Search Results

Search found 25503 results on 1021 pages for 'browser security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 273/1021 | < Previous Page | 269 270 271 272 273 274 275 276 277 278 279 280  | Next Page >

  • System("pause"); - Why is it wrong?

    - by Faken
    Here's a question that I don't quite understand: The command, System("pause"); is taught to new programmers as a way to pause a program and wait for a keyboard input to continue. However, it seems to be frowned on by many veteran programmers as something that should not be done in varying degrees. Some people say it is fine to use. Some say it is only to be used when you are locked in your room and no one is watching. Some say that they will personally come to your house and kill you if you use it. I, myself am a new programmer with no formal programming training. I use it because I was taught to use it. What I don't understand is that if it is not something to be used, then why was I taught to use it? Or, on the flip side, is it really not that bad after all? What are your thoughts on this subject?

    Read the article

  • HTTPS-Compliant Sharepoint Web Parts

    - by bporter
    We are planning to create a new sub-site within our company's intranet site. The intranet is built on SharePoint 2007. My question is this: Suppose I want to add a 3rd-party weather web part to the home page of my new intranet site. Since the new site uses HTTPS, do I need to make sure to find an HTTPS-compliant web part? If I use a standard web part, will users get a "This page contains both secure and non-secure items" error message when they load the page? Thanks in advance!

    Read the article

  • aspnet_regsql questions and users and role

    - by Alexander
    I spend quite some hours banging my head against the wall trying to set up the aspnet membership / roles tables in my SQL server database instead of having them exist inside the App_Code/ASPNETDB.MDF file because that file wasn't working correctly on my host. I eventually figured out the problem by following Scott's gu here and was able to resolve it by running the aspnet_regsql.exe utility and creating a connection string for LocalSqlServer. The ridiculous part about it is that after running the aspnet_regsql and upload my database to my webhost all of my users and role that I have already created is gone. The user, membership, role, etc is gone. I can't populate this using the Web Site Administration Tool as it's not visual studio now. So what is the easiest way to populate the user, role, etc to my SQL Server as I now have dbo.aspnet_Application, dbo.aspnet_Paths, dbo.aspnet_Roles, etc...etc...

    Read the article

  • How to prevent a specific directory from running Php, Html, and Javascript languages?

    - by Emily
    Hi, Let's say i have an image uploader script, i want to prevent the upload directory from executing Php or even html by only showing it as plain text, i've seen this trick in many websites but i don't know how they do it. Briefly, if i upload evil.php to that directory, and i try to access it i will only see a plain text source , No html or php is executed. ( but i still want the images to appear normally ofcourse) I know i can do like that by header("content-type:text/plain"); but that's will not be helpful, because what i want, is to set the content-type:text/plain automatically by the server for every thing outputed from the upload directory except images. Note: i'm running php 5.3.2/Cent OS and the latest cPanel. Thanks

    Read the article

  • Single Sign On with 3 applications

    - by John H.
    I'm building three web applications in .NET that will all share a users database and login information. Lets pretend that application 1 is the "parent" application and applications "A" and "B" are the "child" applications. All users have to be logged into application 1 to have access to applications A and B. Authorization, Authentication, and MachineKey sections of all web configs are present and work correctly. I have the correct web.config settings in all applications to achieve Single Sign On except one problem remains: what do I put in the "loginUrl" attribute of the forms tag in Applications A and B. Assume that the url for the login to application 1 is "www.johnsapp.com/login.aspx" How can I get applications A and B to send the user back to application 1 for authentication using only settings in web.config?

    Read the article

  • Persisting sensitve data in asp.net, odd implementation

    - by rawsonstreet
    For reasons not in scope of this question I have implemented a .net project in an iframe which runs from a classic asp page. The classic asp site persisted a few sensitive values by hitting the db on each page. I have passed there variables as xml to the aspx page, now I need to make these values available on any page of this .net site. I've looked into the cache object but we are on a web farm so I am not sure it would work. Is there a way I can can instantiate an object in a base page class and have other pages inherit from the base page to access these values? What is the best way to persist these values? A few more points to consider the site runs in https mode and I cannot use session variables, and I would like to avoid cookies if possible..

    Read the article

  • Authenticate User manually

    - by Sergey
    I am trying to authenticate the user after I got credentials using oAuth (with Twitter if that makes a difference). As far as I could understand it, I can directly put the Authentication object into SecurityContextHolder. Here is how I do it: Authentication auth = new TwitterOAuthAuthentication(member, userDetailsService.loadUserByUsername(member.getUsername()).getAuthorities()); SecurityContextHolder.getContext().setAuthentication(auth); This for some reason does absolutely nothing. What am I missing and what should I do to accomplish what need?

