securing connectionstring
- by Bruce Adams
What's the best method for securing connectionstring information in an app.config file for deployed winforms applications?
reference
Search Results
Search found 97980 results on 3920 pages for 'code security'.
Page 310/3920 | < Previous Page | 306 307 308 309 310 311 312 313 314 315 316 317 | Next Page >
-
-
Restrict access to a specific URL, running on IIS7 / ASP.NET
- by frankadelic
I am deploying a public ASP.NET website on an IIS7 web farm. The application runs on 3 web servers and is behind a firewall. We want to create a single page on the website that is accessible only to internal users. It is primarily used for diagnostics, trigger cache expiry, etc. /admin/somepage.aspx What is the best way to control access to this page? We need to: Prevent all external (public) users from accessing the URL. Permit specific internal users to access the page, only from certain IPs or networks. Should this access control be done at the (a) network level, (b) application level, etc.?Read the article
-
How secure is my website?
- by Doug
As a beginning web developer, I try my best to clean up all the user inputs through checks and what not. However, today, I found out my website was hacked (I'll share their website on request) and it really made my wonder how did they do it. I'm in the process of getting my website back together. What should I do to prevent these things? Is there people I should talk to and ask how secure my website is? What can I do to to keep my website safe?Read the article
-
Factor Clojure code setting many different fields in a Java object
- by chris
How do I factor code setting many different fields in a Java object? I would like to factor (set! (. employee name) "Chris") (set! (. employee age) 100) (set! (. employee salary) 5000) to (doseq [field '((name "Chris") (age 100) (salary 5000))] (set! (. employee (first field)) (second field))) However this won't work because the period is a macro, and tries to evaluate (first field) literally. By the way, I understand that setting fields is not good practice. I need to inter-operate with legacy code.Read the article
-
Strategy for developing namespaced and non-namespaced versions of same PHP code
- by porneL
I'm maintaining library written for PHP 5.2 and I'd like to create PHP 5.3-namespaced version of it. However, I'd also keep non-namespaced version up to date until PHP 5.3 becomes so old, that even Debian stable ships it ;) I've got rather clean code, about 80 classes following Project_Directory_Filename naming scheme (I'd change them to \Project\Directory\Filename of course) and only few functions and constants (also prefixed with project name). Question is: what's the best way to develop namespaced and non-namespaced versions in parallel? Should I just create fork in repository and keep merging changes between branches? Are there cases where backslash-sprinkled code becomes hard to merge? Should I write script that converts 5.2 version to 5.3 or vice-versa? Should I use PHP tokenizer? sed? C preprocessor? Is there a better way to use namespaces where available and keep backwards compatibility with older PHP?Read the article
-
How do you protect your software from illegal distribution?
- by petr k.
I am curious about how do you protect your software against cracking, hacking etc. Do you employ some kind of serial number check? Hardware keys? Do you use any third-party solutions? How do you go about solving licensing issues? (e.g. managing floating licenses) EDIT: I'm not talking any open source, but strictly commercial software distribution...Read the article
-
anyone know of a custom membership provider implementation that check password strength against in-b
- by ronaldwidha
I've got an Asp.net MVC app and before being able to go live, the IT have requested for us to comply with their password policy. The flexibility of AspnetSqlMembershipProvider doesn’t quite satisfy the requirement. The password strength and length rules are as follows: one lowercase one Uppercase one number and or special character 8 characters in length so far, aspnetsqlmembershipprovider is good... Not allowed to use: Dictionary words Names, real or fictional Plain language phrases Dates Telephone numbers Car registration numbers User IDs Postal codes Organization name Only the first 4 criteria are satisfied by the aspnetsqlmembershipprovider. Do you know of any third party products that offers this functionality (preferably in the form of a custom membership provider)?Read the article
-
Newbie PHP coding problem: header function (maybe, I need someone to check my code)
- by Haskella
Hi, consider the following PHP code: <?php $searchsport = $_REQUEST['sport']; $sportarray = array( "Football" => "Fb01", "Cricket" => "ck32", "Tennis" => "Tn43", ); header("Location: ".$sportarray[$searchsport].".html"); //directs user to the corresponding page they searched if ($searchsport == NULL) { header("Location: youtypednothing.html"); //directs user to a page I've set up to warn them if they've entered nothing } else { header("Location: sportdoesnotexist.html"); //if sport isn't in my root, a warning will appear } ?> I think the code comments are self-explanatory, basically when I type Tennis on my form.html it will send data to this php file and process and direct me to Tn43.html which is my tennis page. Unfortunately, it doesn't work and I really want to know why... (I know I've made some huge silly mistake). PS: Is header the right function to use when doing some redirecting?Read the article
-
Can I use Sun's OpenSSO Apache WebAgent to integrate to a CA SiteMinder Policy Server?
