Search Results

Search found 97980 results on 3920 pages for 'code security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 323/3920 | < Previous Page | 319 320 321 322 323 324 325 326 327 328 329 330  | Next Page >

  • HTTPS-Compliant Sharepoint Web Parts

    - by bporter
    We are planning to create a new sub-site within our company's intranet site. The intranet is built on SharePoint 2007. My question is this: Suppose I want to add a 3rd-party weather web part to the home page of my new intranet site. Since the new site uses HTTPS, do I need to make sure to find an HTTPS-compliant web part? If I use a standard web part, will users get a "This page contains both secure and non-secure items" error message when they load the page? Thanks in advance!

    Read the article

  • Backdoor Strategy- opinion needed.

    - by the Hampster
    I'm creating an application to track publications and grants for a university. Professors will need to put they CV into the system when it is up and running. Yeah, right. The person in charge is planning on hiring someone to input all of the information, but my questions is how? The strategy I'm thinking of is to install a backdoor. The lucky undergrad can log in as any professor using the backdoor. Once all the data is removed, the backdoor can be removed. Doing so would probably be as simple as editing out a comment in the config file. The IT guys would still have access, but since they control the machines, they would have access anyway. Are there any flaws to this strategy?

    Read the article

  • Preventing dictionary attacks on a web application

    - by Kevin Pang
    What's the best way to prevent a dictionary attack? I've thought up several implementations but they all seem to have some flaw in them: Lock out a user after X failed login attempts. Problem: easy to turn into a denial of service attack, locking out many users in a short amount of time. Incrementally increase response time per failed login attempt on a username. Problem: dictionary attacks might use the same password but different usernames. Incrementally increase response time per failed login attempt from an IP address. Problem: easy to get around by spoofing IP address. Incrementally increase response time per failed login attempt within a session. Problem: easy to get around by creating a dictionary attack that fires up a new session on each attempt.

    Read the article

  • VB6 debugging- doesn't go to error handling code.

    - by Can Ho
    Hi, I'm maintaining a vb6 project(ActiveX DLL). When debugging, the app run into the following function: Public Function HasValue(ByVal vValue) As Boolean On Error GoTo Err If IsMissing(vValue) Then HasValue = False ElseIf IsNull(vValue) Or Len(vValue) = 0 Then HasValue = False ElseIf isEmpty(vValue) Then HasValue = False Else HasValue = True End If Exit Function Err: If IsArray(vValue) Or IsObject(vValue) Then HasValue = True Else HasValue = False End If End Function and it stops at the line ElseIf IsNull(vValue) Or Len(vValue) = 0 Then vValue is a custom object, contains some properties(obviously, not null). Although I didn't put any break point there, the app stopped there and alerted error dialog saying that "Run-time error '438': Object doesn't support this property or method". We had error handling code but the app didn't run to error handling code. It just stopped at the line causing the error and I had to stop the application. Do you have any idea about that? Thank you very much.

    Read the article

  • Hosting SQL at remote location?

    - by Syd
    Hey guys, My OSCommerce site includes a separately programmed feature for which I use SQL tables. I've decided to host its tables on a remote site offering free SQL accounts. I'd like to know if there could be any disadvantages to this approach. Thanks Syd

    Read the article

  • Python code, extracting extensions

    - by user1434001
    import os path = '/Users/Marjan/Documents/Nothing/Costco' print path names = os.listdir(path) print len(names) for name in names: print name Here is the code I've been using, it lists all the names in this category in terminal. There are a few filenames in this file (Costco) that don't have .html and _files. I need to pick them out, the only issue is that it has over 2,500 filenames. Need help on a code that will search through this path and pick out all the filenames that don't end with .html or _files. Thanks guys

    Read the article

  • Detecting use after free() on windows. (dangling pointers)

    - by The Rook
    I'm trying to detect "Use after free()" bugs, otherwise known as "Dangling pointers". I know Valgrind can be used to detect "Use after free" bugs on the *nix platform, but what about windows? What if I don't have the source? Is there a better program than Valgrind for detecting all dangling pointers in a program? A free and open source would be preferred , but I'll use a commercial solution if it will get the job done.

