Search Results

Search found 97980 results on 3920 pages for 'code security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 301/3920 | < Previous Page | 297 298 299 300 301 302 303 304 305 306 307 308  | Next Page >

  • Using Active Directory to authenticate users in a WWW facing website

    - by Basiclife
    Hi, I'm looking at starting a new web app which needs to be secure (if for no other reason than that we'll need PCI accreditation at some point). From previous experience working with PCI (on a domain), the preferred method is to use integrated windows authentication which is then passed all the way through the app to the database. This allows for better auditing as well as object-level permissions (ie an end user can't read the credit card table). There are advantages in that even if someone compromises the webserver, they won't be able to glean any additional information from the database. Also, the webserver isn't storing any database credentials (beyond perhaps a simple anonymous user with very few permissions) So, now I'm looking at the new web app which will be on the public internet. One suggestion is to have a Active Directory server and create windows accounts on the AD for each user of the site. These users will then be placed into the appropriate NT groups to decide which DB permissions they should have (and which pages they can access). ASP already provides the AD membership provider and role provider so this should be fairly simple to implement. There are a number of questions around this - Scalability, reliability, etc... and I was wondering if there is anyone out there with experience of this approach or, even better, some good reasons why to do it / not to do it. Any input appreciated Regards Basiclife

    Read the article

  • Anything wrong with this php code?

    - by Hwang
    1st I have to say I know nothing bout php. I was actually doing my AS3 guest-book and through parts of tutorials from Activetut, I managed to come out a flash guest-book. So the problem now I'm facing is the guest-book could only inject 1 XML data and it will always clear off the old 1, while the flash is still caching on the old XML files. I'd found some other tutorials(which I think its quite hard since i dunno anything about php) and comparing to the php code I'm using, it seems to be extremely short. I have no idea what the code does, so currently I'm not sure whether the problems came from the php or my AS3. <?php if (isset($GLOBALS["HTTP_RAW_POST_DATA"])){ $xml = $GLOBALS["HTTP_RAW_POST_DATA"]; $file = fopen("wish.xml","wb"); fwrite($file, $xml); fclose($file); } ?> and below is my correct XML format: <WISHES> <WISH> <NAME>Test</NAME> <EMAIL>[email protected]</EMAIL> <DATENTIME>2/3/10</DATENTIME> <MESSAGE>Dummy Message</MESSAGE> </WISH> <WISH> <NAME>Test</NAME> <EMAIL>[email protected]</EMAIL> <DATENTIME>2/3/10</DATENTIME> <MESSAGE>Dummy Message</MESSAGE> </WISH> </WISHES> So anyone kind to explain what that php code does? cause it replace my XML with: <WISH> <NAME>Test</NAME> <EMAIL>[email protected]</EMAIL> <DATENTIME>2/3/10</DATENTIME> <MESSAGE>Dummy Message</MESSAGE> </WISH>

    Read the article

  • How do I copy new binaries to C:\Program Files?

    - by Michael L Perry
    I'm creating a Windows app that automatically updates itself. I'm not using ClickOnce for a variety of reasons. When I try to File.Move() my updated files to C:\Program Files on Windows 7, I get the following error: Access to the path 'C:\Program Files\<company>\<app>\<app.exe>' is denied. I am not given a UAC prompt. The exe that I am trying to update is not currently running.

    Read the article

  • Add client side javascript code and ASP.Net validation on a asp.net button

    - by Vinni
    Hello guys, I wanted to write javascript code on "OnClientClick" of the asp.net button and also I want the asp.net validation to be run for that button. but when i mix these both validation is not working. please help me out. Below is my code ASPX <asp:Button ID="btnAddToFeatureOffers" runat="server" Text="Add to Feature Offers" OnClick="btnAddToFeatureOffers_Click" ValidationGroup="vgAddOffer" OnClientClick="add();" /> javascript function add() { var selectedOrder = $('#ctl00_MainContent_ddlFeaturedHostingType option:selected')[0].index; var offer = $('#<%=txtOrder.ClientID%>').val(); var a = $("<a>").attr("href", "#").addClass("offer").text("X"); $("<div>").text(offer).append(a).appendTo($('#resultTable #resultRow td')[selectedOrder - 1]); }

    Read the article

  • Is there an Unobtrusive Captcha for web forms?

