Search Results

Search found 30819 results on 1233 pages for 'software security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 325/1233 | < Previous Page | 321 322 323 324 325 326 327 328 329 330 331 332  | Next Page >

  • How do API Keys and Secret Keys work?

    - by viatropos
    I am just starting to think about how api keys and secret keys work. Just 2 days ago I signed up for Amazon S3 and installed the S3Fox Plugin. They asked me for both my Access Key and Secret Access Key, both of which require me to login to access. So I'm wondering, if they're asking me for my secret key, they must be storing it somewhere right? Isn't that basically the same thing as asking me for my credit card numbers or password and storing that in their own database? How are secret keys and api keys supposed to work? How secret do they need to be? Are these applications that use the secret keys storing it somehow? Thanks for the insight.

    Read the article

  • Smart Client App: How to give Different Settings for Different Users

    - by Daniel
    Hi! I have a smart client application being deployed with a CickOnce webpage. here's the current scenario. User runs the application, and the application shows a login form. User enters ID/Password in the login form, and the application sends that information to the server. The server authenticates the user and sends configuration and data to the application. Different users have different configuration and data for their application. I was concerned that anyone can download the application from the webpage if they know the URL. So I'm trying to change the authentication scheme, so that users can login at the webpage to download the application. I want to send the authentication info from the webpage(Program running at the server) to the smart client app, so that application can download the configuration information from the server, without prompting users to make a login again. How can the webpage send the ID/Passoword to the application securely?

    Read the article

  • How to make a secure login using UDID or device token?

    - by Erik B
    So I'm making an app where I want the users to be able add, edit and rate content, but I do not want to force them to register. Instead I was planning on just using their device id or device token to identify them. I'm planning on making both an iPhone and Android version, so I'm looking for a general solution, but the iPhone version has higher priority, so an iPhone specific solution would also be welcome. The problem is that I don't want just anyone to be able to use my web service by sending a phony device id or someone else's device id. How would the client prove to the server that it is providing the correct device id?

    Read the article

  • Hash Digest / Array Comparison in C#

    - by Erik Karulf
    Hi All, I'm writing an application that needs to verify HMAC-SHA256 checksums. The code I currently have looks something like this: static bool VerifyIntegrity(string secret, string checksum, string data) { // Verify HMAC-SHA256 Checksum byte[] key = System.Text.Encoding.UTF8.GetBytes(secret); byte[] value = System.Text.Encoding.UTF8.GetBytes(data); byte[] checksum_bytes = System.Text.Encoding.UTF8.GetBytes(checksum); using (var hmac = new HMACSHA256(key)) { byte[] expected_bytes = hmac.ComputeHash(value); return checksum_bytes.SequenceEqual(expected_bytes); } } I know that this is susceptible to timing attacks. Is there a message digest comparison function in the standard library? I realize I could write my own time hardened comparison method, but I have to believe that this is already implemented elsewhere.

    Read the article

  • Cocos2d and MPMoviePlayerViewController - NSNotificationCenter not working

    - by digi_0315
    I'm using cocos2d with MPMoviePlayerViewController class, but when I tryed to catch notification status when the movie is finished I got this error: Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '-[NSCFString movieFinishedCallback]: unrecognized selector sent to instance 0x5d23730' my playVideoController.m are: @implementation PlayVideoViewController +(id) scene{ CCScene *scene = [CCScene node]; CCLayer *layer = [credits node]; [scene addChild: layer]; return scene; } -(id)initWithPath:(NSString *)moviePath{ if ((self = [super init])){ movieURL = [NSURL fileURLWithPath:moviePath]; [movieURL retain]; playerViewController = [[MPMoviePlayerViewController alloc] initWithContentURL:movieURL]; player = [playerViewController moviePlayer]; [[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(movieFinishedCallback) name:MPMoviePlayerPlaybackDidFinishNotification object:player]; [[[CCDirector sharedDirector] openGLView] addSubview:playerViewController.view]; [player play]; } return self; } -(void)movieFinishedCallback{ CCLOG(@"video finished!!"); } in .h: #import <UIKit/UIKit.h> #import "cocos2d.h" #import <MediaPlayer/MediaPlayer.h> @interface PlayVideoViewController : CCLayer { NSURL *movieURL; MPMoviePlayerViewController *playerViewController; MPMoviePlayerController *player; } +(id) scene; @end and I call it in appDelegate.m: - (void) applicationDidFinishLaunching:(UIApplication*)application { CC_DIRECTOR_INIT(); CCDirector *director = [CCDirector sharedDirector]; [director setDeviceOrientation:kCCDeviceOrientationLandscapeLeft]; EAGLView *glView = [director openGLView]; [glView setMultipleTouchEnabled:YES]; [CCTexture2D setDefaultAlphaPixelFormat:kTexture2DPixelFormat_RGBA8888];//kEAGLColorFormatRGBA8 NSString *path = [[NSBundle mainBundle] pathForResource:@"intro" ofType:@"mov" inDirectory:nil]; vi ewController = [[[PlayVideoViewController alloc] initWithPath:path] autorelease]; } what i'm doing wrong? anyone can help me please?? I'm try to solve it since a lot of hours ago but I can't!