    Read the article

  • Login form to an a secured app in tomcat

    - by patricio
    I have a normal HTML page in a normal Apache http server (http://yyy.yyy.yyy.yyy/index.html ), with an authentication form, with that form I need to access with the credentials to an application located in other server with diferent IP , that server have a secured application with tomcat: here is the login form in the apache http server: <form method="POST" id="theForm" action="http://xxx.xxx.xxx.xxx:8080/securedapp/j_security_check"> <input name="j_username" type="text" class="tx_form" id="j_username" size="20" /> <input name="j_password" type="password" class="tx_form" id="textfield2" size="20" /> <input name="btn" type="submit" value="login" /> </form> the submit only works random in chrome and dont work in IE and FF. im doing something wrong?

    Read the article

  • How to Check Authenticity of an AJAX Request

    - by Alex Reisner
    I am designing a web site in which users solve puzzles as quickly as they can. JavaScript is used to time each puzzle, and the number of milliseconds is sent to the server via AJAX when the puzzle is completed. How can I ensure that the time received by the server was not forged by the user? I don't think a session-based authenticity token (the kind used for forms in Rails) is sufficient because I need to authenticate the source of a value, not just the legitimacy of the request. Is there a way to cryptographically sign the request? I can't think of anything that couldn't be duplicated by a hacker. Is any JavaScript, by its exposed, client-side nature, subject to tampering? Am I going to have to use something that gets compiled, like Flash? (Yikes.) Or is there some way to hide a secret key? Or something else I haven't thought of? Update: To clarify, I don't want to penalize people with slow network connections (and network speed should be considered inconsistent), so the timing needs to be 100% client-side (the timer starts only when we know the user can see the puzzle). Also, there is money involved so no amount of "trusting the user" is acceptable.

    Read the article

  • Question about SSL Certificate.

    - by smwikipedia
    Hi experts, I am trying to make a SSL connection to a web site. Each time I enter the https:// address and press enter, the IE8 prompts me to select the Certificate (Client Certificate) to send to the server. I got 2 certificates to choose from. And they are stored in the IE8 - Internet Options - Content - Certificates - Personal. Since my server and client are the same machine, I want to use a single certificate for both server and client. And this certificate is a IIS generated self signed certificate. I do the following steps: 1- Generate a self-signed-cert in IIS; 2- Bind my site to https and choose the above self-signed-cert 3- Import the self-signed-cert at the IE8 - Internet Options - Content - Certificates - Personal. Then I use the https link to access my page, it is still prompts me to choose a certificate. But I cannot see my newly imported self-signed-cert. Why?

    Read the article

  • 404 on custom post types after updating Wordpress to 3.7

    - by Chris
    Since I updated Wordpress from 3.6 to 3.7, I'm not able to visit the single-pages on my custom post types, then I get a 404 error. I thought this would be a rewrite_rules issue, so I've tried the following: -Go to the Permalink settings, click save (flush rewrites) -Manually deleted the rewrite_rules from the option table in the DB (I was desparate, and it seriously worked for me one time) -Re-check my .htaccess, but this is the exactly same as instructed on the permalink page -switched off the plugins I also tried switching the permalink to the "ugly" url (eg. ?page=35) and check if the articles worked, and they did! So I'm pretty sure it's a permalink issue. Now I rolled back to 3.6 again, but I of course want to upgrade in the near future (security etc.). A remarkable thing was that during the rollback I checked out a single page (notice that I didn't rolled back the database yet, only the files) and surprisingly they worked again. Any suggestions on how to solve this?

    Read the article

  • Converting a C# code to F#??

    - by Brendon
    Hello all I am just a beginner in programing i wish covert some code from C# to F#, I have encotered this code: float[] v1=new float[10]; ... //Enqueue the Execute command. Queue.Execute(kernelVecSum, null, **new long[] { v1.Length }**, null, null); I have previously ask how to convert the v1 object, I think i know how, But how do i use the function call especially the "new long[] { v1.Length }" part of the function argument, what does "new long[] { v1.Length }" mean?? I have created v1 like this "let v1 = [| for i in 1.0 .. 10.0 -> 2.0 * i |]" Is it correct?? or should i use v1 like this "let v1 = ref [| for i in 1.0 .. 10.0 -> 2.0 * i |]" ???