    - by KP
    What is the best unobtrusive CAPTCHA for web forms? One that does not involve a UI, rather a non-UI Turing test. I have seen a simple example of a non UI CAPTCHA like the Nobot control from Microsoft. I am looking for a CAPTCHA that does not ask the user any question in any form. No riddles, no what's in this image.

    Read the article

  • How to give you website customers a secure feeling

    - by Saif Bechan
    I was wondering how you can give your website customers the confidence that you are not tinkering with the database values. I am planning on running a website which falls in the realm of an online game. There is some kind of credit system involved that people have to pay for. Now I was wondering how sites like this ensure there customers that there is no foul play in the database itself. As I am the database admin i can pretty much change all the values from within without anyone knowing i did. Hence letting someone win that does not rightfully is the winner. Is it maybe an option to decrypt en encrypt the credits people have so i can't change them. Or is there maybe a company i can hire that checks my company for foul play.

    Read the article

  • A question in java.lang.Integer internal code

    - by Daziplqa
    Hi folks, While looking in the code of the method: Integer.toHexString I found the following code : public static String toHexString(int i) { return toUnsignedString(i, 4); } private static String toUnsignedString(int i, int shift) { char[] buf = new char[32]; int charPos = 32; int radix = 1 << shift; int mask = radix - 1; do { buf[--charPos] = digits[i & mask]; i >>>= shift; } while (i != 0); return new String(buf, charPos, (32 - charPos)); } The question is, in toUnsignedString, why we create a char arr of 32 chars?

    Read the article

  • best way to switch between secure and unsecure connection without bugging the user

    - by Brian Lang
    The problem I am trying to tackle is simple. I have two pages - the first is a registration page, I take in a few fields from the user, once they submit it takes them to another page that processes the data, stores it to a database, and if successful, gives a confirmation message. Here is my issue - the data from the user is sensitive - as in, I'm using an https connection to ensure no eavesdropping. After that is sent to the database, I'd like on the confirmation page to do some nifty things like Google Maps navigation (this is for a time reservation application). The problem is by using the Google Maps api, I'd be linking to items through a unsecure source, which in turn prompts the user with a nasty warning message. I've browsed around, Google has an alternative to enterprise clients, but it costs $10,000 a year. What I am hoping is to find a workaround - use a secure connection to take in the data, and after it is processed, bring them to a page that isn't secure and allows me to utilize the Google Maps API. If any of you have a Netflix account you can see exactly what I would like to do when you sign-in, it is a secure page, which then takes you to your account / queue, on an unsecure page. Any suggestions? Thanks!

    Read the article

  • IFrame causing javascript code to not execute

    - by Claudio Redi
    Does anyone know why this code doesn't work. This means, the alert is NOT fired <iframe/> <script type="text/javascript">alert('hello');</script> While this code with the alert BEFORE the Iframe works perfeclty. This means the alert is fired <script type="text/javascript">alert('hello');</script> <iframe/> Seems that no javascript placed after the iframe is executed, I don't find any logic to this.

    Read the article

  • Convert the ada code to its C .

    - by maddy
    HI All, I have a piece of ada code shown below which is a simple switch case statements.Is there any better way to convert this into C. for I in 1..100 loop case I is when 100 => Dollars := Dollars + 1; when 25|50|75 => Quarters := Quarters + 1; when 10|20|30|40|60|70|80|90 => Dimes := Dimes + 1; when 5|15|35|45|55|65|85|95 => Nickles := Nickles + 1; when others => Pennies := Pennies + 1; end case; end loop; Now by adding the switch and the case for each values in the case,i can do that conversion,But it seems tyo make the code too big.Is there anywa other simple and compact way.Please get back to me if the question is not clear? Regards maddy

