Search Results

Search found 25503 results on 1021 pages for 'browser security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 272/1021 | < Previous Page | 268 269 270 271 272 273 274 275 276 277 278 279  | Next Page >

  • Bruteforcing Blackberry PersistentStore?

    - by Haoest
    Hello, I am experimenting with Blackberry's Persistent Store, but I have gotten nowhere so far, which is good, I guess. So I have written a a short program that attempts iterator through 0 to a specific upper bound to search for persisted objects. Blackberry seems to intentionally slow the loop. Check this out: String result = "result: \n"; int ub = 3000; Date start = Calendar.getInstance().getTime(); for(int i=0; i<ub; i++){ PersistentObject o = PersistentStore.getPersistentObject(i); if (o.getContents() != null){ result += (String) o.getContents() + "\n"; } } result += "end result\n"; result += "from 0 to " + ub + " took " + (Calendar.getInstance().getTime().getTime() - start.getTime()) / 1000 + " seconds"; From 0 to 3000 took 20 seconds. Is this enough to conclude that brute-forcing is not a practical method to breach the Blackberry? In general, how secure is BB Persistent Store?

    Read the article

  • SQL Server db_owner

    - by andrew007
    Hi, in my SQL2008 I have a user which is in the "db_datareader", "db_datawriter" and "db_ddladmin" DB roles, however when he tries to modify a table with SSMS he receives a message saying: You are not logged in as the database owner or system administrator. You might not be able to save changes to tables that you do not own. Of course, I would like to avoid such message, but until now I did find the way... Therefore, I try to modify the user by adding him to the "db_owner" role, and of course I do not have the message above. My question is: Is it possible to keep the user in the "db_owner" role, but deny some actions like alter user or ? I try "alter any user" securable on DB level, but it does not work... THANKS!

    Read the article

  • Read/Write versus Create/Read/Update/Delete permissions difference

    - by archmeta
    From a practical standpoint, is there any real-world difference between Read/Write permissions and Create/Read/Update/Delete permissions? It would seem that if a user had the ability to 'create', he should always have the ability to 'update' or 'delete'? If this is correct, then read/write should always be sufficient, and there is no need to store separate Create/Read/Update/Delete permissions? Are there any real-world use cases in which a user should be given permissions to create but not update, or update but not delete, etc...?

    Read the article

  • Safari - showing expired .NET Page

    - by Hidayath
    We have a strange problem in Safari. When the user logs out of our Web Application we expire the forms authentication with the following FormsAuthentication.SignOut(); Session.Abandon(); This works fine in IE and Firefox (when the user hits the back button they are presented with a page expired message and are forced to login) but in Safari the last page the user was working on shows up. I tried many of the suggested thinks like setting the Response.Expires but nothing helps , Has anyone faced this problem ? Do u have any suggestion / workarounds ? Thanks

    Read the article

  • Getting 403 error when using CSRF filter with tomcat 6.0.32

    - by sps
    This is my filer config in web.xml <filter> <filter-name>CSRFPreventionFilter</filter-name> <filter-class>org.apache.catalina.filters.CsrfPreventionFilter</filter-class> <init-param> <param-name>entryPoints</param-name> <param-value>/login<param-value> </init-param> </filter> <filter-mapping> <filter-name>CSRFPreventionFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> Am I missing something? Are any code-changes necessary to enable csrf protection in tomcat

    Read the article

  • PHP 2-way encryption: I need to store passwords that can be retrieved

    - by gAMBOOKa
    I am creating an application that will store passwords, which the user can retrieve and see. The passwords are for a hardware device, so checking against hashes are out of the question. What I need to know is: How do I encrypt and decrypt a password in PHP? What is the safest algorithm to encrypt the passwords with? Where do I store the private key? Instead of storing the private key, is it a good idea to require users to enter the private key any time they need a password decrypted? (Users of this application can be trusted) In what ways can the password be stolen and decrypted? What do I need to be aware of?

    Read the article

  • How can we store password other than plain text?

    - by Eric
    I've found numerous posts on stackoverflow on how to store user passwords. However, I need to know what is the best way to store a password that my application needs to communicate with another application via the web? Currently, our web app needs to transmit data to a remote website. To upload the data, our web app reads the password from a text file and creates the header with payloads and submits via https. This password in plain text on the file system is the issue. Is there any way to store the password more securely? Thanks!

    Read the article

  • Detecting suspicious behaviour in a web application - what to look for?

    - by Sosh
    I would like to ask the proactive (or paranoid;) among us: What are you looking for, and how? I'm thinking mainly about things that can be watched for programaticaly, rather than manually inspecting logs. For example: - Manual/automated hack attempts - Data skimming - Bot registrations (that have evaded captcha etc.) - Other unwanted behaviour Just wondering what most people would consider practical and effective..

