Search Results

Search found 97980 results on 3920 pages for 'code security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 323/3920 | < Previous Page | 319 320 321 322 323 324 325 326 327 328 329 330  | Next Page >

  • How do I validate that my the openid.op_endpoint when a request is completed.

    - by Sam Saffron
    I have an Open ID based authentication system on my site. Occasionally users will have an account registered under [email protected] and they will attempt to login using the google open id provider https://www.google.com/accounts/o8/id, in this case I would like to automatically associate the account and log them in. When the process is done I get a payload from somewhere claiming that openid.op_endpoint=https://www.google.com/accounts/o8/id. My question: Can I trust openid.op_endpoint to be correct? Can this be spoofed somehow by a malicious openid provider? For illustration, lets say someone types in http://evil.org as their openid provider, can I somehow end up getting a request back that claims openid.op_endpoint is google? Do I need to store extra information against the nonce to validate? The spec is kind of tricky to understand

    Read the article

  • How can I securely check if a username is already taken?

    - by Geo
    I have a form where someone can create a new user. I'd like to add some AJAX to check if a username is taken, as soon as the input field loses focus. I'm not really sure how to go about this, as this could pave the way to bruteforce attack, since you could check for any username and see whether or not it exists. Any suggestions?

    Read the article

  • How To Refactor If-else Code Segment?

    - by LostInLib
    I'm developing win8(metro style) application with Html5-js-jquery. I have this code segment; GetBoutiqueDetail: function (boutiqueId, options) { if (IsUserLogin()) { //different job A } else { ShowLoginPanel(undefined); } }, GetProductDetail: function (boutiqueId, productId, options) { if (IsUserLogin()) { //different job B } else { ShowLoginPanel(undefined); } }, AddBasket: function (productId, productVariantId, quantity, options) { if (IsUserLogin()) { //different job C } else { ShowLoginPanel(undefined); } },.... .And ~20 functions should check if user login or not. I should call functions like similar to "Library.GetBoutiqueDetail();" So my question is simple, how can I refactor that code to remove these if-else sections ?

    Read the article

  • Single Sign On with 3 applications

    - by John H.
    I'm building three web applications in .NET that will all share a users database and login information. Lets pretend that application 1 is the "parent" application and applications "A" and "B" are the "child" applications. All users have to be logged into application 1 to have access to applications A and B. Authorization, Authentication, and MachineKey sections of all web configs are present and work correctly. I have the correct web.config settings in all applications to achieve Single Sign On except one problem remains: what do I put in the "loginUrl" attribute of the forms tag in Applications A and B. Assume that the url for the login to application 1 is "www.johnsapp.com/login.aspx" How can I get applications A and B to send the user back to application 1 for authentication using only settings in web.config?

    Read the article

  • How to prevent a specific directory from running Php, Html, and Javascript languages?

    - by Emily
    Hi, Let's say i have an image uploader script, i want to prevent the upload directory from executing Php or even html by only showing it as plain text, i've seen this trick in many websites but i don't know how they do it. Briefly, if i upload evil.php to that directory, and i try to access it i will only see a plain text source , No html or php is executed. ( but i still want the images to appear normally ofcourse) I know i can do like that by header("content-type:text/plain"); but that's will not be helpful, because what i want, is to set the content-type:text/plain automatically by the server for every thing outputed from the upload directory except images. Note: i'm running php 5.3.2/Cent OS and the latest cPanel. Thanks

    Read the article

  • How much effort does it take to spoof an Ip Address in a call to a webservice?

    - by Rory Becker
    I don't want to know how... Just how complicated.... I'm thinking of securing a webservice or 2 based on the incoming client ipaddress of the caller. Is this in any way secure? Surely if the IPaddress was being spoofed then the result would have to be sent back to the address that was being spoofed and therefore not reach the spoofer? Update: Ok so from what I can tell.... I should create a Gettoken() method which checks the IPaddress and passes out a cryptographically significant token with a timeout to any valid IP address. This is then required by any other method before any kind of side effect is allowed. Since an Attacker can't (likely) get the token without having a valid IP, he will be unable to validly call any of my "dangerous" webmethods ?

    Read the article

  • Is it possible to get RSA private key knowing public key and set of "original data=>encrypted data"

    - by Riz
    Hi, I work on apllication which allows plugins to access different set of functionality, every plugin provides "initialization string" which sets level of access to different features. Developers send me this strings, and I encrypt them using my 1024 bit RSA private key and send encoded data back. When started, my application decodes encoded data(encoded initialisation string) using built-in public key and if "decoded data != initialization string" it fails to start. So, is it possible to use a database of "initialization string" = "encoded initialization string"(extracted from other plugins) to crack my private key, or make it possible to bruteforce it in reasonable time?