    Read the article

  • Process.Start - Pass html code to exe as argument

    - by dkirk
    Hello, I am using the code below to start a executable file from a windows service and I need to pass html code (stored in a variable) as an argument. I am escaping with double quotes but this is not working. What do I need to do in order to pass this correctly? Thanks in advance for any guidance that is offered. Inside the service: Process.Start(@"E:\Program Files\MyApp.exe", dr["rec"].ToString() + " \"" + subject + "\" \"" + htmlVar); and then within MyApp.exe: static void Main(string[] args) { Program MyProg = new Program(); MyProg.MyMeth(args[0].ToString(), args[1].ToString(), args[2].ToString()); }

    Read the article

  • Custom fine-grained claims based authorization system in ASP.NET MVC - wheres and hows

    - by BuzzBubba
    So, I'd like to implement my own custom authorization system in MVC2. If I'd have to create a global class, where do I instantiate it? Can HttpContext be extended with my own additions and where do I do that? Should I use Authorization filters for rights validation or ActionFilters or do it within an action? Can ActionFilter pass any data to the action itself? Previously (in WebForms) I was using a Session object where I would put a serialized object containing essential user data (account id and a list of roles and rights) and I'd extend my own Page class.

    Read the article

  • Swing code in sockets

    - by asb
    I am learning swings for making GUI. I was thinking which is the best possible way in case of socket with swings. 1. The whole swing code goes in the server file. All the handlers and logic in on server side. Client only create socket. 2. The server have logic part. The code for the swing to display interface goes on client side. Client Creates stream to send / rec. data from server. Whch is the good way out of 2 ?

    Read the article

  • What should a developer know before building a public web site?

    - by Joel Coehoorn
    What things should a programmer implementing the technical details of a web site address before making the site public? If Jeff Atwood can forget about HttpOnly cookies, sitemaps, and cross-site request forgeries all in the same site, what important thing could I be forgetting as well? I'm thinking about this from a web developer's perspective, such that someone else is creating the actual design and content for the site. So while usability and content may be more important than the platform, you the programmer have little say in that. What you do need to worry about is that your implementation of the platform is stable, performs well, is secure, and meets any other business goals (like not cost too much, take too long to build, and rank as well with Google as the content supports). Think of this from the perspective of a developer who's done some work for intranet-type applications in a fairly trusted environment, and is about to have his first shot and putting out a potentially popular site for the entire big bad world wide web. Also: I'm looking for something more specific than just a vague "web standards" response. I mean, HTML, JavaScript, and CSS over HTTP are pretty much a given, especially when I've already specified that you're a professional web developer. So going beyond that, Which standards? In what circumstances, and why? Provide a link to the standard's specification. This question is community wiki, so please feel free to edit that answer to add links to good articles that will help explain or teach each particular point.

    Read the article

  • Using MS Anti XSS library for sanitizing HTML

    - by user102533
    In the intent of preventing XSS attacks, I am updating a page in which we have a textbox that accepts HTML, stores it in a database and retrieves and renders it at a later time. My understanding is that I can sanitize the HTML using AntiXSS.GetSafeHtmlFragment() method. As long as I do this before storing the HTML in the database, am I covered? Do I need to do anything when the HTML is outputted on a web page? Also, it appears that the white list is kind of a black box. Is there a way to update this based on our requirements?

