Search Results

Search found 97980 results on 3920 pages for 'code security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 294/3920 | < Previous Page | 290 291 292 293 294 295 296 297 298 299 300 301  | Next Page >

  • Prevent SQL injection from form-generated SQL - NO PreparedStmts

    - by Markos Fragkakis
    Hi all, I have a search table where user will be able to filter results with a filter of the type: Field [Name], Value [John], Remove Rule Field [Surname], Value [Blake], Remove Rule Field [Has Children], Value [Yes], Remove Rule Add Rule So the user will be able to set an arbitrary set of filters, which will result essentially in a completely dynamic WHERE clause. In the future I will also have to implement more complicated logical expressions, like Where (name=John OR name=Nick) AND (surname=Blake OR surname=Bourne), Of all 10 fields the user may or may not filter by, I don't know how many and which filters the user will set. So, I cannot use a prepared statement (which assumes that at least we know the fields in the WHERE clause). This is why prepared statements are unfortunately out of the question, I have to do it with plain old, generated SQL. What measures can I take to protect the application from SQL Injection (REGEX-wise or any other way)?

    Read the article

  • Does each authenticated WCF client connection need a CAL?

    - by Sentax
    Just like the title says. Does each authenticated WCF client connection to a WCF server that you have developed need a windows CAL? http://www.microsoft.com/windowsserver2008/en/us/client-licensing.aspx Microsoft's licensing on that page sure makes it sound like it, but I can't find anything out there that confirms, or even denies this. Anyone know?

    Read the article

  • Pattern for verifying authenticity of a request to WCF service

    - by fung
    I have a client app that makes calls to a WCF service. This app is on a public computer that's easily accessible and anyone can easily copy the .EXE and .CONFIG of my app into another machine and start using it. Is there a pattern where I can check if the request is coming only from an app on a computer I installed it on and not on one it has been copied to? Thanks in advance.

    Read the article

  • "Authorize" attribute and 403 error page

    - by zerkms
    [Authorize] property is nice and handy MS invention, and I hope it can solve the issues I have now To be more specific: When current client isn't authenticated - [Authorize] redirects from secured action to logon page and after logon was successfull - brings user back, this is good. But when current cilent already authenticated but not authorized to run specific action - all I need is to just display my general 403 page. Is it possible without moving authorization logic within controller's body? UPD: The behavior I need in should be semantically equals to this sketch: public ActionResult DoWork() { if (!NotAuthorized()) { return RedirectToAction("403"); } return View(); } so - there should no any redirect and url should be stay the same, but contents of the page should be replaced with 403-page

    Read the article

  • Secure hash and salt for PHP passwords

    - by luiscubal
    It is currently said that MD5 is partially unsafe. Taking this into consideration, I'd like to know which mechanism to use for password protection. Is “double hashing” a password less secure than just hashing it once? Suggests that hashing multiple times may be a good idea. How to implement password protection for individual files? Suggests using salt. I'm using PHP. I want a safe and fast password encryption system. Hashing a password a million times may be safer, but also slower. How to achieve a good balance between speed and safety? Also, I'd prefer the result to have a constant number of characters. The hashing mechanism must be available in PHP It must be safe It can use salt (in this case, are all salts equally good? Is there any way to generate good salts?) Also, should I store two fields in the database(one using MD5 and another one using SHA, for example)? Would it make it safer or unsafer? In case I wasn't clear enough, I want to know which hashing function(s) to use and how to pick a good salt in order to have a safe and fast password protection mechanism. EDIT: The website shouldn't contain anything too sensitive, but still I want it to be secure. EDIT2: Thank you all for your replies, I'm using hash("sha256",$salt.":".$password.":".$id) Questions that didn't help: What's the difference between SHA and MD5 in PHP Simple Password Encryption Secure methods of storing keys, passwords for asp.net How would you implement salted passwords in Tomcat 5.5

    Read the article

  • How to implement SAML SSO

    - by A_M
    How is SAML SSO typically implemented? I've read this about using SAML with Google Apps, and the wikipedia entry on SAML. The wikipedia entry talks about responding with forms containing details of the SAMLRequest and SAMLResponse. Does this mean that the user has to physically submit the form in order to proceed with the single sign on? The google entry talks about using redirects, which seems more seemless to me. However, it also talks about using a form for the response which the user must submit (although it does talk about using JavaScript to automatically submit the form). Is this the standard way of doing this? Using redirects and JavaScript for form submission? Does anyone know of any other good resources about how to go about implementing SSO between a Windows Domain and a J2EE web application. The web application is on a separate network/domain. My client wants to use CA Siteminder (with SAML).

