, it's in a more standard, lighter font. Jeff Hansen, Microsoft's general manager of brand strategy, notes that the point of the new logo is to signal the heritage but also signal the future - a newness and a freshness. It's very fitting when you consider just how many...

    Read the article

  • Managing Spanish Code

    - by Sajith S Narayanan
    Hi All, We have a new project from a client who is Spanish and has all his Java code and comments, variables, method names in Spanish. We are not permitted to convert it into English and then use them. If any of you have worked in such a condition, can you advice what can be done to mitigate this risk as we have to do new developments and this is a major show stopper.. Their Java project has a mix of EJBs, Struts, Custom Framework and more than 10000 Java Files with atleast total of 200k lines of code (min. estimate) and is deployed using Weblogic Server 10 Regards, Dazzlers

    Read the article

  • How do I safely use a virus infected USB drive in Ubuntu?

    - by suhridk
    I have an USB drive which I know is virus infected (an anti-virus on my friend's machine detected it). Unfortunately neither of us know the virus name and I don't want to take the risk of plugging it to my Windows box again. Of course, in all probability the virus affects only Windows. (But I'm not sure) I want to know if I can safely plug the USB into my Ubuntu Lucid laptop and copy the stuff I need from the drive. If there are some precautions I need to follow what would they be?

    Read the article

  • How do you determine whether a website is a scam [closed]

    - by Tom
    What's the best way to determine if a website is a scam. For example, at first sight (no pun intended) the following website seems to be legitimate. But the price of the product is suspiciously low (all the reviews point to an RRP of approximately £1000). http://www.maxiargos.com/index.php/asus-zenbook-ux31e-dh72-13-3-inch-thin-and-light-ultrabook-silver-aluminum.html Another indication is the lack of SSL for the checkout page, and lack of useful information in the WHOIS record. Registration Service Provided By: TMDHOSTING Contact: +1.8665325635 Domain Name: MAXIARGOS.COM Registrant: PrivacyProtect.org Domain Admin ([email protected]) ID#10760, PO Box 16 Note - All Postal Mails Rejected, visit Privacyprotect.org Nobby Beach null,QLD 4218 AU Tel. +45.36946676 Creation Date: 09-Nov-2011 Expiration Date: 09-Nov-2012 Domain servers in listed order: ns1.tmdhosting410.com ns2.tmdhosting410.com Administrative Contact: PrivacyProtect.org Domain Admin ([email protected]) ID#10760, PO Box 16 Note - All Postal Mails Rejected, visit Privacyprotect.org Nobby Beach null,QLD 4218 AU Tel. +45.36946676 Technical Contact: PrivacyProtect.org Domain Admin ([email protected]) ID#10760, PO Box 16 Note - All Postal Mails Rejected, visit Privacyprotect.org Nobby Beach null,QLD 4218 AU Tel. +45.36946676 Billing Contact: PrivacyProtect.org Domain Admin ([email protected]) ID#10760, PO Box 16 Note - All Postal Mails Rejected, visit Privacyprotect.org Nobby Beach null,QLD 4218 AU Tel. +45.36946676

    Read the article

  • Display current layout (language code/country flag) in keyboard indicator

    - by Jono
    Just upgraded from 10.04 to 10.10, and the keyboard indicator applet no longer displays the two-letter country code for the active layout. This is terrible. Is this the default behaviour? Anyone using two layouts can't tell which language they're in. I can't seem to find the setting for this, it used to be in the preferences for keyboard layout. Update 1: In case this wasn't obvious - I have two keyboard layouts - English and Hebrew. I just upgraded form 10.04, where the country code (USA/IL) was displayed, overlaid on the flag. Now all I get is a vague keyboard icon, and can't find the settings for this. Update 2: this seems to be a bug that people have been reporting since Lucid, and is now back in Maverick

    Read the article

  • Web api authentication techniques

    - by Steve
    We have a asp.net MVC web service framework for serving out xml/json for peoples Get requests but are struggling to figure out the best way (fast, easy, trivial for users coding with javascript or OO languages) to authenticate users. It's not that our data is sensitive or anything, we just want users to register so we can have their email address to notify them of changes and track usage. In our previous attempt we had the username in the URI and would just make sure that username existed and increment db tables with usage. This was super basic but we'd notice people using demo as a username etc so we need it to be a little more sophisticated. What authentication techniques are available? What do the major players use/do.

    Read the article

  • Did Microsoft Add Wiretapping Capability to Skype?

    Ryan Gallagher, writing for Slate, put two and two together from a lot of no comments. He noted that back in 2007, German police forces said that they couldn't tap into Skype calls because of of its strong encryption and complicated peer-to-peer network connections; in fact, Skype bluntly stated at the time that, due to its encryption and architecture techniques, it couldn't conduct wiretaps. But that may have changed. Gallagher cited a Forbes article that claims the hacker community is talking about recent changes to Skype's architecture and whether they will allow users to be wiretapped. ...

    Read the article

  • Roanoke Code Camp 2014

    - by Brian Lanham
    Originally posted on: http://geekswithblogs.net/codesailor/archive/2014/05/18/156407.aspxI had a great time yesterday at Roanoke Code Camp!  Many thanks to American National University for the venue, the code camp staff and volunteers, the other speakers, and of course the attendees who made my sessions interactive.  I learned a lot yesterday and it was a good time all around. I attended sessions on Apache Cassandra by Dr. Dave King (@tildedave), Angular JS by Kevin Israel (@kevadev), and JavaScript for Object-Oriented Programmers by Joel Cochran (@joelcochran).  I regret I was unable to attend all the sessions. I also had the opportunity to present.  I spoke on Redis and got some people excited about graph databases by talking about Neo4j.  You can find my slides and other materials at the following links: My Presentation Materials Folder Redis Materials – Slides     - Snippets Neo4j Materials – Slides     - Snippets If you have any trouble getting any of the materials just respond to this post or tweet me @codesailor and I will make sure you get the information you need.

    Read the article

  • Drop in service for account management, authentication, identity?

    - by Mike Repass
    I'm building an Android app and associated set of web services for uploading/downloading data. I need a basic (no frills) solution for account management (register, login, logout, verify credentials/token). What open source / third party solutions exist for this scenario? I need: create a new account db based on a salt simple web service to create a new account simple web service to authenticate supplied credentials and return some sort of token That's it, I can get by without 'fancy' email activation or password reset for the time being. Are there off-the-shelf components for this? Should I just use a 'blank' django or rails app to get this done? Seems crazy for everyone to be doing CREATE TABLE user_accounts ... Thoughts? Thank you.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 215 216 217 218 219 220 221 222 223 224 225 226  | Next Page >