Search Results

Search found 30819 results on 1233 pages for 'software security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 312/1233 | < Previous Page | 308 309 310 311 312 313 314 315 316 317 318 319  | Next Page >

  • Ask a DNS server what sites it hosts - and how to possibly prevent misuse

    - by Exit
    I've got a server which I host my company website as well as some of my clients. I noticed a domain which I created, but never used, was being attacked by a poke and hope hacker. I imagine that the hacker collected the domain from either hitting my DNS server and requesting what domains are hosted. So, in the interest of prevention and better server management, how would I ask my own DNS server (Linux CentOS 4) what sites are being hosted on it? Also, is there a way to prevent these types of attacks by hiding this information? I would assume that DNS servers would need to keep some information public, but I'm not sure if there is something that most hosts do to help prevent these bandwidth wasting poke and hope attacks. Thanks in advance.

    Read the article

  • Securing a .NET Application [closed]

    - by beakersoft
    Duplicate: Protecting .NET Code from Reverse Engineering We've recently released a small application and this weekend I found a cracked version of it on Piratebay that had the registration checking removed, so the app ran as if it was a registered version. Apart from using a code obfuscation tool (which doesn't seem to be that hard to get around), are there any standard things we should be doing to make our .NET applications more difficult to crack?

    Read the article

  • Protect Apache server

    - by Mike Arnold
    My server is attacked like this 188.165.198.65 ./../../../../../../../../../etc/passwd%00 HTTP/1.1" 200 28114 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1" How can I defend it with .htaccess file?

    Read the article

  • prevent bots to query my database several times

    - by Alain
    Hi all, I'm building an application that is a kind of registry. Think about the dictionary: you lookup for a word and it return something if the word is founded. Now, that registry is going to store valuable informations about companies, and some could be tempted to get the complete listing. My application use EJB 3.0 that replies to WS. So I was thinking about permits a maximum of 10 query per IP address per day. Storing the IP address and a counter on a table that would be empty by a script every night. Is it a good idea/practice to do so? If yes, how can I get the IP address on the EJB side? Is there a better way to prevent something to get all the data from my database? I've also though about CAPTCHA but I think it's a pain for the user, and sometime, they are difficult to read even for real human. Hope it's all clear since I'm not english... Thanks Alain

    Read the article

  • Running shell scripts with sudo through my Rails app

    - by nfm
    In my Rails app, I have some functionality that interfaces with the server's OS. I've written a bash script, put it in my lib/ subdirectory, and can run it from my controller. However, some functionality of the script requires superuser privileges. What is the most sane way to run this script securely? It is being passed arguments from a web form, but should only be able to be called by authenticated (and trusted) users.

    Read the article

  • What are the best measures to protect content from being crawled?

    - by Moak
    I've been crawling a lot of websites for content recently and am surprised how no site so far was able to put up much resistance. Ideally the site I'm working on should not be able to be harvested so easily. So I was wondering what are the best methods to stop bots from harvesting your web content. Obvious solutions: Robots.txt (yea right) IP blacklists What can be done to catch bot activity? What can be done to make data extraction difficult? What can be done to give them crap data? Just looking for ideas, no right/wrong answer

    Read the article

  • Programmatic authentication in JEE 6

    - by Kevin
    Hello, is it possible to authenticate programmatically a user in J2ee 6? Let me explain with some more details: I've got an existing Java SE project with Servlets and hibernate; where I manage manually all the authentication and access control: class Authenticator { int Id string username } Authenticator login(string username, string password) ; void doListData(Authenticator auth) { if (isLoggedIn(auth)) listData(); else doListError } void doUpdateData (Authenticator auth) { if (isLoggedAsAdmin(auth)) updateData() ; else doListError(); } void doListError () { listError() ; } And Im integrating J2ee/jpa/servlet 3/... (Glassfish 3) in this project. I've seen anotations like : @RolesAllowed ("viewer") void doListdata (...) { istData() ; } @RolesAllowed("admin") void doUpdateData (...) { updateData() ; } @PermotAll void dolisterror () { listerror() ; } but how can I manually state, in login(), that my user is in the admin and/or viewer role?