    Read the article

  • SQL code to insert multiple rows in ms-access table

    - by Thierry
    I'm trying to speed up my code and the bottleneck seems to be the individual insert statements to a Jet MDB from outside Access via ODBC. I need to insert 100 rows at a time and have to repeat that many times. It is possible to insert multiple rows in a table with SQL code? Here is some stuff that I tried but neither of them worked. Any suggestions? INSERT INTO tblSimulation (p, cfYear, cfLocation, Delta, Design, SigmaLoc, Sigma, SampleSize, Intercept) VALUES (0, 2, 8.3, 0, 1, 0.5, 0.2, 220, 3.4), (0, 2.4, 7.8, 0, 1, 0.5, 0.2, 220, 3.4), (0, 2.3, 5.9, 0, 1, 0.5, 0.2, 220, 3.4) INSERT INTO tblSimulation (p, cfYear, cfLocation, Delta, Design, SigmaLoc, Sigma, SampleSize, Intercept) VALUES (0, 2, 8.3, 0, 1, 0.5, 0.2, 220, 3.4) UNION (0, 2.4, 7.8, 0, 1, 0.5, 0.2, 220, 3.4) UNION (0, 2.3, 5.9, 0, 1, 0.5, 0.2, 220, 3.4)

    Read the article

  • TFS and SVN code Merge

    - by Mohanavel
    We are a small team of 8. 3 are from other country and they are using the Source controller as TFS and TFS server is also located there and they have only 4 licence. So we (5 developers) are using SVN source controller as local source controller and for every 3 days we are taking the TFS latest and merging the changes from and to SVN & TFS. Really this is overkilling and hour consuming task. They don't want to change the TFS ( Not event add ins ). So what i can use to merge the code between two source controllers. Is it i can use SVN-Bridge to Merge the code without changing or modifying the TFS Server. Please guide me on this. (Worst case they might go for add ins, for sure no other source controllers than Microsoft Product) hhhmmmmmm, i'm sitting in front of monitor and hitting the F5 on this page, Please save my hours.

    Read the article

  • HTTP requests and Apache modules: Creative attack vectors

    - by pinkgothic
    Slightly unorthodox question here: I'm currently trying to break an Apache with a handful of custom modules. What spawned the testing is that Apache internally forwards requests that it considers too large (e.g. 1 MB trash) to modules hooked in appropriately, forcing them to deal with the garbage data - and lack of handling in the custom modules caused Apache in its entirety to go up in flames. Ouch, ouch, ouch. That particular issue was fortunately fixed, but the question's arisen whether or not there may be other similar vulnerabilities. Right now I have a tool at my disposal that lets me send a raw HTTP request to the server (or rather, raw data through an established TCP connection that could be interpreted as an HTTP request if it followed the form of one, e.g. "GET ...") and I'm trying to come up with other ideas. (TCP-level attacks like Slowloris and Nkiller2 are not my focus at the moment.) Does anyone have a few nice ideas how to confuse the server and/or its modules to the point of self-immolation? Broken UTF-8? (Though I doubt Apache cares about encoding - I imagine it just juggles raw bytes.) Stuff that is only barely too long, followed by a 0-byte, followed by junk? et cetera I don't consider myself a very good tester (I'm doing this by necessity and lack of manpower; I unfortunately don't even have a more than basic grasp of Apache internals that would help me along), which is why I'm hoping for an insightful response or two or three. Maybe some of you have done some similar testing for your own projects? (If stackoverflow is not the right place for this question, I apologise. Not sure where else to put it.)

    Read the article

  • MembershipProvider, IPrincipal, IIdentity?