    Read the article

  • Chunks of javascript added to webpages on server

    - by SteD
    I've found out that my web pages (mainly index.php, main.html, include.inc) have been injected with a chunk of javascript codes at the very bottom after my original code. <script>try {this.l="";var d=window[unescape("%75%6e%65%73%63%61%70%65")];var M;if(M!='' && M!='a'){M='bt'};var A="";var Mc=new String();var e=null;this.k="";var t;if(t!='' && t!='iX'){t=''};var K=window[d("%52%65%67%45%78%70")];var p=d("%72%65%70%6c%61%63%65");function C(H,Z){var N=d("%5b" Is it possible for SQL injections to add the chunk of js code to the webpages(like 50 of them are infected)? Or is it a virus on the server itself? I am using Drupal + Ubercart with quite minimal forms inputs.

    Read the article

  • Claims-based Authentication: Are strings the essence of claims?

    - by Rising Star
    I've been programming with claims-based authentication for some time now with Windows Identity Foundation. It appears to me that in Windows Identity Foundation, once a user is logged in, the claims are basically strings of information that describe the user. With the old role-based authentication, I could say that a user is or is not a member of a given group, but with claims-based authentication, I can now have strings of information that describe a user. "This user is female". This user was born on "July 6, 1975". "This user logged in using a USB key". Is it the essence of claims-based authentication,that I have strings of information about the user given to the application by the framework?

    Read the article

  • MVC Serve audio files while preventing direct linking using HttpResponseBase

    - by VinceGeek
    I need to be able to serve audio files to an mvc app while preventing direct access. Ideally the page would render with a player control so the user can start/stop the audio linked to the database record (audio files are in a folder not the db). I have a controller action like this: Response.Clear(); Response.ContentType = "audio/wav"; Response.TransmitFile(audioFilename); Response.End(); return Response; and the view uses the RenderAction method <% Html.RenderAction("ServeAudioFile"); %> this works but it won't display inline on the existing view, it opens a new page with just the media control. Am I totally barking up the wrong tree or is there a way to embed the response in the existing view? works exactly as I would like but I can't control access to the file.

    Read the article

  • FileSystemWatcher surpassing Active Directory restrictions

    - by DevexPP
    While experimenting with FileSystemWatcher, I've found out that it somehow surpasses Active Directory's restrictions to files and folders, and will raise change events with information about what has changed in files and folders that you don't even have access to. I have two questions about that: 1) Why does this happen ? 2) Is this a problem in the AD configuration ? how do I fix it ? 3) Is there any way to gather these files, or even create a FileSystemInfo of them to get more info about the files (not only the changes made on them) ? As far as I've tried, only the FileSystemWatcher immune to the restrictions, I can't run any other thing over it, here's a list of what I've tried: File.Exists Directory.Exists FileInfo instance on found files DirectoryInfo instance on found files File.Copy File.Delete

    Read the article

  • Is this safe on a production server?

    - by Camran
    I have a database application (or search engine) which is called Solr. I connect to it via port 8983. I do this from php code, so I add and remove records from it via php. On my server I have a firewall. I have set this firewall to only allow connections to and from this port (8983) from the ip adress of my own server. In other words, only allow servers IP to access this port. Is that safe? Or am I thinking all wrong here? Will others be able to "simulate" my ip adress and act as the server? This is because otherwise others may add/remove records as they want from their own ip adresses... Thanks

    Read the article

  • Cookieless Django for government site

    - by phoebebright
    As I'm writing a django site from government bodies I'm not going to be able to use cookies. I found this snippet http://djangosnippets.org/snippets/1540/ but it's currently not allowing users to login. Before I start debugging I wondered if anyone else has solved this problem with this snippet or in any other way?

    Read the article

  • Session Fixation in ASP.NET

    - by AJM
    I'm wondering how to prevent Session fixation in ASP.NET My approach would to this would normally be to generate and issue a new session id whenever someone logs in. But is this level of control possible in ASP.NET land?

    Read the article

  • String encryption only with numbers?

    - by HH
    Suppose your bank clerk gives you an arbitrary password such as hel34/hjal0@# and you cannot remember it without writing it to a paper. Dilemma: you never write passwords to paper. So you try to invent an encryption, one-to-one map, where you write only a key to a paper, only numbers, and leave the rest junk to your server. Of course, the password can consist of arbitrary things. Implemention should work like hel34/hjal0#@ ---- magic ----> 3442 and to other way: 3442 ---- server magic ---> hel34/hjal0#@ [Update] mvds has the correct idea, to change the base, how would you implement it?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 268 269 270 271 272 273 274 275 276 277 278 279  | Next Page >