Search Results

Search found 97980 results on 3920 pages for 'code security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 314/3920 | < Previous Page | 310 311 312 313 314 315 316 317 318 319 320 321  | Next Page >

  • SSL Authentication with Certificates: Should the Certificates have a hostname?

    - by sixtyfootersdude
    Summary JBoss allows clients and servers to authenticate using certificates and ssl. One thing that seems strange is that you are not required to give your hostname on the certificate. I think that this means if Server B is in your truststore, Sever B can pretend to be any server that they want. (And likewise: if Client B is in your truststore...) Am I missing something here? Authentication Steps (Summary of Wikipeida Page) Client Server ================================================================================================= 1) Client sends Client Hello ENCRIPTION: None - highest TLS protocol supported - random number - list of cipher suites - compression methods 2) Sever Hello ENCRIPTION: None - highest TLS protocol supported - random number - choosen cipher suite - choosen compression method 3) Certificate Message ENCRIPTION: None - 4) ServerHelloDone ENCRIPTION: None 5) Certificate Message ENCRIPTION: None 6) ClientKeyExchange Message ENCRIPTION: server's public key => only server can read => if sever can read this he must own the certificate - may contain a PreMasterSecerate, public key or nothing (depends on cipher) 7) CertificateVerify Message ENCRIPTION: clients private key - purpose is to prove to the server that client owns the cert 8) BOTH CLIENT AND SERVER: - use random numbers and PreMasterSecret to compute a common secerate 9) Finished message - contains a has and MAC over previous handshakes (to ensure that those unincripted messages did not get broken) 10) Finished message - samething Sever Knows The client has the public key for the sent certificate (step 7) The client's certificate is valid because either: it has been signed by a CA (verisign) it has been self-signed BUT it is in the server's truststore It is not a replay attack because presumably the random number (step 1 or 2) is sent with each message Client Knows The server has the public key for the sent certificate (step 6 with step 8) The server's certificate is valid because either: it has been signed by a CA (verisign) it has been self-signed BUT it is in the client's truststore It is not a replay attack because presumably the random number (step 1 or 2) is sent with each message Potential Problem Suppose the client's truststore has certs in it: Server A Server B (malicous) Server A has hostname www.A.com Server B has hostname www.B.com Suppose: The client tries to connect to Server A but Server B launches a man in the middle attack. Since server B: has a public key for the certificate that will be sent to the client has a "valid certificate" (a cert in the truststore) And since: certificates do not have a hostname feild in them It seems like Server B can pretend to be Server A easily. Is there something that I am missing?

    Read the article

  • Better way to write this Java code?

    - by Macha
    public void handleParsedCommand(String[] commandArr) { if(commandArr[0].equalsIgnoreCase("message")) { int target = Integer.parseInt(commandArr[1]); String message = commandArr[2]; MachatServer.sendMessage(target, this.conId, message); } else if(commandArr[0].equalsIgnoreCase("quit")) { // Tell the server to disconnect us. MachatServer.disconnect(conId); } else if(commandArr[0].equalsIgnoreCase("confirmconnect")) { // Blah blah and so on for another 10 types of command } else { try { out.write("Unknown: " + commandArr[0] + "\n"); } catch (IOException e) { System.out.println("Failed output warning of unknown command."); } } } I have this part of my server code for handling the types of messages. Each message contains the type in commandArr[0] and the parameters in the rest of commandArr[]. However, this current code, while working seems very unelegant. Is there a better way to handle it? (To the best of my knowledge, String values can't be used in switch statements, and even then, a switch statement would only be a small improvement.

    Read the article

  • Sharing code between sqlite-net and servicestack ormlite?

    - by lanks
    I am using sqlite-net to store data on my MonoDroid mobile application. I am wanting to sync this data with a server side service as well. Would it be possible to share the code for my Entity objects between sqlite-net and Servicestacks ormlite? The main difference between the two that I can see is declaring the "using namespace" statements at the top of the class for the object. Is it possible to detect the platform and set the using statements based on the platform? The other difference would be referencing the different dlls for servicestack so I suppose on the mobile app it would not compile if there are references to the servicestack namespaces... What would a good approach be to achieve sharing of this code?

    Read the article

  • IntelliJ doesn't seem to pickup certain sbt libraries, no code completion

    - by Blankman
    I am using sbt console in my terminal to compile my scala/play project. I am using intellij to edit my source code, basically using it just for getting some code completion and navigation etc. For some reason certain libraries don't seem to load correctly. For example, I added elastic search to my Dependancies.scala file, reloaded sbt and everything compiles fine but for some reason IntelliJ doesn't pickup the jars correctly i.e. they are in red and there is no syntax completion. How can I fix this? I tried shutting intellij down and restarting it but the problem remains. I am using Intelli 13.1.3 (ultimate)

    Read the article

  • can this code be broken?