    Read the article

  • How to play music on site preventing direct file download

    - by Hugo Palma
    I'm starting a blog with a hosted wordpress instance and i would like to be able to stream music using a flash player on some posts. The problem is that every player i find uses a simple param to get the file url which makes it very easy for someone to find that url and just download the file. A server side solution can be implemented as i have full access to the server.

    Read the article

  • user access management in j2ee web application

    - by kawtousse
    Hi everyone, I am working with jsp/servlet project and i have to complete the module of access management to my jsps since I have more than one user with different profile. I defined a table in my database wich resume the profil and the url permitted like that: id_profil :1 url : http://localhost/...xyz.jsp id page 1 Now I am trying to let the menu modified appropriately to the id_profil of the logged user. So there are pages allowed in one profile but must be hidden to others. I have no idea since now how to realize this and it is so important for me. thanks for your help.

    Read the article

  • Single Sign On with 3 applications

    - by John H.
    I'm building three web applications in .NET that will all share a users database and login information. Lets pretend that application 1 is the "parent" application and applications "A" and "B" are the "child" applications. All users have to be logged into application 1 to have access to applications A and B. Authorization, Authentication, and MachineKey sections of all web configs are present and work correctly. I have the correct web.config settings in all applications to achieve Single Sign On except one problem remains: what do I put in the "loginUrl" attribute of the forms tag in Applications A and B. Assume that the url for the login to application 1 is "www.johnsapp.com/login.aspx" How can I get applications A and B to send the user back to application 1 for authentication using only settings in web.config?

    Read the article

  • Customer provider Password Reset client.

    - by ProfK
    I'm looking for guidence on writing a custom password reset UI, but it must fit the Provider 'Pattern', or degrade silently to built-in defaults. E.g. my Reset Control must collect extra information, and perform differently to the standard Password Recovery Control. It must close as possible use the standard MembershipProvider interface for standard functions, and only use an extended interface for the non-standard stuff. I'd like some reading on issues such as, what must I ask the Membership Provider for, and what must I do myself. What must I tell the provider (service?) about what I do? Etc.

    Read the article

  • starting a service based on someone's GPL/MIT licensed code

    - by fooyee
    someone wrote a nice framework for developing html5 3d engine. It's GPL/MIT licensed. Do you think it's a good idea to build upon it, and then repackage it and sell it as a service? For eg the framework lets you build 3d environments. so I build on it, maybe add a few features like characters and music in the environment, and turn it into an online game. Is it a feasible idea? Of course, part of the GPL license says that all source code has to be visible to end users. Assuming the web is a winner take all market based on first mover advantage, why care about hiding the source code? It's the product that's being sold that counts.

    Read the article

  • How much effort does it take to spoof an Ip Address in a call to a webservice?

    - by Rory Becker
    I don't want to know how... Just how complicated.... I'm thinking of securing a webservice or 2 based on the incoming client ipaddress of the caller. Is this in any way secure? Surely if the IPaddress was being spoofed then the result would have to be sent back to the address that was being spoofed and therefore not reach the spoofer? Update: Ok so from what I can tell.... I should create a Gettoken() method which checks the IPaddress and passes out a cryptographically significant token with a timeout to any valid IP address. This is then required by any other method before any kind of side effect is allowed. Since an Attacker can't (likely) get the token without having a valid IP, he will be unable to validly call any of my "dangerous" webmethods ?

    Read the article

  • Is it possible to get RSA private key knowing public key and set of "original data=>encrypted data"

    - by Riz
    Hi, I work on apllication which allows plugins to access different set of functionality, every plugin provides "initialization string" which sets level of access to different features. Developers send me this strings, and I encrypt them using my 1024 bit RSA private key and send encoded data back. When started, my application decodes encoded data(encoded initialisation string) using built-in public key and if "decoded data != initialization string" it fails to start. So, is it possible to use a database of "initialization string" = "encoded initialization string"(extracted from other plugins) to crack my private key, or make it possible to bruteforce it in reasonable time?

    Read the article

  • Should I sanitize EVERY form variable passed along?

    - by Camran
    I have a form with many fields... The action is set to a php page which queries mysql... Should I sanitize with mysql_real_escape_string every single variable? Or can I ignore sanitizing drop-lists and radios for instance? Also, besides mysql_real_escape_string, what else should I do to prevent attacks? Thanks

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 319 320 321 322 323 324 325 326 327 328 329 330  | Next Page >