Search Results

Search found 97980 results on 3920 pages for 'code security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 294/3920 | < Previous Page | 290 291 292 293 294 295 296 297 298 299 300 301  | Next Page >

  • What's the best value for money c# code protection for a single developer

    - by Cliff Cawley
    What's the best value for money c# code protection? Some just use obfuscation, others add win32 wrapping, some cost a fortune. So far I've come up with http://www.eziriz.com/ who's Intellilock looks promising. Any other suggestions? Any reasons why this is not a good idea? I know its impossible to completely protect but I'd prefer the ability to protect my code so that it would require a lot of effort in order to recover it. I do hope to sell my products eventually, while also releasing some for free.

    Read the article

  • Pattern for verifying authenticity of a request to WCF service

    - by fung
    I have a client app that makes calls to a WCF service. This app is on a public computer that's easily accessible and anyone can easily copy the .EXE and .CONFIG of my app into another machine and start using it. Is there a pattern where I can check if the request is coming only from an app on a computer I installed it on and not on one it has been copied to? Thanks in advance.

    Read the article

  • Does each authenticated WCF client connection need a CAL?

    - by Sentax
    Just like the title says. Does each authenticated WCF client connection to a WCF server that you have developed need a windows CAL? http://www.microsoft.com/windowsserver2008/en/us/client-licensing.aspx Microsoft's licensing on that page sure makes it sound like it, but I can't find anything out there that confirms, or even denies this. Anyone know?

    Read the article

  • [Architecture] Roles for white-label service access.

    - by saurabhj
    Okay, I know I'm doing something wrong - but can't figure out a better way. I am developing a website which is going to allow users to setup their own mini-websites. Something like Ning. Also, I have only 1 basic login and access to each mini website is provided (right now) via roles. So the way I am doing this right now is: Everytime a new mini website is created - say blah, I create 2 roles in my application. blah_users and blah_admin The user creating the mini website is given the role - blah_admin and every other user wanting to join this mini website (or network) is given the role - blah_user. Anyone can view data from any website. However to add data, one must be a member of that mini site (must have the blah_user role assigned) The problem that I am facing is that by doing a role based system, I'm having to do loads of stuff manually. Asp.Net 2 controls which work on the User.IsAunthenticated property are basically useless to me now because along with the IsAuthenticated property, I must also check if the user has the proper role. I'm guessing there is a better way to architect the system but I am not sure how. Any ideas? This website is being developed in ASP.Net 2 on IIS 6. Thanks a tonne!

    Read the article

  • SQL code to insert multiple rows in ms-access table

    - by Thierry
    I'm trying to speed up my code and the bottleneck seems to be the individual insert statements to a Jet MDB from outside Access via ODBC. I need to insert 100 rows at a time and have to repeat that many times. It is possible to insert multiple rows in a table with SQL code? Here is some stuff that I tried but neither of them worked. Any suggestions? INSERT INTO tblSimulation (p, cfYear, cfLocation, Delta, Design, SigmaLoc, Sigma, SampleSize, Intercept) VALUES (0, 2, 8.3, 0, 1, 0.5, 0.2, 220, 3.4), (0, 2.4, 7.8, 0, 1, 0.5, 0.2, 220, 3.4), (0, 2.3, 5.9, 0, 1, 0.5, 0.2, 220, 3.4) INSERT INTO tblSimulation (p, cfYear, cfLocation, Delta, Design, SigmaLoc, Sigma, SampleSize, Intercept) VALUES (0, 2, 8.3, 0, 1, 0.5, 0.2, 220, 3.4) UNION (0, 2.4, 7.8, 0, 1, 0.5, 0.2, 220, 3.4) UNION (0, 2.3, 5.9, 0, 1, 0.5, 0.2, 220, 3.4)

    Read the article

  • "Authorize" attribute and 403 error page

    - by zerkms
    [Authorize] property is nice and handy MS invention, and I hope it can solve the issues I have now To be more specific: When current client isn't authenticated - [Authorize] redirects from secured action to logon page and after logon was successfull - brings user back, this is good. But when current cilent already authenticated but not authorized to run specific action - all I need is to just display my general 403 page. Is it possible without moving authorization logic within controller's body? UPD: The behavior I need in should be semantically equals to this sketch: public ActionResult DoWork() { if (!NotAuthorized()) { return RedirectToAction("403"); } return View(); } so - there should no any redirect and url should be stay the same, but contents of the page should be replaced with 403-page

