Search Results

Search found 97980 results on 3920 pages for 'code security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 252/3920 | < Previous Page | 248 249 250 251 252 253 254 255 256 257 258 259  | Next Page >

  • The risk of granting to IUSR* NTFS permissions on a folder on the server

    - by vtortola
    I have two web applications that must share a file in the server file system. Both apps are inside of "Inetpub\wwwroot". The file cannot be accessed freely from outside, so it is in a folder out of "Inetpub". I have granted full NTFS permissions to the user "IUSR_whatever" (is the user that runs IIS in anonymous requests) in that folder. The folder has only that file, and has no other use. It works so far :) But, what is the risk? what should I be afraid of? As I see it, as long the folder is out of the "InetPub" cannot be accessed, and as long the apps don't have any security flaw like "path traversal" or server side code injection, it should be safe enough.... But I'm always keen to be wrong :) What do you think? May the file or even the server itself get compromised because of this? Thanks.

    Read the article

  • How long can a hash left out in the open be considered safe?

    - by Xeoncross
    If I were to leave a SHA2 family hash out on my website - how long would it be considered safe? How long would I have before I could be sure that someone would find a collision for it and know what was hashed? I know that the amount of time would be based on the computational power of the one seeking to break it. It would also depend on the string length, but I'm curious just how secure hashes are. Since many of us run web-servers we constantly have to be prepared for the day when someone might make it all the way to the database which stores the user hashes. So, move the server security out of the way and then what do you have? This is a slightly theoretical area for many of the people I have talked with, so I would love to actually have some more information about average expectations for cracking.

    Read the article

  • Eclipse > Javascript > Code highlighting not working with Object Notation

    - by Redsandro
    I am using Eclipse Helios with PDT, and when I am editing JavaScript files with the default JavaScript Editor (JSDT), code highlighting (Mark Occurrences) is not working for half of the code, for example JSON-style (or Object Literal if you will) declarations. Little example: Foo = {}; Foo.Bar = Foo.Bar || {}; Foo.Bar = { bar: function(str) { alert(str) }, baz: function(str) { this.bar(str); // This bar *is* highlighted though } }; Foo.Bar.baz('text'); No Bar, bar or baz is highlighted. For now, I humbly edit the JavaScript part of projects in Notepad++ because it just highlights every occurrence of whatever is currently selected. Is there a common practice for Eclipse JavaScript developers to get code highlighting work correctly, using the popular Object Literal notation? An option or update I missed? -update- I have found that code highlighting depends on the code being properly outlined. Altough commonly used, Object Literal outlining still seems rare in javascript editors. the Spket Javascript Editor does partial Object Literal outlining, and the Aptana Javascript Editor does full Object Literal outlining. But both loses other important functionality. A quest for the editor with the least loss of functionality is currently in progress in this question.

    Read the article

  • How to check whether your code environment on Windows or on Linux or other OS

    - by justjoe
    hi, right now, i code custom wordpress theme and testing it in xampp windows XP on apache server. But as long as i concern, there's no wp build-in function to identify the code environment. Is there's any PHP build-in function to identify such thing ? for the record, what i want to code need to read a directory. in my apache (in windows), the path will be c:/xampp/htdocs where apache on linux will be \somepath\somepath\ so, is there any code solution to know what is the OS environment without i have to compare the path ? i hope it will also work on other OS with other webserver then APACHE such as IIS

    Read the article

  • Rate my C# code (~300 SLOC) using GDI+/Backgroundworker

    - by sebastianlarsson
    Hi, I want to get some feedback on my code! Below is some background info. I am taking a pre-certification course in C# (Sweden, 15 ECTS). The focus of the course is theoretical and only limited practical work. I dont find the assignments very hard at all to tell you the truth, but since I only have very limited work experience as a developer (I have worked 15h/week at Ericsson since November) I think I would benefit from having the certificate (70-536 and more probably). I am currently reading Martin Fowler's "Refactoring: Improving the design of existing code" and I tried to apply his techniques to my latest lab in the course. I have been on the lookout for a website which have the idea of providing feedback on code, but so far I have yet to discover any. Please take a look on my code and tell me what you think. It is only roughly 300 lines of code divided into a couple of classes. GDI+, backgroundworker and user controls are what the lab is about. I reckon you may have to spend as little as a couple of minutes on looking on the solution. Link to solution: http://www.filefactory.com/file/b18h7d5/n/Lab4_Lab5_SebastianLarsson.zip Regards and thank you, Sebastian

    Read the article

  • Redundant code constructs

    - by Diomidis Spinellis
    The most egregiously redundant code construct I often see involves using the code sequence if (condition) return true; else return false; instead of simply writing return (condition); I've seen this beginner error in all sorts of languages: from Pascal and C to PHP and Java. What other such constructs would you flag in a code review?