- by Mark Fruhling
The official Web Agents user documentation does not state what version of SAML is supported. I am trying to integrate this with a Policy Server that is not running Sun's OpenSSO policy server, so my only requirement is to support SAML 2.0. Has anyone had experience with this type of setup?Read the article
-
Is it safe to put reference to current user in User model in Rails?
- by Art Shayderov
You know, I think I have to check current user in the model callbacks (like before_update). Rather than rely solely on adding where ('something.user_id = ?', 'current_user.id') in the controllers. I need something like Thread.CurrentPrincipal in .NET Is it safe to put reference to current user in User model? I'm sorry I don't really understand how it works under the hood yet. Or how you do it The Rails way? Sorry if this a silly question.Read the article
-
How do you run a uncompiled CGI?
- by Toast
I'm going to get right to it. iPage shared hosting. Trying to use mimetex.cgi to render math. Source code is at the link. After preparing everything just as I had with a different shared host (which worked), I get errors. Tech support tells me I need to upload the uncompiled source and use that instead. ??? Rather than going with them just being ignorant and wrong, I'm going to assume I'm missing something. How am I supposed to execute and make use of the uncompiled source code? What the hell is wrong with a hosting service that doesn't support running compiled CGI written in C (as far as I can tell)?Read the article
-
How to block non-browser clients from submitting a request?
- by Thomas Kohl
I want to block non-browser clients from accessing certain pages / successfully making a request. The website content is served to authenticated users. What happens is that our user gives his credentials to our website to 3rd party - it can be another website or a mobile application - that performs requests on his behalf. Say there is a form that the user fills out and sends a message. Can I protect this form so that the server processing the submission can tell whether the user has submitted it directly from the browser or not? I don't want to use CAPTCHA for usability reasons. Can I do it with some javascript?Read the article
-
Asp.net membership salt?
- by chobo2
Hi Does anyone know how Asp.net membership generates their salt key and then how they encode it(ie is it salt + password or password + salt)? I am using sha1 with my membership but I would like to recreate the same salts so the built in membership stuff could hash the stuff the same way as my stuff can. Thanks Edit 2 Never Mind I mis read it and was thinking it said bytes not bit. So I was passing in 128 bytes not 128bits. Edit I been trying to make it so this is what I have public string EncodePassword(string password, string salt) { byte[] bytes = Encoding.Unicode.GetBytes(password); byte[] src = Encoding.Unicode.GetBytes(salt); byte[] dst = new byte[src.Length + bytes.Length]; Buffer.BlockCopy(src, 0, dst, 0, src.Length); Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length); HashAlgorithm algorithm = HashAlgorithm.Create("SHA1"); byte[] inArray = algorithm.ComputeHash(dst); return Convert.ToBase64String(inArray); } private byte[] createSalt(byte[] saltSize) { byte[] saltBytes = saltSize; RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); rng.GetNonZeroBytes(saltBytes); return saltBytes; } So I have not tried to see if the asp.net membership will recognize this yet the hashed password looks close. I just don't know how to convert it to base64 for the salt. I did this byte[] storeSalt = createSalt(new byte[128]); string salt = Encoding.Unicode.GetString(storeSalt); string base64Salt = Convert.ToBase64String(storeSalt); int test = base64Salt.Length; Test length is 172 what is well over the 128bits so what am I doing wrong? This is what their salt looks like vkNj4EvbEPbk1HHW+K8y/A== This is what my salt looks like E9oEtqo0livLke9+csUkf2AOLzFsOvhkB/NocSQm33aySyNOphplx9yH2bgsHoEeR/aw/pMe4SkeDvNVfnemoB4PDNRUB9drFhzXOW5jypF9NQmBZaJDvJ+uK3mPXsWkEcxANn9mdRzYCEYCaVhgAZ5oQRnnT721mbFKpfc4kpI=Read the article
-
Placement of a call to the parent method
- by Alejandro
I have a class that has a method. That class has a child class that overrides that method. The child's method has to call the parent's method. In all OO that I've seen or written calls to the parent's version of the same method were on the first line of the method. On a project that I am working on circumstances call for placing that method call at the end of a method. Should I be worried? Is that a code smell? Is this code inherently bad? class Parent { function work() { // stuff } } class Child { function work() { // do thing 1 // do thing 2 parent::work(); // is this a bad practice? // should I call the parent's work() method before // I do anything in this method? } }Read the article
-
Multiple login locations for an online app.