    Read the article

  • How to implement SAML SSO

    - by A_M
    How is SAML SSO typically implemented? I've read this about using SAML with Google Apps, and the wikipedia entry on SAML. The wikipedia entry talks about responding with forms containing details of the SAMLRequest and SAMLResponse. Does this mean that the user has to physically submit the form in order to proceed with the single sign on? The google entry talks about using redirects, which seems more seemless to me. However, it also talks about using a form for the response which the user must submit (although it does talk about using JavaScript to automatically submit the form). Is this the standard way of doing this? Using redirects and JavaScript for form submission? Does anyone know of any other good resources about how to go about implementing SSO between a Windows Domain and a J2EE web application. The web application is on a separate network/domain. My client wants to use CA Siteminder (with SAML).

    Read the article

  • TFS and SVN code Merge

    - by Mohanavel
    We are a small team of 8. 3 are from other country and they are using the Source controller as TFS and TFS server is also located there and they have only 4 licence. So we (5 developers) are using SVN source controller as local source controller and for every 3 days we are taking the TFS latest and merging the changes from and to SVN & TFS. Really this is overkilling and hour consuming task. They don't want to change the TFS ( Not event add ins ). So what i can use to merge the code between two source controllers. Is it i can use SVN-Bridge to Merge the code without changing or modifying the TFS Server. Please guide me on this. (Worst case they might go for add ins, for sure no other source controllers than Microsoft Product) hhhmmmmmm, i'm sitting in front of monitor and hitting the F5 on this page, Please save my hours.

    Read the article

  • HTTP requests and Apache modules: Creative attack vectors

    - by pinkgothic
    Slightly unorthodox question here: I'm currently trying to break an Apache with a handful of custom modules. What spawned the testing is that Apache internally forwards requests that it considers too large (e.g. 1 MB trash) to modules hooked in appropriately, forcing them to deal with the garbage data - and lack of handling in the custom modules caused Apache in its entirety to go up in flames. Ouch, ouch, ouch. That particular issue was fortunately fixed, but the question's arisen whether or not there may be other similar vulnerabilities. Right now I have a tool at my disposal that lets me send a raw HTTP request to the server (or rather, raw data through an established TCP connection that could be interpreted as an HTTP request if it followed the form of one, e.g. "GET ...") and I'm trying to come up with other ideas. (TCP-level attacks like Slowloris and Nkiller2 are not my focus at the moment.) Does anyone have a few nice ideas how to confuse the server and/or its modules to the point of self-immolation? Broken UTF-8? (Though I doubt Apache cares about encoding - I imagine it just juggles raw bytes.) Stuff that is only barely too long, followed by a 0-byte, followed by junk? et cetera I don't consider myself a very good tester (I'm doing this by necessity and lack of manpower; I unfortunately don't even have a more than basic grasp of Apache internals that would help me along), which is why I'm hoping for an insightful response or two or three. Maybe some of you have done some similar testing for your own projects? (If stackoverflow is not the right place for this question, I apologise. Not sure where else to put it.)

    Read the article

  • Secure hash and salt for PHP passwords

    - by luiscubal
    It is currently said that MD5 is partially unsafe. Taking this into consideration, I'd like to know which mechanism to use for password protection. Is “double hashing” a password less secure than just hashing it once? Suggests that hashing multiple times may be a good idea. How to implement password protection for individual files? Suggests using salt. I'm using PHP. I want a safe and fast password encryption system. Hashing a password a million times may be safer, but also slower. How to achieve a good balance between speed and safety? Also, I'd prefer the result to have a constant number of characters. The hashing mechanism must be available in PHP It must be safe It can use salt (in this case, are all salts equally good? Is there any way to generate good salts?) Also, should I store two fields in the database(one using MD5 and another one using SHA, for example)? Would it make it safer or unsafer? In case I wasn't clear enough, I want to know which hashing function(s) to use and how to pick a good salt in order to have a safe and fast password protection mechanism. EDIT: The website shouldn't contain anything too sensitive, but still I want it to be secure. EDIT2: Thank you all for your replies, I'm using hash("sha256",$salt.":".$password.":".$id) Questions that didn't help: What's the difference between SHA and MD5 in PHP Simple Password Encryption Secure methods of storing keys, passwords for asp.net How would you implement salted passwords in Tomcat 5.5