    Read the article

  • Secure to store an ID in an ASP.NET control ID?

    - by Curtis White
    I'm auto-generating a form in my ASP.NET page. This is already tested and working. I want to know if: If there are any security problems with storing the database ID as part of my controls ID? I can see think of 2 issues: the id will be visible in page source (not really important in this case), and the possibility someone could change the name of the control somehow? This second possibility is more serious. Is this a potential problem and how to void it? If there would be a better preferred way to associate a unique data with any type of control? Is it possible to store a custom item in the viewstate for the control?

    Read the article

  • Secure xml messages being read from database into app.

    - by scope-creep
    I have an app that reads xml from a database using NHibernate Dal. The dal calls stored procedures to read and encapsulate the data from the schema into an xml message, wrap it up to a message and enqueue it on an internal queue for processing. I would to secure the channel from the database reads to the dequeue action. What would be the best way to do it. I was thinking of signing the xml using System.Security.Cryptography.Xml namespace, but is their any other techniques or approaches I need to know about? Any help would be appreciated. Bob.

    Read the article

  • Web Application - Authentication / Login Framework

    - by user456563
    This is a very simple, probably a most asked question and frequently developed as part of any web application. Say I'm planning to build a web application and some of the functional requirements include (apart from the usual hard hitting security reqs), - Need to have users sign up for a new account profile - Authenticate user using the native app authentication / Facebook or Google or Yahoo or OpenId login - Allow lost password retrieval - Session handling needs Is there an out of the box frameworks (Drupal, Liferay??) that I can use to wrap my application which can be a bunch of JSP's or HTML's with JS? I know I'm asking a very simple and maybe a naive question. But this is a topic every web developer guru will go thru. Any help, advise and pointers much appreciated.

    Read the article

  • Wordpress Admin Panel Code Input

    - by Wes
    I've got a wordpress admin panel for one of my themes and one of the boxes has an input for some code to drive google adsense. when I put the code into the box and call it with my php tags the code comes out like this: <script type="\&quot;text/javascript\&quot;"><!-- google_ad_client = \"pub-9295546347478163\"; /* Leaderboard 5/17/2010 */ google_ad_slot = \"7593465074\"; google_ad_width = 728; google_ad_height = 90; //--> </script> <script type="\&quot;text/javascript\&quot;" src="%5C%22http://pagead2.googlesyndication.com/pagead/show_ads.js%5C%22"> </script> Which I assume is a feature to stop SQL injections. How can I call pure code form a box? This is how I currently have that textbox setup. array( "name" => "Code for Top ad", "desc" => "Enter the HTML that will drive the banner ad for the page header", "id" => $shortname."_headerAd", "type" => "textarea"), and then echo it out with this: <?php echo get_option('lifestyle_headerAd'); ?>

    Read the article

  • Retrieve web user's Identity outside of request scope

    - by Kendrick
    I have an ASP.NET app that logs Audit reports using nHibernate's IPreUpdateListener. In order to set the current user in the Listener events, I was using System.Security.Principal.WindowsIdentity.GetCurrent(). This works fine when debugging on my machine, but when I move it to the staging server, I'm getting the ASP.NET process credentials, not the requesting user. In the ASP.NET page, I can use Request.LogonUserIdentity (which works fine since I'm using integrated authentication), but how do I reference this user directly without having to pass it directly to my event? I don't want to have to pass this info through the pipeline because it really doesn't belong in the intermediate events/calls.

    Read the article

  • PHP - How to determine if request is coming from a specific file.

    - by John
    I have fileA.php on SERVER_A and fileB.php on SERVER_B fileB.php makes a curl request to fileA.php for it's contents How can fileA.php determine that the request is coming specifically from fileB.php? -- I was thinking about sending the $_SERVER['SCRIPT_NAME'] in fileB.php to fileA.php but since someone can go into fileB.php or any file in general and just do $_SERVER['SCRIPT_NAME'] = 'fileB.php'; it's not really that secure. So how can I determine, for security reasons, that the request is coming from a specific file on a different server?