    Read the article

  • starting a service based on someone's GPL/MIT licensed code

    - by fooyee
    someone wrote a nice framework for developing html5 3d engine. It's GPL/MIT licensed. Do you think it's a good idea to build upon it, and then repackage it and sell it as a service? For eg the framework lets you build 3d environments. so I build on it, maybe add a few features like characters and music in the environment, and turn it into an online game. Is it a feasible idea? Of course, part of the GPL license says that all source code has to be visible to end users. Assuming the web is a winner take all market based on first mover advantage, why care about hiding the source code? It's the product that's being sold that counts.

    Read the article

  • Using Linux C code and header files to compile a Windows DLL

    - by df382
    I would like to know if in general it is possible to create a C++ DLL with Visual C++ 2010 starting from C code and the header files I find in a Linux distribution. Theoretically, if I take a piece of C code (that includes different header files) from Linux and I find in the Linux file system all the header files needed for the linkage of the project, will I be able to successfully compile the project in Windows with Visual C++ 2010? Are there some examples or a tutorial for doing this? After compiling a DLL, I would like to use it in a C# application, which I will run under Linux with Mono.

    Read the article

  • Tool To Catch All The Inputs That Cause Crash?

    - by Barakat
    Hi all, I need a Windows tool records inputs and debugging informations that cause program's crashing. I don't mean a fuzzing tool ! Ammmmm ... let me show you a scenario may explain what I'm talking about. Sometimes during using a program, It's crashed without known reason ! and when I want to debug it, I will not find helpful informations to know how the crash happened. Because that the data that cause the crash no longer exist. So I need a tool records all the inputs and debugging informations to find helpful informations to reuse the inputs data to make the program crashes under a debaucher in order to understand how the crash happen.

    Read the article

  • Ensure that my C# desktop application is making requests to my ASP .NET MVC action?

    - by Mathias Lykkegaard Lorenzen
    I've seen questions that are almost identical to this one, except minor but important differences that I would like to get detailed. Let's say that I have a controller and an action method in MVC which therefore accepts requests on the following URL: http://example.com/api/myapimethod?data=some-data-here. This URL is then being called regularly by 1000 clients or more spread out in the public. The reason for this is crowdsourcing. The clients around the globe help feed a global cache on my server, which makes it faster for the rest of the clients to fetch the data. Now, if I'm sneaky (and I am), I can go into Fiddler, Ethereal, Wireshark or any other packet sniffing tool and figure out which requests the program is making. By figuring that out, I can also replicate them, and fill the service with false corrupted data. What is the best approach to ensuring that the data received in my ASP .NET MVC action method is actually from the desktop client application, and not some falsely generated data that the user invented? Since it is all based on crowdsourcing, would it be a good idea for my users to be able to "vote" if some data is falsified, and then let an automatic cleanup commence if there are enough votes? I do not have access to a tool like SmartAssembly, so unfortunately my .NET program is fully decompilable. I realize this might be impossible to accomplish in an error-proof manner, but I would like to know where my best chances are.

    Read the article

  • Should I sanitize EVERY form variable passed along?

    - by Camran
    I have a form with many fields... The action is set to a php page which queries mysql... Should I sanitize with mysql_real_escape_string every single variable? Or can I ignore sanitizing drop-lists and radios for instance? Also, besides mysql_real_escape_string, what else should I do to prevent attacks? Thanks

    Read the article

  • Extracting methods body from a class of Java Source Code

    - by Muhammad Asaduzzaman
    Hi, I want to extract method body from a Java Source Code. Suppose I have the following code: public class A{ public void print(){ System.out.println("Print This thing"); System.out.println("Print This thing"); System.out.println("Print This thing"); } } My objective is not to extract the method name (in this case print) but also the bode of the method(In this case the three print statement inside the print method). Can anyone suggest how can I do so? Is their any library available for doing so.

    Read the article

  • How to flush coverage data when my test cause app crash - For ios app

    - by Ypy
    I want to get the code coverage of my tests. So I set the settings, build an app with .gcno files and run it on simulator. It can get the coverage data successfully if there is no crash issue. But if the app crashed, I will get nothing. So how can I get the code coverage data when the app crash? In my thought, this is because it will not call __gcov_flush() method when app crash. I only add app does not run in background to my plist file, so __gcov_flush() is called only at the time I press Home button. Is there any way to call __gcov_flush() before the app crash?