    - by user105165
    Consider the below html string <p>This is a paragraph tag</p> <font>This is a font tag</font> <div>This is a div tag</div> <span>This is a span tag</span> This string is processed to tokanize the text found in it and we get 2 results as below 1) Token Array : $tokenArray == array( 'This is a paragraph tag', 'This is a div tag', '<font>This is a font tag</font>', '<span>This is a span tag</span>' ); 2) Tokenized template : $templateString == "<p>{0}</p>{2}<div>{1}</div>{3}"; If you observe, the sequence of the text strings segments from the original HTML strings is different from the tokenized template The PHP code below is used to order the tokenized template and accordingly the token array to match the original html string class CreateTemplates { public static $tokenArray = array(); public static $tokenArrayNew = array(); function foo($templateString,$tokenArray) { CreateTemplates::$tokenArray = $tokenArray; $ptn = "/{[0-9]*}*/"; // Search Pattern from the template string $templateString = preg_replace_callback($ptn,array(&$this, 'callbackhandler') ,$templateString); // function call return $templateString; } // Function defination private static function callbackhandler($matches) { static $newArr = array(); static $cnt; $tokenArray = CreateTemplates::$tokenArray; array_push($newArr, $matches[0]); CreateTemplates::$tokenArrayNew[count($newArr)] = $tokenArray[substr($matches[0],1,(strlen($matches[0])-2))]; $cnt = count($newArr)-1; return '{'.$cnt.'}'; } // function ends } // class ends Final output is (ordered template and token array) $tokenArray == array('This is a paragraph tag', '<font>This is a font tag</font>', 'This is a div tag', '<span>This is a span tag</span>' ); $templateString == "<p>{0}</p>{1}<div>{2}</div>{3}"; Which is the expected result. Now, I am not confident whether this is the right way to achieve this. I want to see how this code can be broken or not. Under what conditions will this code break? (important) Is there any other way to achieve this? (less important)

    Read the article

  • Using installed identity certificate from within an app on iPhone

    - by Sabi Tinterov
    Hi, My question is: is there a way to use the installed identity certificates on the phone from within my app. For example similar case like with saffary: if certain site requires client certificate, the user has to install it on the phone and then when authenticating saffary uses the installed certificate to authenticate. I need to do the same: 1.User installs certificate on the phone. 2. The user starts the application and authenticates using the installed certificate. Thanks

    Read the article

  • permutation need help to code

    - by Hunt
    Thank for your reply, first thing i wish to thank you for trying to help me out, and i have post this in few website also no one trying to help at all. For my code, what i wish to do is permutation count. it will count from top to bottom 1,2,3 1,2,3 1,2,3 output to 111 = 1 112 = 1 113 = 1 121 = 1 122 = 1 123 = 1 133 = 1 211 = 1 212 = 1 213 = 1 333 = 1 and continue till all number is count and also store to the array which can check how many count after all code will check the input number and count how many outcome and show the results with how many outcome and each have how many after permutation count. Its hard to do?. Anyway thank you for help.

    Read the article

  • Is *not* using the asp.net membership provider a bad idea?

    - by EJB
    Is it generally a really bad idea to not use the built-in asp.net membership provider? I've always rolled my own for my asp.net apps (public facing), and really have not had any problems in doing so. It works, and seems to avoid a layer of complexity. My needs are pretty basic: once setup, the user must use email address and password to login, if they forget it, it will be emailed back to them (a new one). After setup there is little that needs to be done to each user account, but I do need to store several extra fields with each user (full name, telephone and a few other fields etc). The number of users that required login credentials are small (usually just the administrator and a few backups), and everyone else uses the site unauthenticated. What are the big advantages that I might be missing out on by skipping the asp.net membership provider functionality?

    Read the article

  • Rookie file permissions question

    - by Camran
    What is the ending 'r' for and the leading 'd' for in file permissions on Linux? Example: drwxr-xr-x I know about the user, group, others part, and I know w=write, r=read, x=execute. But I don't know about the leading 'd' and the trailing 'r'. Care to explain? Thanks

    Read the article

  • Visual Studio 2008 profiler analysis - missing time

    - by Scott Vercuski
    I ran the Visual Studio 2008 profiler against my ASP.NET application and came up with the following result set. CURRENT FUNCTION TIME (msec) ---------------------------------------------------|-------------- Data.GetItem(params) | 10,158.12 ---------------------------------------------------|-------------- Functions that were called by Data.GetItem(params) TIME (msec) ---------------------------------------------------|-------------- Model.GetSubItem(params) | 0.83 Model.GetSubItem2(params) | 0.77 Model.GetSubItem3(params) | 0.76 etc. The issue I'm facing is that the sum of the Functions called by Data.GetItem(params) do not sum up to the 10,158.12 msec total. This would lead me to believe that the bulk of the time is actually spent executing the code within that method. My question is ... does Visual Studio provide a way to analyze the method itself so I can see which sections of code are taking the longest? if it does not are there any recommended tools to do this? or should I start writing my own timing scripts? Thank you

    Read the article

  • Hashes or tokens for "remember me" cookies?