    Read the article

  • How to block non-browser clients from submitting a request?

    - by Thomas Kohl
    I want to block non-browser clients from accessing certain pages / successfully making a request. The website content is served to authenticated users. What happens is that our user gives his credentials to our website to 3rd party - it can be another website or a mobile application - that performs requests on his behalf. Say there is a form that the user fills out and sends a message. Can I protect this form so that the server processing the submission can tell whether the user has submitted it directly from the browser or not? I don't want to use CAPTCHA for usability reasons. Can I do it with some javascript?

    Read the article

  • Do you take the pain of learning it or use an out of the box solution?

    - by Mantorok
    Hi all What I'm getting at here is being presented with a control or framework that does 95% of what you want but has its shortcomings when opposed to learning how to do it yourself. To give a good example (ASP.Net) UpdatePanel vs DIY JS/JSON. The UpdatePanel gives you AJAX instantly without doing anything additional, however I've come to learn that its shortcomings are mainly that it's a bit of a hack and performs badly on busy pages and I've found myself having to scrap UpdatePanels in favour of rolling my own JS, and I've now made it a habit to fully investigate any shortcomings in out-of-the-box solutions, as I've been stung by this experience. So I guess what I'm asking is: Is it better to find out how to DIY or is it considered a better approach to try the available solution and risk going a full circle? Obviously I've only targetted a single control, but it is a very attractive control to people learning AJAX - I'm sure there are others out there. Sorry if dupliate. Thanks

    Read the article

  • .Net 2.0 ServiceController.GetServices()

    - by Miles
    I've got a website that has windows authentication enable on it. From a page in the website, the users have the ability to start a service that does some stuff with the database. It works fine for me to start the service because I'm a local admin on the server. But I just had a user test it and they can't get the service started. My question is: Does anyone know of a way to get a list of services on a specified computer by name using a different windows account than the one they are currently logged in with? I really don't want to add all the users that need to start the service into a windows group and set them all to a local admin on my IIS server..... Here's some of the code I've got: public static ServiceControllerStatus FindService() { ServiceControllerStatus status = ServiceControllerStatus.Stopped; try { string machineName = ConfigurationManager.AppSettings["ServiceMachineName"]; ServiceController[] services = ServiceController.GetServices(machineName); string serviceName = ConfigurationManager.AppSettings["ServiceName"].ToLower(); foreach (ServiceController service in services) { if (service.ServiceName.ToLower() == serviceName) { status = service.Status; break; } } } catch(Exception ex) { status = ServiceControllerStatus.Stopped; SaveError(ex, "Utilities - FindService()"); } return status; } My exception comes from the second line in the try block. Here's the error: System.InvalidOperationException: Cannot open Service Control Manager on computer 'server.domain.com'. This operation might require other privileges. --- System.ComponentModel.Win32Exception: Access is denied --- End of inner exception stack trace --- at System.ServiceProcess.ServiceController.GetDataBaseHandleWithAccess(String machineName, Int32 serviceControlManaqerAccess) at System.ServiceProcess.ServiceController.GetServicesOfType(String machineName, Int32 serviceType) at TelemarketingWebSite.Utilities.StartService() Thanks for the help/info

    Read the article

  • 2008 Datacenter Word Automation issue

    - by Brad
    We have an application that uses word automation. It works fine under Windows XP, but does not work on our Windows Server 2008 64-bit virtual machine running on VMware ESX unless it is running as the domain administrator. Under any other account (including a local admin), Word starts, uses a lot of CPU for 40 seconds when opening a document, and then just hangs. Our application does not access anything not on the local machine, and this machine is not being used for anything else (not a domain controller, etc). I know others have posted similar issues, with the solution of creating a Desktop folder somewhere under the windows directory. We did this, and it did not solve the problem (Word did not get as far as it did before we did this though). Please don't turn this into a thread about why I am trying to do this, whether I should do this, or whether I need to. For argument sake, I don't need to do this, but understanding what privilege a local admin does not have that is needed to do this is a legitimate concern.

    Read the article

  • Disabling javascript in specific block/div (containing suspect HTML) ?