- by Goro
Hello, I am working on a browser based application that will have many users. The catch is that every user should have their own customized login page, but the actual application is the same for everyone, and needs to be in a central location. What is the most secure way of doing this? Would it make more sense to have a copy of the application for each user, and keep the database centralized? The projected number of users is not very high, probably around 20-80. Thank you,Read the article
-
Looking for a safe, portable password-storage method
- by Maciek
Hello, I'm working on C++ project that is supposed to run on both Win32 and Linux, the software is to be deployed to small computers, usually working in remote locations. Recently, our client has requested that we introduce access control via password protection. We are to meet the following criteria : Support remote login Support remote password change Support remote password retrieval Support data retrieval on accidental/purposeful deletion Support secure storage I'm capable of meeting the "remote" requirements using an existing library, however what I do need to consider is a method of storing this data, preferably in a way that will work on both platforms and will not let the user see it/read it, encryption is not the issue here - it's the storage method itself. Can anyone recommend a sage storage method that could help me meet those criteria?Read the article
-
Which parts of the client certificate to use when uniquely identifying users?
- by miha
I'm designing a system where users will be able to register and afterward authenticate with client certificates in addition to username/password authentication. The client certificates will have to be valid certificates issued by a configured list of certificate authorities and will be checked (validated) when presented. In the registration phase, I need to store part(s) of the client certificate in a user repository (DB, LDAP, whatever) so that I can map the user who authenticates with client certificate to an internal "user". One fairly obvious choice would be to use certificate fingerprint; But fingerprint itself is not enough, since collisions may occur (even though they're not probable), so we need to store additional information from the certificate. This SO question is also informative in this regard. RFC 2459 defines (4.1.2.2) that certificate serial number must be unique within a given CA. With all of this combined, I'm thinking of storing certificate serial number and certificate issuer for each registered user. Given that client certificates will be verified and valid, this should uniquely identify each client certificate. That way, even when client certificate is renewed, it would still be valid (serial number stays the same, and so does the issuer). Did I miss something?Read the article
-
CSRF protection and cross site form access
- by fl00r
Hi. I aw working on cross site authentication (some domains have got common authentication). So I want to send authentication data (login, password) to main domain from others. How should I use protect_from_forgery and how can I check if data received from valid domain? What I am thinking now is to turn off protect_from_forgery for session controller and check domain name of received data. But maybe I can configure CSRF protection for not only one domain?Read the article
-
How to write a Compiler in C for C
- by Kerb_z
I want to write a Compiler for C. This is a Project for my College i am doing as per my University. I am an intermediate programmer in C, with understanding of Data Structures. Now i know a Compiler has the following parts: 1. Lexer 2. Parser 3. Intermediate Code Generator 4. Optimizer 5. Code Generator I want to begin with the Lexer part and move on to Parser. I am consulting the following book: Compilers: Principles, Techniques, and Tools by Alfred V. Aho, Ravi Sethi, Jeffrey D. Ullman. The thing is that this book is highly theoretical and perplexing to me. I really appreciate the authors. But the point is i am not able to begin my project, as if i am blinded where to go. Need guidance please help.Read the article
-
PHP Session code work differently on two servers
- by williamsdb