    Read the article

  • Salt question - using a "random salt"

    - by barfoon
    Hey everyone, Further to my question here, I have another question regarding salts. When someone says "use a random salt" to pre/append to a password, does this mean: Creating a static a 1 time randomly generated string of characters, or Creating a string of characters that changes at random every time a password is created? If the salt is random for every user and stored along with the hashed password, how is the original salt ever retrieved back for verification? Thanks!

    Read the article

  • Am I under risk of CSRF attacks in a POST form that doesn't require the user to be logged in?

    - by Monika Sulik
    I'm probably being a total noob here, but I'm still uncertain about what a CSRF (Cross-Site Request Forgery) attack is exactly. So lets look at three situations... 1) I have a POST form that I use to edit data on my site. I want this data to be edited only by users that are logged in. 2) I have a site, which can be used by both users who are logged in as well as guests. Parts of the site are for logged in users only, but there are also POST forms that can be used by all users - anonymous and not (for example a standard contact form). Should the contact form be safeguarded against CSRF attacks? 3) I have a site which doesn't have an authentication system at all (well, perhaps that's unrealistic, so lets say it has an admin site which is separate from the rest of it and the admin part is properly safeguarded). The main part of the site is only used by anonymous users. Do the POST forms on it need to be safeguarded? In the case of 1) the answer is clearly yes. But in the case of 2 and 3 I don't know (and is the difference between 2 and 3 even significant?).

    Read the article

  • Is it worthwhile to implement observer pattern in PHP?

    - by Extrakun
    I have been meaning to make use of design pattern in PHP, such as the observer pattern, but that I have to recreate the observers' relationship each time the page is loaded pains me. As references are saved as a new concrete objects in session, there is no way to preserve relationships between subscribers and their observers unless you use a GUID or some other properties to form a lookup, and store that property instead. With the cost of recreating the relationships each time a page is loaded, is it worthwhile to use design patterns such as observers in PHP, compared to having a clean design? Any real-world experience to share?

    Read the article

  • Who does actually use XACML?

    - by lajuette
    Who knows actively developed XACML Implemtations other than the Sun XACML Implementation and XEngine? Which vendors provide a PDP? I read something about a WebLogic XACML Privider. What other products support XACML?

    Read the article

  • Create certificate for a client app in .NET

    - by galets
    I'm looking for a server app to be routinely generating certificates for client applications using self-signed root. Is there any streamlined process in .NET to programmatically generate those certificates? I can, of course, keep spawning makecert or openssl, but I was looking for more programmatic, in-memory method, when you just get X509Certificate on output. If someone got a code snippet, can you please share?

    Read the article

  • Storing secret keys on iPhone source and project resources

    - by hgpc
    Is storing secret keys (internal use passwords and such) on iPhone source code and project resources (such as plist files) secure? Obviously nothing is 100% secure, but can this information be extracted easily from an installed app? How do you recommend storing these keys to use them in the source code? Just in case, this question is not about storing user passwords.

    Read the article

  • Best Open Source Project Hosting Site

    - by Cristian
    I want to start an open source project, but the rise in hosting sites leaves me a little paralyzed with choice. I know a little about several: I never really liked SourceForge's UI but it still feels like the site I think of when I think "open source project hosting". Google Code Project Hosting looks clean and useful but doesn't seem as feature complete as SourceForge. I've heard good things about Launchpad but don't know much about it nor do I know Bazaar (though I'd be interested in learning it). I know almost nothing about GitHub and, like Bazaar, I don't know Git. Does anyone have any experience with these sites or some other cool code host? Any recommendations? Recommended Sites: BitBucket Codeplex Assembla DevjaVu Savannah

    Read the article

  • RSA public key exportation

    - by user308806
    Dear all, Here is my code KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); KeyPair myPair = kpg.generateKeyPair(); PrivateKey k = myPair.getPrivate(); System.out.print(k.serialVersionUID); Cipher c = Cipher.getInstance("RSA"); c.init(Cipher.ENCRYPT_MODE, myPair.getPublic()); String myMessage = new String("Testing the message"); byte[] bytes = c.doFinal(myMessage.getBytes()); String tt = new String(bytes); System.out.println(tt); Cipher d = Cipher.getInstance("RSA"); d.init(Cipher.DECRYPT_MODE, myPair.getPrivate()); byte[] temp = d.doFinal(bytes); String tst = new String(temp); System.out.println(tst); My question is how can i get the public key and stored elsewhere

    Read the article

  • How to make a secure game in javascript ?