    - by T4NK3R
    Is it, in any way, possible to disable the browsers execution of script inside a block/section/element ? My scenario is, that I'm letting my (future) users create "rich content" (using CK-editor). Content that wil later be shown to other users - with all the dangers that imply: xss, redirection, identity theft, spam and what not... I've, more or less, given up on trying to "sanitize" the incomming XHTML, after seeing how many known "vectors of attack" there are: http://ha.ckers.org/xss.html What I'm really looking for is something like: < div id="userContent"< scriptOFF suspect HTML < /scriptOFF< /div

    Read the article

  • Password protected .NET ClickOnce deployment?

    - by splattne
    How can I protect a ClickOnce deployed application with a password? Do I have to change the IIS settings of the web or is there a way to do it programmatically? I'm using Visual Studio 2005 (.NET 2.0). If I have to use web credentials, are auto-updates of the application still possible? Would be great if you could provide some sample code or detailed instructions for administering IIS. Thank you!

    Read the article

  • Encrypt URL in asp.net

    - by Zerotoinfinite
    Hi All, My site is in asp.net 3.5 and C#. I am sending link to my user through mail, now I want to send each user a specific URL. so instead of sending the clear text I want to send link with encrypted string URL, which I will decrypt on my home page. Like instead of www.mysite.aspx\mypage?userId=12 i'll send www.mysite.aspx\mypage?UserId=)@kasd12 and the same i'll decrypt on my page so that I'll get the userId = 12. Please let me know if my approach is correct and not and how can I encrypt & decrypt the string in simplest and easier manner. Thanks in advance.

    Read the article

  • Is it safe to read regular expressions from a file?

    - by Zilk
    Assuming a Perl script that allows users to specify several text filter expressions in a config file, is there a safe way to let them enter regular expressions as well, without the possibility of unintended side effects or code execution? Without actually parsing the regexes and checking them for problematic constructs, that is. There won't be any substitution, only matching. As an aside, is there a way to test if the specified regex is valid before actually using it? I'd like to issue warnings if something like /foo (bar/ was entered. Thanks, Z. EDIT: Thanks for the very interesting answers. I've since found out that the following dangerous constructs will only be evaluated in regexes if the use re 'eval' pragma is used: (?{code}) (??{code}) ${code} @{code} The default is no re 'eval'; so unless I'm missing something, it should be safe to read regular expressions from a file, with the only check being the eval/catch posted by Axeman. At least I haven't been able to hide anything evil in them in my tests. Thanks again. Z.

    Read the article

  • Should I Use Anchor, Button Or Form Submit For "Follow" Feature In Rails

    - by James
    I am developing an application in Rails 3 using a nosql database. I am trying to add a "Follow" feature similar to twitter or github. In terms of markup, I have determined that there are three ways to do this. 1) Use a regular anchor. (Github Uses This Method) <a href="/users/follow?target=Joe">Follow</a> 2) Use a button. (Twitter Uses This Method) <button href="/friendships/create/">Follow</button> 3) Use a form with a submit button. (Has some advantages for me, but I haven't see anyone do it yet.) <form method="post" id="connection_new" class="connection_new" action="/users/follow"> <input type="hidden" value="60d7b563355243796dd8496e17d36329" name="target" id="target"> <input type="submit" value="Follow" name="commit" id="connection_submit"> </form> Since I want to store the user_id in the database and not the username, options 1 and 2 will force me to do a database query to get the actual user_id, whereas option 3 will allow me to store the user_id in a hidden form field so that I don't have to do any database lookups. I can just get the id from the params hash on form submission. I have successfully got each of these methods working, but I would like to know what is the best way to do this. Which way is more semantic, secure, better for spiders, etc...? Is there a reason both twitter and github don't use forms to do this? Any guidance would be appreciated. I am leaning towards using the form method since then I don't have to query the db to get the id of the user, but I am worried that there must be a reason the big guys are just using anchors or buttons for this. I am a newb so go easy on me if I am totally missing something. Thanks!

    Read the article

  • Is it safe to put reference to current user in User model in Rails?

    - by Art Shayderov
    You know, I think I have to check current user in the model callbacks (like before_update). Rather than rely solely on adding where ('something.user_id = ?', 'current_user.id') in the controllers. I need something like Thread.CurrentPrincipal in .NET Is it safe to put reference to current user in User model? I'm sorry I don't really understand how it works under the hood yet. Or how you do it The Rails way? Sorry if this a silly question.

    Read the article

  • Should methods that are required to be executed in a specific order be private?