    Read the article

  • Adding code to the beginning / end of methods in runtime dynamically

    - by Irchi
    I know instrumentation is a technique to add trace code dynamically into the methods to enable tracing and debugging. I was wondering if this is only a "Trace" option, hard coded into the CLR to add only trace code, or is there the ability to add any code to the methods? For example, I want to check for a condition in the beginning of every single method call in a certain class (say for permissions). Can I do this via adding dynamic code to the beginning of the methods in execution time? I'm not sure how this trace "instrumentation" thing works, but I'm wondering if this can be used for other goals too, or not.

    Read the article

  • Easy way to convert c code to assembly?

    - by Bob
    Is there an easy way (like a free program) that can covert c/c++ code to x86 assembly? I know that any c compiler does something very similar and that I can just compile the c code and then disassemble the complied executable, but that's kind of an overkill, all I want is to convert a few lines of code. Does anyone know of some program that can do that?

    Read the article

  • Leaving SQL Management open on the internet

    - by Tim Fraud
    I am a developer, but every so often need access to our production database -- yeah, poor practice, but anyway... My boss doesn't want me directly on the box using RDP, and so we decided to just permit MS SQL Management Console access so that I can do my tasks. So right now we have the SQL box somewhat accessible on the internet (on port 1433 if I am not mistaken), which opens a security hole. But I am wondering, how much of an uncommon practice is this, and what defaults should I be concerned about? We use MSSQL2008 and I created an account that has Read-Only access, because my production tasks only need that. I didn't see any unusual default accounts with default passwords on the system, so I would be interested to hear your take. (And of-course, is there a better way?)

    Read the article

  • Established javascript solution for secure registration & authentication without SSL

    - by Tomas
    Is there any solution for secure user registration and authentication without SSL? With "secure" I mean safe from passive eavesdropping, not from man-in-the-middle (I'm aware that only SSL with signed certificate will reach this degree of security). The registration (password setup, i.e. exchanging of pre-shared keys) must be also secured without SSL (this will be the hardest part I guess). I prefer established and well tested solution. If possible, I don't want to reinvent the wheel and make up my own cryptographic protocols. Thanks in advance.

    Read the article

  • Securing Web Services approach valid?

    - by NBrowne
    Hi , Currently I am looking at securing our web services. At the moment we are not using WCF so this is not an option. One approach I have seen and implemented locally fairly easily was the approach described in article: http://www.codeproject.com/KB/aspnet/wsFormsAuthentication.aspx Which describes adding a HttpModule which prompts for user credentials if the user browses to any pages (web services) which are contained in a services folder. Does anyone see any way that this security could fall down and could be bypassed etc. I'm really just trying to decide whether this is a valid approach to take or not? thanks

    Read the article

  • Images with unknown content: Dangerous for a browser?

    - by chris_l
    Let's say I allow users to link to any images they like. The link would be checked for syntactical correctness, escaping etc., and then inserted in an <img src="..."/> tag. Are there any known security vulnerabilities, e.g. by someone linking to "evil.example.com/evil.jpg", and evil.jpg contains some code that will be executed due to a browser bug or something like that? (Let's ignore CSRF attacks - it must suffice that I will only allow URLs with typical image file suffixes.)

    Read the article

  • Methods to see result fo a code change faster

    - by Can't Tell
    This question came to me when developing using Eclipse. I use JBoss Application Server and use hot code replacement. But this option requires that the 'build automatically' option to be enabled. This makes Eclipse build the workspace automatically (periodically or when a file is saved?) and for a large code base this takes too much time and processing which makes the machine freeze for a while. Also sometimes an error message is shown saying that hot code replacement failed. The question that I have is: is there a better way to see the result of a code change? Currently I have the following two suggestions: Have unit tests - this will allow to run a single test and see the result of a code change. ( But for a JavaEE application that uses EJBs is it easy to setup unit tests?) Use OSGi - which allows to add jars to the running system without bringing down the JVM. Any ideas on above suggestions or any other suggestion or a framework that allows to do this is welcome.

    Read the article

  • WCF: What happens if a channel is established but no method is called?

    - by mafutrct
    In my specific case: A WCF connection is established, but the only method with "IsInitiating=true" (the login method) is never called. What happens? In case the connection is closed due to inactivity after some time: Which setting configures this timeout? Is there still a way for a client to keep the connection alive? Reason for this question: I'm considering the above case as a possible security hole. Imagine many clients connecting to a server without logging in thus preventing other clients from connecting due to bandwidth problems or port shortage or lack of processing power or ... Am I dreaming, or is this an actual issue?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 248 249 250 251 252 253 254 255 256 257 258 259  | Next Page >