    Read the article

  • How to play music on site preventing direct file download

    - by Hugo Palma
    I'm starting a blog with a hosted wordpress instance and i would like to be able to stream music using a flash player on some posts. The problem is that every player i find uses a simple param to get the file url which makes it very easy for someone to find that url and just download the file. A server side solution can be implemented as i have full access to the server.

    Read the article

  • Securing input of private / protected methods?

    - by ts
    Hello, normally, all sane developers are trying to secure input of all public methods (casting to proper types, validating, sanitizing etc.) My question is: are you in your code validating also parameters passed to protected / private methods? In my opinion it is not necessary, if you securize properly parameters of public methods and return values from outside (other classes, db, user input etc...). But I am constantly facing frameworks and apps (ie. prestashop to name one) where validation is often repeated in method call, in method body and once again for securize returned value - which, I think, is creating performace overhead and is also a sign of bad design.

    Read the article

  • Cross-Application User Authentication

    - by Chris Lieb
    We have a webapp written in .NET that uses NTLM for SSO. We are writing a new webapp in Java that will tightly integrate with the original application. Unfortunately, Java has no support for performing the server portion of NTLM authentication and the only library that I can find requires too much setup to be allowed by IT. To work around this, I came up with a remote authentication scheme to work across applications and would like your opinions on it. It does not need to be extremely secure, but at the same time not easily be broken. User is authenticated into .NET application using NTLM User clicks link that leaves .NET application .NET application generates random number and stores it in the user table along with the user's full username (domain\username) Insecure token is formed as random number:username Insecure token is run through secure cipher (likely AES-256) using pre-shared key stored within the application to produce a secure token The secure token is passed as part of the query string to the Java application The Java application decrypts the secure key using the same pre-shared key stored within its own code to get the insecure token The random number and username are split apart The username is used to retrieve the user's information from the user table and the stored random number is checked against the one pulled from the insecure token If the numbers match, the username is put into the session for the user and they are now authenticated If the numbers do not match, the user is redirected to the .NET application's home page The random number is removed from the database

    Read the article

  • How to Check Authenticity of an AJAX Request

    - by Alex Reisner
    I am designing a web site in which users solve puzzles as quickly as they can. JavaScript is used to time each puzzle, and the number of milliseconds is sent to the server via AJAX when the puzzle is completed. How can I ensure that the time received by the server was not forged by the user? I don't think a session-based authenticity token (the kind used for forms in Rails) is sufficient because I need to authenticate the source of a value, not just the legitimacy of the request. Is there a way to cryptographically sign the request? I can't think of anything that couldn't be duplicated by a hacker. Is any JavaScript, by its exposed, client-side nature, subject to tampering? Am I going to have to use something that gets compiled, like Flash? (Yikes.) Or is there some way to hide a secret key? Or something else I haven't thought of? Update: To clarify, I don't want to penalize people with slow network connections (and network speed should be considered inconsistent), so the timing needs to be 100% client-side (the timer starts only when we know the user can see the puzzle). Also, there is money involved so no amount of "trusting the user" is acceptable.

    Read the article

  • An old flaw in X Window System. How does it work?

    - by Legend
    I was going through an article today when it mentioned the following: "We've found many errors over the years. One of the absolute best was the following in the X Window System: if(getuid() != 0 && geteuid == 0) { ErrorF("Only root"); exit(1); } It allowed any local user to get root access. (The tautological check geteuid == 0 was intended to be geteuid() == 0. In its current form, it compress the address of geteuid to 0; given that the function exists, its address is never 0)." The article explained what was wrong with the code but I would like to know what it means to say that "It allowed any local user to get root access". I am not an expert in C but can someone give me an exact context in which this exploit would work? Specifically, what I mean is, lets say I am the local user, how would I get root access if we assume this code to be present somewhere?

    Read the article

  • How to ensure the HTTP_REQUEST Is coming from the right place?

    - by seatoskyhk
    I learn that HTTP_REFERER or any HTTP request header can be fake and not reliable. REMOTE_ADDR is reliable though. so, how can I ensure the incoming HTTP_REQUEST call is coming from a website that I white-list? For example, I have a js code that will send from client site to server. (something like a sniper, cross platform). however, I only allow this happen from several websites. Not others. so, even other people copy the code and put onto their website, it won't work.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 269 270 271 272 273 274 275 276 277 278 279 280  | Next Page >