Search Results

Search found 30819 results on 1233 pages for 'software security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 325/1233 | < Previous Page | 321 322 323 324 325 326 327 328 329 330 331 332  | Next Page >

  • Encrypt URL in asp.net

    - by Zerotoinfinite
    Hi All, My site is in asp.net 3.5 and C#. I am sending link to my user through mail, now I want to send each user a specific URL. so instead of sending the clear text I want to send link with encrypted string URL, which I will decrypt on my home page. Like instead of www.mysite.aspx\mypage?userId=12 i'll send www.mysite.aspx\mypage?UserId=)@kasd12 and the same i'll decrypt on my page so that I'll get the userId = 12. Please let me know if my approach is correct and not and how can I encrypt & decrypt the string in simplest and easier manner. Thanks in advance.

    Read the article

  • Importance of verifying user email on web signup

    - by sunwukung
    I know this question is crazy - but my employers client is demanding that email verification be removed from the sign up process (they feel it is impeding sign up). I wanted to garner feedback from the programming community at large as to their experience and opinions regarding sign up and email verification - and the possible consequences of removing this safeguard.

    Read the article

  • How can I sign a Windows Mobile application for internal use?

    - by AR
    I'm developing a Windows Mobile application for internal company use, using the Windows Mobile 6 Professional SDK. Same old story: I've developed and tested on the emulator and all is well, but as soon as I deploy to advice I get an UnauthorizedAccessException when writing files or creating directories. I'm aware that an application installed to a device needs to be signed but I'm running into roadblocks at every turn: Using the project properties 'Devices' window I select 'Sign the project output with this certificate, and choose one of the sample certificates from the SDK. This results in a build error: "The signer's certificate is not valid for signing" when running SignTool. If I try to run SignTool.exe from the commandline, I get an error telling me to run SignTool.exe from a location in the system's PATH. I can't use the 'Signing' tab in the Project Properties to create a test certificate - this is greyed out (presumably for WinMobile projects?). If at all possible, I would like to avoid having to go through Versign or the like to get a Mobile2Market certificate. If I have to go this route for a final version that's fine, but I need to at least be able to test the app on real devices. Any advice would be most welcome!

    Read the article

  • How to block non-browser clients from submitting a request?

    - by Thomas Kohl
    I want to block non-browser clients from accessing certain pages / successfully making a request. The website content is served to authenticated users. What happens is that our user gives his credentials to our website to 3rd party - it can be another website or a mobile application - that performs requests on his behalf. Say there is a form that the user fills out and sends a message. Can I protect this form so that the server processing the submission can tell whether the user has submitted it directly from the browser or not? I don't want to use CAPTCHA for usability reasons. Can I do it with some javascript?

    Read the article

  • NameValueCollection Issue In Proxy Generation

    - by N W. annor-adjei
    I have a proxy generation problem I am building my own customised XMLMembershipProvider in WCF. The code runs well in ASP.Net and am consuming the same code in WCF for silverlight, My class inherits the Membership provider hence have implemented all the MembershipProvider methods. Now, consumung this methods in WCF requires also the Initialize Method having NameValueCollection as passin parameter, which is the cause of the problem because WCF does not supporteCollection serialization. when the initialize method is marked as OperationContract, Proxy class does not get generated. I could have use Dictionary but that is impossible here bacause the base class's initialize method accepts two parameter one of which should be a NameValueCollection. If i don't mark the Initialize as OperationContract, the proxy class is generated with all the methods but i realized i still need the Initialize marked as Operation contract to start the provider. Has any one got any idea about the use of NameValueCollection in WCF and the work around this problem Thank you. Nicholas

    Read the article

  • Feature Driven Development Model (SDLC)

    - by j-t-s
    Hi All I've been searching all over the internet for days. Does anybody have, or know of, and can share sample Feature Driven Development documents? I keep coming across gazillions of "samples" with absolutely no useful information whatsoever. Thank you jt

