Search Results

Search found 30819 results on 1233 pages for 'software security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 325/1233 | < Previous Page | 321 322 323 324 325 326 327 328 329 330 331 332  | Next Page >

  • Is there a mechanism to distribute an app with its own JRE?

    - by user179997
    These fine folks are my users: http://www.youtube.com/watch?v=o4MwTvtyrUQ If you don't want to enjoy the video here is the gist: my users can't tell between a file and a folder, between a browser and a web site. I need to create a Java web app (Tomcat or Jetty) and deploy it in as many of their computers, Windows and Mac. The question is: Is there a mechanism to distribute an app with its own JRE? (in the Tcl world there are starpacks and starkits, in the Python world there's py2exe and others, that's the idea). And also, is it legal? I know the VM is open source but I'm not clear about the libraries, and I know about GNU Classpath but I don't know if all the packages are there. I don't want to depend on the installed JRE or on the user having enough privileges to install one. On the Mac I don't want to depend on Apple (I had to switch from Tiger to Snow Leopard just to have Java 1.6, I can't put my users in that position) Any info greatly appreciated. Thanks! jb edit: I'm wondering if I can just paste the JRE folder under my app folder. Is that allowed?

    Read the article

  • anyone know of a custom membership provider implementation that check password strength against in-b

    - by ronaldwidha
    I've got an Asp.net MVC app and before being able to go live, the IT have requested for us to comply with their password policy. The flexibility of AspnetSqlMembershipProvider doesn’t quite satisfy the requirement. The password strength and length rules are as follows: one lowercase one Uppercase one number and or special character 8 characters in length so far, aspnetsqlmembershipprovider is good... Not allowed to use: Dictionary words Names, real or fictional Plain language phrases Dates Telephone numbers Car registration numbers User IDs Postal codes Organization name Only the first 4 criteria are satisfied by the aspnetsqlmembershipprovider. Do you know of any third party products that offers this functionality (preferably in the form of a custom membership provider)?

    Read the article

  • Disabling javascript in specific block/div (containing suspect HTML) ?

    - by T4NK3R
    Is it, in any way, possible to disable the browsers execution of script inside a block/section/element ? My scenario is, that I'm letting my (future) users create "rich content" (using CK-editor). Content that wil later be shown to other users - with all the dangers that imply: xss, redirection, identity theft, spam and what not... I've, more or less, given up on trying to "sanitize" the incomming XHTML, after seeing how many known "vectors of attack" there are: http://ha.ckers.org/xss.html What I'm really looking for is something like: < div id="userContent"< scriptOFF suspect HTML < /scriptOFF< /div

    Read the article

  • Password protected .NET ClickOnce deployment?

    - by splattne
    How can I protect a ClickOnce deployed application with a password? Do I have to change the IIS settings of the web or is there a way to do it programmatically? I'm using Visual Studio 2005 (.NET 2.0). If I have to use web credentials, are auto-updates of the application still possible? Would be great if you could provide some sample code or detailed instructions for administering IIS. Thank you!

    Read the article

  • Do you take the pain of learning it or use an out of the box solution?

    - by Mantorok
    Hi all What I'm getting at here is being presented with a control or framework that does 95% of what you want but has its shortcomings when opposed to learning how to do it yourself. To give a good example (ASP.Net) UpdatePanel vs DIY JS/JSON. The UpdatePanel gives you AJAX instantly without doing anything additional, however I've come to learn that its shortcomings are mainly that it's a bit of a hack and performs badly on busy pages and I've found myself having to scrap UpdatePanels in favour of rolling my own JS, and I've now made it a habit to fully investigate any shortcomings in out-of-the-box solutions, as I've been stung by this experience. So I guess what I'm asking is: Is it better to find out how to DIY or is it considered a better approach to try the available solution and risk going a full circle? Obviously I've only targetted a single control, but it is a very attractive control to people learning AJAX - I'm sure there are others out there. Sorry if dupliate. Thanks

    Read the article

  • Is it dangerous to store user-enterable text into a hidden form via javascript?

