Search Results

Search found 15441 results on 618 pages for 'ssl security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 239/618 | < Previous Page | 235 236 237 238 239 240 241 242 243 244 245 246  | Next Page >

  • How can I cut down on this spam, and what is the point of it anyway?

    - by Steven
    I run a small, niche personal ads site. People post ads and then other people reply to them, which sends an email to the original creator of the ad telling them that someone is interested and giving them contact information for that interested person. Lately there's been some weird spam. People are receiving nonsense replies to their ads. Here is an example of one: Name: xkauwvyr Reply: vRYmbI <a href="http://rypmoxdkfblf.com/">rypmoxdkfblf</a>, url=http://pnjlwvhizwbq.com/]pnjlwvhizwbq[/url], [link=http://hmenwoujxrfv.com/]hmenwoujxrfv[/link], http://ogsekuhoyeud.com/ They vary in length and composition but they all look roughly like that. The first idea I had was to simply throw out any reply that contained the string " Also, is this spam just some ass playing a trick on my website, or is it something more malicious?

    Read the article

  • Is it possible to password protect an SQL server database even from administrators of the server ?

    - by imanabidi
    I want to install an application (ASP.Net + SQL server 2005 express) in local network of some small company for demo but I also want nobody even sysadmin see anything direct from the database and any permission wants a secure pass . I need to spend more time on this article Database Encryption in SQL Server 2008 Enterprise Edition that i found from this answer is-it-possible-to-password-protect-an-sql-server-database but 1.I like to be sure and more clear on this because the other answer in this page says : Yes. you can protect it from everyone except the administrators of the server. 2.if this is possible, the db have to be enterprise edition ? 3.is there any other possible solutions and workaround for this? thanks in advance

    Read the article

  • Authentication Sceme for RESTful API used by desktop app.

    - by user346087
    I'm providing a RESTful API. This API is used by a third party desktop application. The API is currently secured using Basic Authentication. That isn't very secure because the credentials have to be stored in the client application. The communication between the desktop and API can also easily be intercepter. The desktop application also communicates with a third party server (run by the publisher of the desktop application) I am unable to figure out how the secure the API in a good way. Ideas?

    Read the article

  • Securing database keys for client-side processing

    - by danp
    I have a tree of information which is sent to the client in a JSON object. In that object, I don't want to have raw IDs which are coming from the database. I thought of making a hash of the id and a field in the object (title, for example) or a salt, but I'm worried that this might have a serious effect on processing overhead. SELECT * FROM `things` where md5(concat(id,'some salt')) = md5('1some salt'); Is there a standard practice for obscuring IDs in this kind of situation?

    Read the article

  • refresh a <ui:composition when j_security_check connection interrupted (http 408)

    - by José Osuna Barrios
    I have a "j_security_check connection interrupted (http code 408)" and proposed solution is <meta http-equiv="refresh" content="#{session.maxInactiveInterval}"/> by http://stackoverflow.com/a/2141274/1852036 but my page structure is a composition using a template.xhtml and a view.xhtml like a <ui:composition: my template.xhtml: <html ... <f:view ... <h:body ... <ui:insert name="content"> ... my view.xhtml to refresh when session.maxInactiveInterval <ui:composition ... <ui:define name="content"> ... may anyone help me to do this? I want to refresh this <ui:composition view, I can't use <meta http-equiv="refresh" content="#{session.maxInactiveInterval}"/> on template.xhtml because it's used by several views

    Read the article

  • Url rewriting : prevent to display xml

    - by Frank
    Edit : I've got an aspx file (default.aspx) that loads a flash file (index.swf), but this swf needs a xml file (foo.xml) to load correctly. However, I would like to block any request aiming directly at the xml file. Is it possible, using a rewritting engine (isapi_rewrite for example) to detect if the xml file is being 'hotlinked' or being loaded by the 'index.swf'(inside default.aspx)? Any ideas? Thank you.

    Read the article

  • How can I add one line into all php files' beginning?