    Read the article

  • Optimizing Haskell code

    - by Masse
    I'm trying to learn Haskell and after an article in reddit about Markov text chains, I decided to implement Markov text generation first in Python and now in Haskell. However I noticed that my python implementation is way faster than the Haskell version, even Haskell is compiled to native code. I am wondering what I should do to make the Haskell code run faster and for now I believe it's so much slower because of using Data.Map instead of hashmaps, but I'm not sure I'll post the Python code and Haskell as well. With the same data, Python takes around 3 seconds and Haskell is closer to 16 seconds. It comes without saying that I'll take any constructive criticism :). import random import re import cPickle class Markov: def __init__(self, filenames): self.filenames = filenames self.cache = self.train(self.readfiles()) picklefd = open("dump", "w") cPickle.dump(self.cache, picklefd) picklefd.close() def train(self, text): splitted = re.findall(r"(\w+|[.!?',])", text) print "Total of %d splitted words" % (len(splitted)) cache = {} for i in xrange(len(splitted)-2): pair = (splitted[i], splitted[i+1]) followup = splitted[i+2] if pair in cache: if followup not in cache[pair]: cache[pair][followup] = 1 else: cache[pair][followup] += 1 else: cache[pair] = {followup: 1} return cache def readfiles(self): data = "" for filename in self.filenames: fd = open(filename) data += fd.read() fd.close() return data def concat(self, words): sentence = "" for word in words: if word in "'\",?!:;.": sentence = sentence[0:-1] + word + " " else: sentence += word + " " return sentence def pickword(self, words): temp = [(k, words[k]) for k in words] results = [] for (word, n) in temp: results.append(word) if n > 1: for i in xrange(n-1): results.append(word) return random.choice(results) def gentext(self, words): allwords = [k for k in self.cache] (first, second) = random.choice(filter(lambda (a,b): a.istitle(), [k for k in self.cache])) sentence = [first, second] while len(sentence) < words or sentence[-1] is not ".": current = (sentence[-2], sentence[-1]) if current in self.cache: followup = self.pickword(self.cache[current]) sentence.append(followup) else: print "Wasn't able to. Breaking" break print self.concat(sentence) Markov(["76.txt"]) -- module Markov ( train , fox ) where import Debug.Trace import qualified Data.Map as M import qualified System.Random as R import qualified Data.ByteString.Char8 as B type Database = M.Map (B.ByteString, B.ByteString) (M.Map B.ByteString Int) train :: [B.ByteString] -> Database train (x:y:[]) = M.empty train (x:y:z:xs) = let l = train (y:z:xs) in M.insertWith' (\new old -> M.insertWith' (+) z 1 old) (x, y) (M.singleton z 1) `seq` l main = do contents <- B.readFile "76.txt" print $ train $ B.words contents fox="The quick brown fox jumps over the brown fox who is slow jumps over the brown fox who is dead."

    Read the article

  • Need an encrypted online source code backup service.

    - by camelCase
    Please note this is not a question about online/hosted SVN services. I am working on a home based, solo developer, project that now has commercial significance and it is time to think about remote source code backup. There is no need for file level check in/out, all I need is once a day or once a week directory level snapshot to remote storage. Automatic encryption would be a bonus to protect my IP. What I have in mind is some sort of GUI interface app that will squirt a source code snapshot off to an Amazon S3 bucket on an automatic schedule. (My development PC runs on MS Windows.)

    Read the article

  • Is it possible to compile IronRuby code to a .NET assembly (EXE or DLL)

    - by Chris Ammerman
    My scenario consists of the following points. I have a packaged software product I am developing in C# Since it is a packaged product, the public interfaces of the assemblies need to be tightly controlled... All assemblies are strong-named Any classes that don't absolutely have to be "public" are "internal" I want to write unit tests for those "internal" classes, since they are the bulk of the code And finally.... I want to try writing the unit tests in Ruby. Since the unit tests would be external to the assembly containing the code under test, the assemblies under test would each need to have an "InternalsVisibleTo" attribute specifying the name of the unit test assembly. Which of course would mean that the Ruby unit tests would have to compile down to a .NET assembly so they can be given access in this way. Can this be done? If so, how? All I can find on the web about "compiling IronRuby" is about building the actual IronRuby runtime from source.

    Read the article

  • Account sharing among Ubuntu machines

    - by muckabout
    I'd like a simple and secure system to have allow users in our network to have their account (e.g., 'myname') work on every machine in the network (e.g., such that they could ssh to any machine and have the same userid, mounted smb share). Any suggestions?

    Read the article

  • Looking for a good WTF story involving SSL

    - by lindelof
    I'm preparing a talk on SSL to our local Java user group, and I would like to introduce it with some story on how NOT to use it. I've searched through the DailyWTF archives but couldn't find anything really good. Do you know such a story, or do you have some pointers where I could go looking for one?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 297 298 299 300 301 302 303 304 305 306 307 308  | Next Page >