    - by KallDrexx
    In my asp.net MVC application I am using in place editors to allow users to edit fields without having a standard form view. Unfortunately, since I am using Linq to Sql combined with my data mapping layer I cannot just update one field at a time and instead need to send all fields over at once. So the solution I came up with was to store all my model fields into hidden fields, and provide span tags that contain the visible data (these span tags become editable due to my jquery plugin). When a user triggers a save of their edits of a field, jquery then takes their value and places it in the hidden form, and sends the whole form to the server to commit via ajax. When the data goes into the hidden field originally (page load) and into the span tags the data is properly encoded, but upon the user changing the data in the contenteditable span field, I just run $("#hiddenfield").val($("#spanfield").html(); Am I opening any holes this method? Obviously the server also properly encodes stuff prior to database entry.

    Read the article

  • Importance of verifying user email on web signup

    - by sunwukung
    I know this question is crazy - but my employers client is demanding that email verification be removed from the sign up process (they feel it is impeding sign up). I wanted to garner feedback from the programming community at large as to their experience and opinions regarding sign up and email verification - and the possible consequences of removing this safeguard.

    Read the article

  • Hash Digest / Array Comparison in C#

    - by Erik Karulf
    Hi All, I'm writing an application that needs to verify HMAC-SHA256 checksums. The code I currently have looks something like this: static bool VerifyIntegrity(string secret, string checksum, string data) { // Verify HMAC-SHA256 Checksum byte[] key = System.Text.Encoding.UTF8.GetBytes(secret); byte[] value = System.Text.Encoding.UTF8.GetBytes(data); byte[] checksum_bytes = System.Text.Encoding.UTF8.GetBytes(checksum); using (var hmac = new HMACSHA256(key)) { byte[] expected_bytes = hmac.ComputeHash(value); return checksum_bytes.SequenceEqual(expected_bytes); } } I know that this is susceptible to timing attacks. Is there a message digest comparison function in the standard library? I realize I could write my own time hardened comparison method, but I have to believe that this is already implemented elsewhere.

    Read the article

  • SQL Injection When Using MySQLi Prepared Statements

    - by Sev
    If all that is used to do any and all database queries is MySQLi prepared statements with bound parameters in a web-app, is sql injection still possible? Notes I know that there are other forms of attack other than sql-injection, but my question is specific to sql-injection attacks on that particular web application only.

    Read the article

  • is it safe to call "plink.exe" in an application

    - by EBAGHAKI
    i want to use "plink.exe -u username -pw securepassword" on my windows visual c++ program. will username and password remain safe while calling this command? I mean can a hacker steal or sniff the username and password? (consider hacker can't get to the password directly from the exe file)

    Read the article

  • How do API Keys and Secret Keys work?

    - by viatropos
    I am just starting to think about how api keys and secret keys work. Just 2 days ago I signed up for Amazon S3 and installed the S3Fox Plugin. They asked me for both my Access Key and Secret Access Key, both of which require me to login to access. So I'm wondering, if they're asking me for my secret key, they must be storing it somewhere right? Isn't that basically the same thing as asking me for my credit card numbers or password and storing that in their own database? How are secret keys and api keys supposed to work? How secret do they need to be? Are these applications that use the secret keys storing it somehow? Thanks for the insight.

    Read the article

  • Encrypt URL in asp.net

    - by Zerotoinfinite
    Hi All, My site is in asp.net 3.5 and C#. I am sending link to my user through mail, now I want to send each user a specific URL. so instead of sending the clear text I want to send link with encrypted string URL, which I will decrypt on my home page. Like instead of www.mysite.aspx\mypage?userId=12 i'll send www.mysite.aspx\mypage?UserId=)@kasd12 and the same i'll decrypt on my page so that I'll get the userId = 12. Please let me know if my approach is correct and not and how can I encrypt & decrypt the string in simplest and easier manner. Thanks in advance.