    - by Tom
    So, ok. I have many php files and one index.php file. All files can't work without index.php file, because I include them in index.php. For example. if somebody click Contact us the URL will become smth like index.php?id=contact and I use $_GET['id'] to include contacts.php file. But, if somebody find the file's path, for example /system/files/contacts.php I don't want that that file would be executed. So, I figured out that I can add before including any files in index.php line like this $check_hacker = 1 and use if in every files beginning like this if($check_hacker <> 1) die();. So, how can I do it without opening all files and adding this line to each of them? Is it possible? Because I actually have many .php files. And maybe there is other way to do disable watching separate file? Any ideas? Thank you.

    Read the article

  • Is this a secure way to structure a mysql_query in PHP

    - by Supernovah
    I have tried and tried to achieve an SQL injection by making custom queries to the server outside of firefox. Inside the php, all variables are passed into the query in a string like this. Note, by this stage, $_POST has not been touched. mysql_query('INSERT INTO users (password, username) VALUES(' . sha1($_POST['password']) . ',' . $_POST['username'] . ')); Is that a secure way to make a change?

    Read the article

  • Should I convert overly-long UTF-8 strings to their shortest normal form?

    - by Grant McLean
    I've just been reworking my Encoding::FixLatin Perl module to handle overly-long UTF-8 byte sequences and convert them to the shortest normal form. My question is quite simply "is this a bad idea"? A number of sources (including this RFC) suggest that any over-long UTF-8 should be treated as an error and rejected. They caution against "naive implementations" and leave me with the impression that these things are inherently unsafe. Since the whole purpose of my module is to clean up messy data files with mixed encodings and convert them to nice clean utf8, this seems like just one more thing I can clean up so the application layer doesn't have to deal with it. My code does not concern itself with any semantic meaning the resulting characters might have, it simply converts them into a normalised form. Am I missing something. Is there a hidden danger I haven't considered?

    Read the article

  • password limitations in SQL Server and MySql

    - by asteroid
    Does MySql 5.1 and SQL Server 2008 (Web edition, Standard) have any functional password limitations other than length limits? Are metacharacters in any form a bad idea to use, like bang, pipe, hash, any slash, carrot, and so on? I know that MySql 5.1 has a password length limitation of 16 characters that is hardcoded, but I was wondering, are any metacharacters (i.e. non alphanumerics) a bad idea to use? And is this true in SQL Server 2008 Web edition, Standard? So specifically: can symbols like: /`~:}{[]^ be used successfully? I would hope it doesn't matter to the database, but I don't understand enough about password storage in enterprise database systems yet to know for sure, and I was looking for confirmation or an explanation.

    Read the article

  • Using directory traversal attack to execute commands

    - by gAMBOOKa
    Is there a way to execute commands using directory traversal attacks? For instance, I access a server's etc/passwd file like this http://server.com/..%01/..%01/..%01//etc/passwd Is there a way to run a command instead? Like... http://server.com/..%01/..%01/..%01//ls ..... and get an output? EDIT: To be clear here, I've found the vuln in our company's server. I'm looking to raise the risk level (or bonus points for me) by proving that it may give an attacker complete access to the system

    Read the article

  • Rewriting Live TCP/IP (Layer 4) Streams

    - by user213060
    I want to rewrite TCP/IP streams. Ettercap's etterfilter command lets you perform simple live replacements of TCP/IP data based on fixed strings or regexes. Example: if (ip.proto == TCP && tcp.dst == 80) { if (search(DATA.data, "gzip")) { replace("gzip", " "); msg("whited out gzip\n"); } } if (ip.proto == TCP && tcp.dst == 80) { if (search(DATA.data, "deflate")) { replace("deflate", " "); msg("whited out deflate\n"); } } http://ettercap.sourceforge.net/forum/viewtopic.php?t=2833 I would like to rewrite streams based on my own filter program instead of just simple string replacements. Anyone have an idea of how to do this? Is there anything other than Ettercap that can do live replacement like this, maybe as a plugin to a VPN software or something? The rewriting should occur at the transport layer (Layer 4) as it does in this example, instead of a lower layer packet-based approach. Thanks!