    Read the article

  • How do I password protect IIS in a method analogous to Apache's AuthType / AuthUserFile mechanism?

    - by Matt
    I'm used to doing basic password protection for Apache w/ the following method in Apache config files: AuthType Basic AuthName "By Invitation Only" AuthUserFile /path/to/.htpasswd Require valid-user However, I've been asked to put some protection on a subdirectory of a site running ColdFusion on top of IIS6, and I'm unfamiliar with how to do this. How is this done? What should I look out for? I just need to password protect an administrative subdirectory, so I don't need a full user login system - just something that limits who can access the section of the site.

    Read the article

  • Hosting SQL at remote location?

    - by Syd
    Hey guys, My OSCommerce site includes a separately programmed feature for which I use SQL tables. I've decided to host its tables on a remote site offering free SQL accounts. I'd like to know if there could be any disadvantages to this approach. Thanks Syd

    Read the article

  • How Iostream file is located in computer by c++ code during execution

    - by user3702024
    i want to know that in a c++ code during execution how iostream file is founded. we write #include in c++ program and i know about #include which is a preprocessor directive to load files and is a file name but i don't know that how that file is located. i have some questions in my mind... Is Standard library present in compiler which we are using? Is that file is present in standard library or in our computer? Can we give directory path to locate the file through c++ code if yes then how?

    Read the article

  • Can the user take the resource from the iPhone Apps?

    - by Tattat
    I know that the Apple Mac OS .app file is a collection of programs and data. I guest the iPhone is similar in this way. I can unzip a Mac OS .app to find the resource , images using this way. Can the iPhone App do the similar thing? I mean, can the user unzip the iPhone .app to get the resource/ img from that? thz.

    Read the article

  • Internet Explore works very slowly executing JS code

    - by Sergey Basharov
    There is a page that uses PHP to fetch search results from Google Search API and then it puts the results on the page some funny way in a circle. Code and may look crappy but seems that it works more or less fine in Firefox. When you enter a search query and click submit button or Next/Previous links, it fills the wheel with results. The problem is its work in IE. It works there very slowly and then it doesn't clear the wheel before filling in new data, but puts it over that. My friend asked me to help him with this code. Please give me a piece of advice how I can fix it. Thanks so much!

    Read the article

  • External user domain in grails

    - by archer
    We're currently using Acegi 0.5.2 plugin for Grails 1.2.1. However, we're going to move our user management to external CRM. What would be the best way to link existing Person domain with external CRM entity?

    Read the article

  • Compute hex color code for an arbitrary string

    - by user222164
    Heading Is there a way to map an arbitrary string to a HEX COLOR code. I tried to compute the HEX number for string using string hashcode. Now I need to convert this hex number to six digits which are in HEX color code range. Any suggestions ? String [] programs = {"XYZ", "TEST1", "TEST2", "TEST3", "SDFSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS"}; for(int i = 0; i < programs.length; i++) { System.out.println( programs[i] + " -- " + Integer.toHexString(programs[i].hashCode())); }

    Read the article

  • j_security_check to SSO in different module under Oracle App Server?

    - by thebearinboulder
    I have an existing j2ee application running on Oracle App Server. It is targeted towards paying customers so the content is secured and a SSO module properly intercepts all requests for secured content. Now the company is adding a unbranded public-facing module with a number of unsecured pages. At one point the user is expected to register for a free account and log in to proceed further. Think doctors adding a public-facing site with information for potential patients, or lawyers adding a public-facing site with information for potential clients. There's some information on the session and the usual approach would be to authenticate the user, persist the session information using the now-known user id, invalidate the existing session (to prevent certain types of attacks), the reload the session information before returning to the user. I can't just persist it under the session id since that's about to change. The glitch is that the existing application already has an SSO module and I get a 404 error every time I try to direct to j_security_check. I've tried that, /sso/j_security_check, even http://localhost/sso/j_security_check, all without success. I noticed that an earlier question said that tomcat requires access to a secured page before j_security_check is even visible. I don't know if that's the case with Oracle AS. Ideas? Or is the best approach to continue arguing that we have a different user base so it would be better to handle authentication in our own module anyway?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 319 320 321 322 323 324 325 326 327 328 329 330  | Next Page >