    - by MRFerocius
    Hello guys; I have a conceptual question... I am making an Intranet application (Web platform) for a company. I have a SQL Server DB with these tables: Users (userID, userName, userPass, roleID) Roles (roleID, roleName) Pages (pageID, pageURL) RolesXPages(pageID, roleID) How is the best way to create a structure to store all this information while the user navigates the site, I mean, on the thread I should be able to check his role, his pages (the ones he can access) I have been reading and there is a lot of stuff there where Im confused, I saw the MembershipProvider, IPrincipal, IIdentity, etc classes but Im not sure what should be the best one for me. Any thoughts... Thanks in advance! Edit: Everytime gets more confusing... I just want to handle those structures at runtime and be able to mantain state during page callbacks or changing pages...

    Read the article

  • Authlogic, logout and credential capture

    - by Paddy
    Ok this is something weird. I got authlogic-oid installed in my rails app today. Everything works perfectly fine but for one small nuisance. This is what i did: I first register with my google openid. Successful login, redirection and my email, along with my correct openid is stored in my database. I am happy that everything worked fine! Now when i logout, my rails app as usual destroys the session and redirects me back to my root url where i can login again. Now if i try to login it still remembers my last login id. Not a big issue as i can always "Sign in as a different user" but i am wondering if there is anyway to not only logout from my app but also logout from google. I noticed the same with stack overflow's openid authentication system. Why am i so bothered about this, you may ask. But is it not a bad idea if your web apps end user, who happens to be in a cyber cafe, thinks he has logged out from your app and hence from his google account only to realize later that his google account had got hacked by some unworthy loser who just happened to notice that the one before had not logged out from google and say.. changed his password!! Should i be paranoid?

    Read the article

  • Visual Studio Team System 2008 - messy formatting/control characters/marks in source code

    - by AL
    Hi, I don't know what I did but somehow the IDE has started displaying a green dot whenever I press spacebar and a green arrowhead whenever I press TAB. The source has become littered with these characters all over and I am finding it very difficult to code in the presence of so many formatting marks. I have tried to search a solution on Google but couldn't perhaps enter the right keywords so haven't been able to fix the behavior. Is there any way I can stop VS2008 IDE from littering my source code with these green dots and arrowheads whenever I press spacebar/tab? I would be really thankful for this help. Thanks, -AL

    Read the article

  • Is there a suggested solution structure for ASP.NET MVC Production Apps

    - by Eoin Campbell
    In general, I don't like to keep code (BaseClasses or DataAccess Code) in the App_Code directory of an ASP.NET Site. I'll usually pull this stuff out into a MySite.BusinessLogic & MySite.DataAccess DLL's respectively. I'm wondering should I be doing the same for ASP.NET MVC. Would it be better to Organise the solution something along the lines of MySite.Common - DLL - (Basic Functionality built on .NET System Dlls) MySite.DAL - DLL - (DataAccessLayer & DBML Files) MySite.Models - DLL - (MVC Models e.g. Repository Classes) MySite.Controllers - DLL (MVC Controllers which use Models) MySite - ASP.NET MVC Site. Or am I missing something... presumably, I'll lose some of the nice (Add View, Go To Controller, context menu items that have been added)

    Read the article

  • How to use the Rhino javascript engine in an applet

    - by Robber
    For my java program I'm using Rhino to execute JS scripts. Now I'm trying to convert it to an applet which works great, except that everytime it's calling evaluateString(...) the JVM throws an AccessControlException. After some (a lot) of research I found out that this is caused by Rhino's custom classloader. My problem is that after hours of googling I still can't find a way to stop Rhino from trying to load it's own classloader. I hope someone can help me...

    Read the article

  • "detached entity passed to persist error" with JPA/EJB code

    - by zengr
    I am trying to run this basic JPA/EJB code: public static void main(String[] args){ UserBean user = new UserBean(); user.setId(1); user.setUserName("name1"); user.setPassword("passwd1"); em.persist(user); } I get this error: javax.ejb.EJBException: javax.persistence.PersistenceException: org.hibernate.PersistentObjectException: detached entity passed to persist: com.JPA.Database Any ideas? I search on the internet and the reason I found was: This was caused by how you created the objects, i.e. If you set the ID property explicitly. Removing ID assignment fixed it. But I didn't get it, what will I have to modify to get the code working?