    - by Emanuil Rusev
    When it comes to remember me cookies, there are 2 distinct approaches: Hashes The remember me cookie stores a string that can identify the user (i.e. user ID) and a string that can prove that the identified user is the one it pretends to be - usually a hash based on the user password. Tokens The remember me cookie stores a random (meaningless), yet unique string that corresponds with with a record in a tokens table, that stores a user ID. Which approach is more secure and what are its disadvantages?

    Read the article

  • PHP complete sample website source

    - by MarceloRamires
    I'm new to PHP, and it appears that the way I learn the fastest is to study a new language a well developed complete program (or website, in this case) changing stuff seeing what happens and consulting books. There are lots of recommendations of books all around, and that's pretty much covered. I'd like to find the sourcecode of a website. Either a well known, well developed open-source website, or a sample sourcecode of a complete website (maybe one used in a book or something). Everyone says they should find the way they learn better.. Well, that's mine. PS.: By complete I mean having several common functionalities (such as login), database connection, use of security conventions, maybe a popular framework, and being up-to-date.

    Read the article

  • Code snippets in interview

    - by Maddy
    Hi All, Recently I went to an interview for a C development position. Instead of asking me questions, they just gave me 20 code snippets to find out two logical errors on each one. I just couldn't complete all of the 20 since it took me time to go through each of these code snippets. My question is: Is this the right way to judge a candidate? If yes, how can I improve over my error detection skills so that I don't need to waste a lot of time in the next interview? If possible, please, suggest me some links where I could find lots of samples of such questions (mainly in C). Thanks and regards, Maddy

    Read the article

  • Examples of ISO C++ code that is not valid C++/CLI

    - by Johannes Schaub - litb
    I've seen contradictory answers on the internet with regard to whether C++/CLI is a superset of C++ or not. The accepted answer on this question claims that "technically no", but doesn't provide an examples of non-C++/CLI code that conforms to ISO C++. Another answer on that question cites a book that says the opposite. So, can you please provide accurate answers with example code that fails on C++/CLI or cite a trusted source (MSDN for example) on this matter? I had someone this topic come up today and thought I would like to inform myself, but I didn't find any clear answer elsewhere!

    Read the article

  • Watermarking Flash Videos (server-side)

    - by Roberto Aloi
    Hi all, I have a bunch of flash videos that I need to watermark with user related information, to make illegal re-distribution of these files harder. I'm wondering how can this be done server-side. If done client-side, it will be quite easy for the user to intercept the videos before they are watermarked. Since the watermark should contain user-specific information I can't really watermark the videos before encoding them (unless I have an encoded video per user - not feasible). I'm expecting this to affect the streaming performances a lot, though. Any idea how this can be done (possibly in an efficient way)?

    Read the article

  • Service not able to access a mapped drive.

    - by Rohit
    Hi All, I have read in many forums that mapped drives are not accessible from a service as no user is logged on. Question 1) I tried making my service as a log on - as some account and i had my network drive mapped in that very account. The service still cannot access it. Why? Question 2) From the same sevice, i invoke another process. Under what user account will the process run? Thanks

    Read the article

  • Using code generated by Py++ as a Python extension

    - by gotgenes
    I have a need to wrap an existing C++ library for use in Python. After reading through this answer on choosing an appropriate method to wrap C++ for use in Python, I decided to go with Py++. I walked through the tutorial for Py++, using the tutorial files, and I got the expected output in generated.cpp, but I haven't figured out what to do in order to actually use the generated code as an extension I can import in Python. I'm sure I have to compile the code, now, but with what? Am I supposed to use bjam?

    Read the article

  • PKCS#11 Test suite

    - by Sasha
    Can somebody give me a link to PKCS#11 test suite? This may be a simple utility or part of big project no matter. I now only this one: Netscape PKCS #11 Test Suites

    Read the article

  • How necessary is using PHP filters?

    - by Jamie
    I'm a relatively newbie to PHP and just making my way through the W3Schools tut. The tut makes a big point of saying you must always filter external data (i.e. cookies, form data etc). I'm writing a fairly simple system that talks with a third party Joomla extension. It's at a prototype stage where I'm just wanting to demonstrate the functionality in a minimum viable product. Basically, I'd like to know... what's the worst that could happen in I don't filter content. Are we talking 'I might get a bunch of spam', or 'a good hacker could get root server access'? Have hunted around online, but would love any of your experience / insight on the matter!

    Read the article

  • How to add exception in this jquery code?

    - by metal-gear-solid
    How to add exception in this jquery code? $(function() { $("table tr:nth-child(even)").addClass("striped"); }); this code is applying on all tables. but for specfic pages i don't want strip effect. I've differnt body id on each page. I want to know how to add exception for a id. $(function() { $("table tr:nth-child(even)").addClass("striped"); //I want to add exception to not to add striped class to only to page with <body id="nostrip"> });

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 310 311 312 313 314 315 316 317 318 319 320 321  | Next Page >