    Read the article

  • Permission based access control

    - by jellysaini
    I am trying to implement permission based access control in ASP.NET. To implement this I have created some database tables that hold all the information about which roles are assigned what permissions and which roles are assigned to what user. I am checking the permissions in the business access layer. Right now I have created a method which checks the permissions of the user. If the user has permissions then okay otherwise it redirects to another page. I want to know if the following things are possible? class User { [PremissionCheck(UserID,ObjectName,OperationName)] public DataTable GetUser() { //coding for user } } I have seen it in MVC3. Can I Create it in ASP.NET? If yes then how can I implement it?

    Read the article

  • Execute a batch script from Firefox

    - by danilo
    I have written an intranet application from which you can directly connect to a virtual machine by clicking on a RDP-button. The click calls a .bat file, which opens the connection. With IE, this is no problem, as you can choose to directly execute the batch file. But with Firefox, I can only download the script, and have to start it manually afterwards. Is there a way to trust the intranet domain (about:config?) so Firefox allows it to execute scripts directly? Or is there an even better (easier) way to start an RDP connection from Firefox?

    Read the article

  • How can I gain root access on a Mac OS X system without wiping the OS?

    - by Richard T
    My father died recently and I've inherited his Mac. I'd love to put it to use in my own life, but I don't want to wipe its brains out just so I can reconfigure it to use in my network, etc. His old files are historically important to me—I trust you can understand my desire to keep them. I can log in as I had an account on the machine before he passed, but that's about it.

    Read the article

  • Validate authenticity of website owner

    - by Cyber Junkie
    Hello all! I'm planning to develop a web app where users will list their site/blog. When people submit their sites, how can I confirm that they are the owners of it? So for instance there is a user Mark who wants to submit someone else's website without their approval. I want to restrict Mark from doing so unless he is the actual owner. My idea was to do a comparison between the user's email domain and the website domain she/he wants to submit. If they match allow the user to submit the website. However most people don't register with their website domain address.. or perhaps I'll implement a Facebook connect in the future. What other methods would you suggest?

    Read the article

  • What Java tools/apis to use for decrypting/encrypting

    - by Java_bear
    I am trying to decrypt (and later encrypt) an email message (ebXML). The message contains a Signature element that contains child elements to specify the SignedInfo, SignatureValue and KeyInfo. Also, the message contains an encrypted attachment. Question: What Java tools/apis should be used for decrypting? I would like to find some tool/api that would (automagically) instantiate objects based on whatever is included with the Signature element, so that the data (message) could be easily validated. And the other way around: Creating objects (specifying methods, signature value and keyinfo) and then outputting the xml to go into the message.

    Read the article

  • Are sessions modifiable by the client/user?

    - by Sev
    In my PHP Web-App I use sessions to store the user's data. For exmaple, if a user logs in, then an instance of the User class is generated and stored in a Session. I have access levels associated with each user to determine their privileges. Store the user in a session by: $_SESSION['currentUser'] = new User($_POST['username']); For example: if($_SESSION['currentUser'] -> getAccessLevel() == 1) { //allow administration functions } where getAccessLevel() is simply a get method in the User class that returns the _accesslevel member variable. Is this secure? Or can the client somehow modify their access level through session manipulation of some sort?

    Read the article

  • php web based portal authentication through IP.

    - by user434885
    i have a web portal running which involves basic data entry. The issue being that this is highly sensitive data. And the credibility of the data entry personel is very low. Therefore i have implemented recording of IP when an entry is made. The Problem i am facing is if this if this person starts forwarding his IP from a proxy server then i am unable to track authenticity of the data. How do i detect if the IP forwarding is happening/ get the real ip address of the person.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 235 236 237 238 239 240 241 242 243 244 245 246  | Next Page >