    Read the article

  • Authlogic, logout and credential capture

    - by Paddy
    Ok this is something weird. I got authlogic-oid installed in my rails app today. Everything works perfectly fine but for one small nuisance. This is what i did: I first register with my google openid. Successful login, redirection and my email, along with my correct openid is stored in my database. I am happy that everything worked fine! Now when i logout, my rails app as usual destroys the session and redirects me back to my root url where i can login again. Now if i try to login it still remembers my last login id. Not a big issue as i can always "Sign in as a different user" but i am wondering if there is anyway to not only logout from my app but also logout from google. I noticed the same with stack overflow's openid authentication system. Why am i so bothered about this, you may ask. But is it not a bad idea if your web apps end user, who happens to be in a cyber cafe, thinks he has logged out from your app and hence from his google account only to realize later that his google account had got hacked by some unworthy loser who just happened to notice that the one before had not logged out from google and say.. changed his password!! Should i be paranoid?

    Read the article

  • Visual Studio Team System 2008 - messy formatting/control characters/marks in source code

    - by AL
    Hi, I don't know what I did but somehow the IDE has started displaying a green dot whenever I press spacebar and a green arrowhead whenever I press TAB. The source has become littered with these characters all over and I am finding it very difficult to code in the presence of so many formatting marks. I have tried to search a solution on Google but couldn't perhaps enter the right keywords so haven't been able to fix the behavior. Is there any way I can stop VS2008 IDE from littering my source code with these green dots and arrowheads whenever I press spacebar/tab? I would be really thankful for this help. Thanks, -AL

    Read the article

  • MembershipProvider, IPrincipal, IIdentity?

    - by MRFerocius
    Hello guys; I have a conceptual question... I am making an Intranet application (Web platform) for a company. I have a SQL Server DB with these tables: Users (userID, userName, userPass, roleID) Roles (roleID, roleName) Pages (pageID, pageURL) RolesXPages(pageID, roleID) How is the best way to create a structure to store all this information while the user navigates the site, I mean, on the thread I should be able to check his role, his pages (the ones he can access) I have been reading and there is a lot of stuff there where Im confused, I saw the MembershipProvider, IPrincipal, IIdentity, etc classes but Im not sure what should be the best one for me. Any thoughts... Thanks in advance! Edit: Everytime gets more confusing... I just want to handle those structures at runtime and be able to mantain state during page callbacks or changing pages...

    Read the article

  • How to use the Rhino javascript engine in an applet

    - by Robber
    For my java program I'm using Rhino to execute JS scripts. Now I'm trying to convert it to an applet which works great, except that everytime it's calling evaluateString(...) the JVM throws an AccessControlException. After some (a lot) of research I found out that this is caused by Rhino's custom classloader. My problem is that after hours of googling I still can't find a way to stop Rhino from trying to load it's own classloader. I hope someone can help me...

    Read the article

  • "detached entity passed to persist error" with JPA/EJB code

    - by zengr
    I am trying to run this basic JPA/EJB code: public static void main(String[] args){ UserBean user = new UserBean(); user.setId(1); user.setUserName("name1"); user.setPassword("passwd1"); em.persist(user); } I get this error: javax.ejb.EJBException: javax.persistence.PersistenceException: org.hibernate.PersistentObjectException: detached entity passed to persist: com.JPA.Database Any ideas? I search on the internet and the reason I found was: This was caused by how you created the objects, i.e. If you set the ID property explicitly. Removing ID assignment fixed it. But I didn't get it, what will I have to modify to get the code working?

    Read the article

  • Aptana CSS hinting inside jQuery

    - by Arpinum
    I have code hinting for Aptana setup for jQuery. However, many jQuery actions use strings, which Aptana does not provide hinting. How can I have Aptana give hinting for html and CSS when I am typing inside a string? $(function() { $("#theList tr:even").addClass("stripe1"); $("#theList tr:odd").addClass("stripe2"); }); I have an id="thelist", but since I am inside a double quote, Aptana provides no help. Similarly, .stripe1 and .stripe2 are not hinted. I know CSS and HTML hinting are turned on. If Aptana cannot provide this feature, are there other code editors that will?