    Read the article

  • How to secure phpMyAdmin

    - by Andrei
    Hi, I have noticed that there are strange requests to my website trying to find phpmyadmin, like /phpmyadmin/ /pma/ etc. Now I have installed PMA on Ubuntu via apt and would like to access it via webaddress different from /phpmyadmin/. What can I do to change it? Thanks

    Read the article

  • Should methods that are required to be executed in a specific order be private?

    - by TooFat
    I have a Class that retrieves some data and images does some stuff to them and them uploads them to a third party app using web services. The object needs to perform some specific steps in order. My question is should I be explicitly exposing each method publicly like so. myObject obj = new myObject(); obj.RetrieveImages(); obj.RetrieveAssociatedData(); obj.LogIntoThirdPartyWebService(); obj.UploadStuffToWebService(); or should all of these methods be private and encapsulated in a single public method like so. public class myObject() { private void RetrieveImages(){}; private void RetrieveAssociatedData(){}; private void LogIntoThirdPartyWebService(){}; private void UploadStuffToWebService(){}; public void DoStuff() { this.RetrieveImages(); this.RetrieveAssociatedData(); this.LogIntoThirdPartyWebService(); this.UploadStuffToWebService(); } } which is called like so. myObject obj = new myObject(); obj.DoStuff();

    Read the article

  • How important is it to use SSL on every page of your website?

    - by Mark
    Recently I installed a certificate on the website I'm working on. I've made as much of the site as possible work with HTTP, but after you log in, it has to remain in HTTPS to prevent session hi-jacking, doesn't it? Unfortunately, this causes some problems with Google Maps; I get warnings in IE saying "this page contains insecure content". I don't think we can afford Google Maps Premier right now to get their secure service. It's sort of an auction site so it's fairly important that people don't get charged for things they didn't purchase because some hacker got into their account. All payments are done through PayPal though, so I'm not saving any sort of credit card info, but I am keeping personal contact information. Fraudulent charges could be reversed fairly easily if it ever came to that. What do you guys suggest I do? Should I take the bulk of the site off HTTPS and just secure certain pages like where ever you enter your password, and that's it? That's what our competition seems to do.

    Read the article

  • How can I ensure that a Java object (containing cryptographic material) is zeroized?

    - by Jeremy Powell
    My concern is that cryptographic keys and secrets that are managed by the garbage collector may be copied and moved around in memory without zeroization. As a possible solution, is it enough to: public class Key { private char[] key; // ... protected void finalize() throws Throwable { try { for(int k = 0; k < key.length; k++) { key[k] = '\0'; } } catch (Exception e) { //... } finally { super.finalize(); } } // ... }

    Read the article

  • Correct way to safely store token/secret/etc from OAuth?

    - by viatropos
    I just started looking into OAuth and it looks really nice. I have oauth with twitter working in ruby right now. Now I'm wondering, what is the recommended safe way to store the responses in my local database and session? What should I store? Where should I store it? This example twitter-oauth-with-rails app stores a user.id in the session, and the user table has the token and secret. But that seems like it'd be really easy to hack and get the secret by just passing in a slew of test user ids, no?

    Read the article

  • Feature Driven Development Model (SDLC)

    - by j-t-s
    Hi All I've been searching all over the internet for days. Does anybody have, or know of, and can share sample Feature Driven Development documents? I keep coming across gazillions of "samples" with absolutely no useful information whatsoever. Thank you jt

    Read the article

  • Smart Client App: How to give Different Settings for Different Users

    - by Daniel
    Hi! I have a smart client application being deployed with a CickOnce webpage. here's the current scenario. User runs the application, and the application shows a login form. User enters ID/Password in the login form, and the application sends that information to the server. The server authenticates the user and sends configuration and data to the application. Different users have different configuration and data for their application. I was concerned that anyone can download the application from the webpage if they know the URL. So I'm trying to change the authentication scheme, so that users can login at the webpage to download the application. I want to send the authentication info from the webpage(Program running at the server) to the smart client app, so that application can download the configuration information from the server, without prompting users to make a login again. How can the webpage send the ID/Passoword to the application securely?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 321 322 323 324 325 326 327 328 329 330 331 332  | Next Page >