    - by rnaud
    Hello, I'm working on games using javascript some html and css, and I was wondering if there was any way to secure the game so that the user can't just call game.php?result=victory to finish the game and earn some point. As of right now here are the solution I have. For a chance game, start the page with the result already in place, win or loose, then just do some animations to show it, but all the score and win/loose stuff is done server-side. For a battle game, just get the action from the javascript call, and do the damage calculation, reaction of the oponent on the server and just send back the data. but the last solution imply that I will have to send actions each time the user do anything. This might work for a turn by turn battle game, but I think it would be to slow for any other kind of game. So my question is, is there some kind of secure way I can prep my javascript to secure the infomation sent.

    Read the article

  • Can IIS admin change password of Windows Service account

    - by sweta Jha
    We have a service account defined for anonymous access which is used for several web sites hosted on the web server. This account has access to several network resources like report server, file servers and so on. While deploying a new web site, we used the same service account for anonymous access. IIS takes the username/password for the account and then a dialog opens for confirm password. Accidently, we gave a wrong password in both the text boxes, the new site with wrong password is working fine but all other previously hosted sites which were using the service account, started giving the unautorized access error. Is it possible that when we entered wrong password for the new web site, the password of the account got reset and all sites stopped functioning?

    Read the article

  • log in as a proxy for a certain user

    - by Samuel
    We have a requirement, wherein the administrative user needs to proxy in as a certain user in an environment where several users (Role: User) are managed by an administrator (Role: Admin). e.g If we have the following users in the database (admin, user1, user2, user3), we would want the admin to proxy as 'user2' and use the system in certain scenarios. Authentication in our web application is based username / password credentials, what mechanisms are available for the admin to proxy as 'user2' when he doesn't have the password for 'user2'. How can the application track such access for audit purposes to mention that 'admin' had proxied for 'user2' and performed certain actions. I am looking for suggestions on supporting this in our j2ee (jboss seam) web application.

    Read the article

  • Pros and cons of programmatically enforcing foreign key than in database

    - by Jeffrey
    It is causing so much trouble in terms of development just by letting database enforcing foreign key. Especially during unit test I can’t drop table due to foreign key constrains, I need to create table in such an order that foreign key constrain warning won’t get triggered. In reality I don’t see too much point of letting database enforcing the foreign key constrains. If the application has been properly designed there should not be any manual database manipulation other than select queries. I just want to make sure that I am not digging myself into a hole by not having foreign key constrains in database and leaving it solely to the application’s responsibility. Am I missing anything? P.S. my real unit tests (not those that use mocking) will drop existing tables if the structure of underlying domain object has been modified.

    Read the article

  • Empty data problem - data layer or DAL?

    - by luckyluke
    I designing the new App now and giving the following question a lot of thought. I consume a lot of data from the warehouse, and the entities have a lot of dictionary based values (currency, country, tax-whatever data) - dimensions. I cannot be assured though that there won't be nulls. So I am thinking: create an empty value in each of teh dictionaries with special keyID - ie. -1 do the ETL (ssis) do the correct stuff and insert -1 where it needs to let the DAL know that -1 is special (Static const whatever thing) don't care in the code to check for nullness of dictionary entries because THEY will always have a value But maybe I should be thinking: import data AS IS let the DAL do the thinking using empty record Pattern still don't care in the code because business layer will have what it needs from DAL. I think is more of a approach thing but maybe i am missing something important here... What do You think? Am i clear? Please don't confuse it with empty record problem. I do use emptyCustomer think all the time and other defaults too.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 308 309 310 311 312 313 314 315 316 317 318 319  | Next Page >