    Read the article

  • .Net - using FileIOPermission with mask in file name

    - by Max Gontar
    Hello! I would like to apply FileIOPermission on set of files using mask in file name, ex. on all txt files in folder C:\TMP: [type: FileIOPermission(SecurityAction.PermitOnly, Read = @"C:\TMP\*.txt")] class SomeClass { static void testPermissions() { Console.WriteLine("allowed action"); File.OpenRead(@"C:\TMP\1.txt"); // <--- here goes exception Console.WriteLine("denied action"); try { File.Create(@"C:\TMP\2.txt"); } catch (Exception e) { Console.WriteLine(e.Message); } finally { Console.ReadKey(); } } } This throws ArgumentException "Illegal characters in path." What is wrong? Is it possible to achieve anyway?

    Read the article

  • Aptana CSS hinting inside jQuery

    - by Arpinum
    I have code hinting for Aptana setup for jQuery. However, many jQuery actions use strings, which Aptana does not provide hinting. How can I have Aptana give hinting for html and CSS when I am typing inside a string? $(function() { $("#theList tr:even").addClass("stripe1"); $("#theList tr:odd").addClass("stripe2"); }); I have an id="thelist", but since I am inside a double quote, Aptana provides no help. Similarly, .stripe1 and .stripe2 are not hinted. I know CSS and HTML hinting are turned on. If Aptana cannot provide this feature, are there other code editors that will?

    Read the article

  • clear javascript console in Google Chrome

    - by Reigel
    Hi, I was wondering if I could clear up the console with some command.. console.log(), can print... is there a command to clear up console?.. I've tried to console.log(console); and got this functions below... assert: function assert() { [native code] } constructor: function Console() { [native code] } count: function count() { [native code] } debug: function debug() { [native code] } dir: function dir() { [native code] } dirxml: function dirxml() { [native code] } error: function error() { [native code] } group: function group() { [native code] } groupEnd: function groupEnd() { [native code] } info: function info() { [native code] } log: function log() { [native code] } markTimeline: function markTimeline() { [native code] } profile: function profile() { [native code] } profileEnd: function profileEnd() { [native code] } time: function time() { [native code] } timeEnd: function timeEnd() { [native code] } trace: function trace() { [native code] } warn: function warn() { [native code] } __proto__: Object [ I guess there's no way to clear up the console... but I wanted someone to say it to me... ]

    Read the article

  • Silverlight 4 - elevated permission *inside* the browser

    - by Doug
    I know Silverlight 4 can handle elevated permissions outside the browser. Is there a way to accomplish this inside the browser? I need to make a folder/file upload manager that gives a better user experience than the standard , and I'd like to implement it in Silverlight. I know Java has an option to gain elevated permissions, but you have to attach a signed certificate to your app. Does Silverlight 4 have a similar option - to gain elevated permissions by attaching a signed certificate (after warning the user, of course)? -Doug

    Read the article

  • Securely erasing a file using simple methods?

    - by Jason
    Hello, I am using C# .NET Framework 2.0. I have a question relating to file shredding. My target operating systems are Windows 7, Windows Vista, and Windows XP. Possibly Windows Server 2003 or 2008 but I'm guessing they should be the same as the first three. My goal is to securely erase a file. I don't believe using File.Delete is secure at all. I read somewhere that the operating system simply marks the raw hard-disk data for deletion when you delete a file - the data is not erased at all. That's why there exists so many working methods to recover supposedly "deleted" files. I also read, that's why it's much more useful to overwrite the file, because then the data on disk actually has to be changed. Is this true? Is this generally what's needed? If so, I believe I can simply write the file full of 1's and 0's a few times. I've read: http://www.codeproject.com/KB/files/NShred.aspx http://blogs.computerworld.com/node/5756 http://blogs.computerworld.com/node/5687 http://stackoverflow.com/questions/4147775/securely-deleting-a-file-in-c-net

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 290 291 292 293 294 295 296 297 298 299 300 301  | Next Page >