    Read the article

  • .Net - using FileIOPermission with mask in file name

    - by Max Gontar
    Hello! I would like to apply FileIOPermission on set of files using mask in file name, ex. on all txt files in folder C:\TMP: [type: FileIOPermission(SecurityAction.PermitOnly, Read = @"C:\TMP\*.txt")] class SomeClass { static void testPermissions() { Console.WriteLine("allowed action"); File.OpenRead(@"C:\TMP\1.txt"); // <--- here goes exception Console.WriteLine("denied action"); try { File.Create(@"C:\TMP\2.txt"); } catch (Exception e) { Console.WriteLine(e.Message); } finally { Console.ReadKey(); } } } This throws ArgumentException "Illegal characters in path." What is wrong? Is it possible to achieve anyway?

    Read the article

  • Is there a suggested solution structure for ASP.NET MVC Production Apps

    - by Eoin Campbell
    In general, I don't like to keep code (BaseClasses or DataAccess Code) in the App_Code directory of an ASP.NET Site. I'll usually pull this stuff out into a MySite.BusinessLogic & MySite.DataAccess DLL's respectively. I'm wondering should I be doing the same for ASP.NET MVC. Would it be better to Organise the solution something along the lines of MySite.Common - DLL - (Basic Functionality built on .NET System Dlls) MySite.DAL - DLL - (DataAccessLayer & DBML Files) MySite.Models - DLL - (MVC Models e.g. Repository Classes) MySite.Controllers - DLL (MVC Controllers which use Models) MySite - ASP.NET MVC Site. Or am I missing something... presumably, I'll lose some of the nice (Add View, Go To Controller, context menu items that have been added)

    Read the article

  • What is the best "forgot my password" method?

    - by Edward Tanguay
    I'm programming a community website. I want to build a "forgot my password" feature. Looking around at different sites, I've found they employ one of three options: send the user an email with a link to a unique, hidden URL that allows him to change his password (Gmail and Amazon) send the user an email with a new, randomly generated password (Wordpress) send the user his current password (www.teach12.com) Option #3 seems the most convenient to the user but since I save passwords as an MD5 hash, I don't see how option #3 would be available to me since MD5 is irreversible. This also seems to be insecure option since it means that the website must be saving the password in clear text somewhere, and at the least the clear-text password is being sent over insecure e-mail to the user. Or am I missing something here? So if I can't do option #1, option #2 seems to be the simplest to program since I just have to change the user's password and send it to him. Although this is somewhat insecure since you have to have a live password being communicated via insecure e-mail. However, this could also be misused by trouble-makers to pester users by typing in random e-mails and constantly changing passwords of various users. Option #1 seems to be the most secure but requires a little extra programming to deal with a hidden URL that expires etc., but it seems to be what the big sites use. What experience have you had using/programming these various options? Are there any options I've missed?

    Read the article

  • Best practices for organizing .NET P/Invoke code to Win32 APIs

    - by Paul Sasik
    I am refactoring a large and complicated code base in .NET that makes heavy use of P/Invoke to Win32 APIs. The structure of the project is not the greatest and I am finding DllImport statements all over the place, very often duplicated for the same function, and also declared in a variety of ways: The import directives and methods are sometimes declared as public, sometimes private, sometimes as static and sometimes as instance methods. My worry is that refactoring may have unintended consequences but this might be unavoidable. Are there documented best practices I can follow that can help me out? My instict is to organize a static/shared Win32 P/Invoke API class that lists all of these methods and associated constants in one file... (The code base is made up of over 20 projects with a lot of windows message passing and cross-thread calls. It's also a VB.NET project upgraded from VB6 if that makes a difference.)

    Read the article

  • clear javascript console in Google Chrome

    - by Reigel
    Hi, I was wondering if I could clear up the console with some command.. console.log(), can print... is there a command to clear up console?.. I've tried to console.log(console); and got this functions below... assert: function assert() { [native code] } constructor: function Console() { [native code] } count: function count() { [native code] } debug: function debug() { [native code] } dir: function dir() { [native code] } dirxml: function dirxml() { [native code] } error: function error() { [native code] } group: function group() { [native code] } groupEnd: function groupEnd() { [native code] } info: function info() { [native code] } log: function log() { [native code] } markTimeline: function markTimeline() { [native code] } profile: function profile() { [native code] } profileEnd: function profileEnd() { [native code] } time: function time() { [native code] } timeEnd: function timeEnd() { [native code] } trace: function trace() { [native code] } warn: function warn() { [native code] } __proto__: Object [ I guess there's no way to clear up the console... but I wanted someone to say it to me... ]

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 290 291 292 293 294 295 296 297 298 299 300 301  | Next Page >