I have some code which works fine on one server but is giving a session header warning: Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent on another. I have checked the php.ini settings on the two servers and they are identical. I know that the warning message is supposed to suggest that something has been outputted before the session_start but what I don't understand is why the same code works on one server but not the other. Is there anything else that could be explaining it other than the php.ini settings?Read the article
-
MicroChip Sample Code setting Current to a CMPDAC, DAC threshold which expect an voltage
- by jason hong
Sorry, the MicroChip Forum is very slow,I prefer to use overflow site to ask questions. dsPIC33FJ06GS101/X02 and dsPIC33FJ16GSX02/X04 device Sample Code // configure comparator2 CMPCON2bits.CMPON = 1; // enable comparator CMPCON2bits.INSEL = 1; // select CMP2B input pin (RB0) CMPCON2bits.RANGE = 1; // select high range, max DAC value = Avdd/2 //CMPDACx: COMPARATOR DAC CONTROL REGISTER //CMREF<9:0>: Comparator Reference Voltage Select bits CMPDAC2 = CURR_HWLIM; // DAC threshold #define CURR_HWLIM 1023 // 1023 // 10.15 * 101A MicroChip Sample code setting CURR_HWLIM which 1023A to COMPDAC2 which expects voltage I think that's mistake.Read the article
-
is it safe to call "plink.exe" in an application
- by EBAGHAKI
i want to use "plink.exe -u username -pw securepassword" on my windows visual c++ program. will username and password remain safe while calling this command? I mean can a hacker steal or sniff the username and password? (consider hacker can't get to the password directly from the exe file)Read the article
-
Anything wrong with this code?
- by Scott B
Do I actually have to return $postID in each case, in the code below? This is code required for capturing the values of custom fields I've added to the WP post and page editor. Got the idea from here: http://apartmentonesix.com/2009/03/creating-user-friendly-custom-fields-by-modifying-the-post-page/ add_action('save_post', 'custom_add_save'); function custom_add_save($postID){ if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) { return $postID; } else { // called after a post or page is saved if($parent_id = wp_is_post_revision($postID)) { $postID = $parent_id; } if ($_POST['my_customHeader']) { update_custom_meta($postID, $_POST['my_customHeader'], 'my_customHeader'); } else { update_custom_meta($postID, '', 'my_customHeader'); } if ($_POST['my_customTitle']) { update_custom_meta($postID, $_POST['my_customTitle'], 'my_customTitle'); } else { update_custom_meta($postID, '', 'my_customTitle'); } } return $postID; //IS THIS EVEN NECESSARY? } function update_custom_meta($postID, $newvalue, $field_name) { // To create new meta if(!get_post_meta($postID, $field_name)){ add_post_meta($postID, $field_name, $newvalue); }else{ // or to update existing meta update_post_meta($postID, $field_name, $newvalue); } }Read the article
-
Importance of verifying user email on web signup
- by sunwukung
I know this question is crazy - but my employers client is demanding that email verification be removed from the sign up process (they feel it is impeding sign up). I wanted to garner feedback from the programming community at large as to their experience and opinions regarding sign up and email verification - and the possible consequences of removing this safeguard.Read the article
-
Swapping data binding in code
- by Phil J Pearson
I have two data-bound text boxes. One is bound to a string and the other to a number. The 'default' binding is set in XAML. Under some circumstances I need to reverse the bindings at runtime (the string is usually a prefix but sometimes it's a suffix). I have the following code in my view model, called when the window is loaded: Binding stringBinding = BindingOperations.GetBinding(view.seqLeft, TextBox.TextProperty); Binding numberBinding = BindingOperations.GetBinding(view.seqRight, TextBox.TextProperty); view.seqLeft.SetBinding(TextBlock.TextProperty, numberBinding); view.seqRight.SetBinding(TextBlock.TextProperty, stringBinding); After that the code loads the properties to which the binding refers. The problem is that the 'new' binding doesn't seem to work. What have I missed? Is there a better way?Read the article