    - by TooFat
    I have a Class that retrieves some data and images does some stuff to them and them uploads them to a third party app using web services. The object needs to perform some specific steps in order. My question is should I be explicitly exposing each method publicly like so. myObject obj = new myObject(); obj.RetrieveImages(); obj.RetrieveAssociatedData(); obj.LogIntoThirdPartyWebService(); obj.UploadStuffToWebService(); or should all of these methods be private and encapsulated in a single public method like so. public class myObject() { private void RetrieveImages(){}; private void RetrieveAssociatedData(){}; private void LogIntoThirdPartyWebService(){}; private void UploadStuffToWebService(){}; public void DoStuff() { this.RetrieveImages(); this.RetrieveAssociatedData(); this.LogIntoThirdPartyWebService(); this.UploadStuffToWebService(); } } which is called like so. myObject obj = new myObject(); obj.DoStuff();

    Read the article

  • Is DB logging more secure than file logging for my PHP web app?

    - by iama
    I would like to log errors/informational and warning messages from within my web application to a log. I was initially thinking of logging all of these onto a text file. However, my PHP web app will need write access to the log files and the folder housing this log file may also need write access if log file rotation is desired which my web app currently does not have. The alternative is for me to log the messages to the MySQL database since my web app is already using the MySQL database for all its data storage needs. However, this got me thinking that going with the MySQL option is much better than the file option since I already have a configuration file with the database access information protected using file system permissions. If I now go with the log file option I need to tinker the file and folder access permissions and this will only make my application less secure and defeats the whole purpose of logging. Is this correct? I am using XAMPP for development and am a newbie to LAMP. Please let me know your recommendations for logging. Thanks.

    Read the article

  • what is file verification system for php project or licence checking the configuration files

    - by Jayapal Chandran
    Hi, My colleague asked me a question like "license check to config file". when i searched i got this http://www.google.com/search?q=file+verification+system&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a and in the result i got this http://integrit.sourceforge.net/texinfo/integrit.html but could not grasp much of its idea. Here is my thoughts... Our project is written in codeigniter. The project owner is providing it to their customer. The owner is a business partner with that concept. Besides, the owner needs control of the project code so that the customer will not break rules with him like changing the code or moving it go another server or validity. So the owner needs a system to enable disable the site. Let me give an example... owner.com will have an admin panel where he can either disable or enable the client.com. when he disables the client.com should display a custom message instead of loading the files. client.com is written i a way that i will process requests from owner.com and also the other way round. so, here i want a list of the concepts with which we can implement the ownership and control over client.com any suggestions, links, references, answers will be helpful. If i am missing something in my question i will update my question according to your comments if any so that the users can give in their idea without confusing of what i had asked. THX

    Read the article

  • How to write mod_security friendly PHP code?

    - by KPL
    Hello people, I made a theme in WordPress which hit the mod_security rule on HostGator and gave 403 error. I contacted people there(at HostGator) and they fixed it for me. But I don't want my theme to work like this. I just wanted to know if there are any guides/blog post/tutorials telling about writing PHP code which is mod_security friendly? I tried Google, but didn't find anything helpful.

    Read the article

  • How can I ensure that a Java object (containing cryptographic material) is zeroized?

    - by Jeremy Powell
    My concern is that cryptographic keys and secrets that are managed by the garbage collector may be copied and moved around in memory without zeroization. As a possible solution, is it enough to: public class Key { private char[] key; // ... protected void finalize() throws Throwable { try { for(int k = 0; k < key.length; k++) { key[k] = '\0'; } } catch (Exception e) { //... } finally { super.finalize(); } } // ... }

    Read the article

  • c# Sending emails with authentication. standard approach not working

    - by Ready Cent
    I am trying to send an email using the following very standard code. However, I get the error that follow... MailMessage message = new MailMessage(); message.Sender = new MailAddress("[email protected]"); message.To.Add("[email protected]"); message.Subject = "test subject"; message.Body = "test body"; SmtpClient client = new SmtpClient(); client.Host = "mail.myhost.com"; //client.Port = 587; NetworkCredential cred = new NetworkCredential(); cred.UserName = "[email protected]"; cred.Password = "correct password"; cred.Domain = "mail.myhost.com"; client.Credentials = cred; client.UseDefaultCredentials = false; client.Send(message); Mailbox unavailable. The server response was: No such user here. This recipient email address definitely works. To make this account work I had to do some special steps in outlook. Specifically, I had to do change account settings - more settings - outgoing server - my outgoing server requires authentication & use same settings. I am wondering if there is some other strategy. I think the key here is that my host is Server Intellect and I know that some people on here use them so hopefully someone else has been able to get through this. I did talk to support but they said with coding issues I am on my own :o

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 321 322 323 324 325 326 327 328 329 330 331 332  | Next Page >