    Read the article

  • Hash Digest / Array Comparison in C#

    - by Erik Karulf
    Hi All, I'm writing an application that needs to verify HMAC-SHA256 checksums. The code I currently have looks something like this: static bool VerifyIntegrity(string secret, string checksum, string data) { // Verify HMAC-SHA256 Checksum byte[] key = System.Text.Encoding.UTF8.GetBytes(secret); byte[] value = System.Text.Encoding.UTF8.GetBytes(data); byte[] checksum_bytes = System.Text.Encoding.UTF8.GetBytes(checksum); using (var hmac = new HMACSHA256(key)) { byte[] expected_bytes = hmac.ComputeHash(value); return checksum_bytes.SequenceEqual(expected_bytes); } } I know that this is susceptible to timing attacks. Is there a message digest comparison function in the standard library? I realize I could write my own time hardened comparison method, but I have to believe that this is already implemented elsewhere.

    Read the article

  • Disabling javascript in specific block/div (containing suspect HTML) ?

    - by T4NK3R
    Is it, in any way, possible to disable the browsers execution of script inside a block/section/element ? My scenario is, that I'm letting my (future) users create "rich content" (using CK-editor). Content that wil later be shown to other users - with all the dangers that imply: xss, redirection, identity theft, spam and what not... I've, more or less, given up on trying to "sanitize" the incomming XHTML, after seeing how many known "vectors of attack" there are: http://ha.ckers.org/xss.html What I'm really looking for is something like: < div id="userContent"< scriptOFF suspect HTML < /scriptOFF< /div

    Read the article

  • Password protected .NET ClickOnce deployment?

    - by splattne
    How can I protect a ClickOnce deployed application with a password? Do I have to change the IIS settings of the web or is there a way to do it programmatically? I'm using Visual Studio 2005 (.NET 2.0). If I have to use web credentials, are auto-updates of the application still possible? Would be great if you could provide some sample code or detailed instructions for administering IIS. Thank you!

    Read the article

  • How should I protect against hard link attacks?

    - by Thomas
    I want to append data to a file in /tmp. If the file doesn't exist I want to create it I don't care if someone else owns the file. The data is not secret. I do not want someone to be able to race-condition this into writing somewhere else, or to another file. What is the best way to do this? Here's my thought: fd = open("/tmp/some-benchmark-data.txt", O_APPEND | O_CREAT | O_NOFOLLOW | O_WRONLY, 0644); fstat(fd, &st); if (st.st_nlink != 1) { HARD LINK ATTACK! } What's the right way? Besides not using a world-writable directory.

    Read the article

  • Is it safe to put reference to current user in User model in Rails?

    - by Art Shayderov
    You know, I think I have to check current user in the model callbacks (like before_update). Rather than rely solely on adding where ('something.user_id = ?', 'current_user.id') in the controllers. I need something like Thread.CurrentPrincipal in .NET Is it safe to put reference to current user in User model? I'm sorry I don't really understand how it works under the hood yet. Or how you do it The Rails way? Sorry if this a silly question.

    Read the article

  • How can I securely check if a username is already taken?

    - by Geo
    I have a form where someone can create a new user. I'd like to add some AJAX to check if a username is taken, as soon as the input field loses focus. I'm not really sure how to go about this, as this could pave the way to bruteforce attack, since you could check for any username and see whether or not it exists. Any suggestions?

    Read the article

  • Correct way to safely store token/secret/etc from OAuth?

    - by viatropos
    I just started looking into OAuth and it looks really nice. I have oauth with twitter working in ruby right now. Now I'm wondering, what is the recommended safe way to store the responses in my local database and session? What should I store? Where should I store it? This example twitter-oauth-with-rails app stores a user.id in the session, and the user table has the token and secret. But that seems like it'd be really easy to hack and get the secret by just passing in a slew of test user ids, no?

    Read the article

  • How can I ensure that a Java object (containing cryptographic material) is zeroized?

    - by Jeremy Powell
    My concern is that cryptographic keys and secrets that are managed by the garbage collector may be copied and moved around in memory without zeroization. As a possible solution, is it enough to: public class Key { private char[] key; // ... protected void finalize() throws Throwable { try { for(int k = 0; k < key.length; k++) { key[k] = '\0'; } } catch (Exception e) { //... } finally { super.finalize(); } } // ... }

    Read the article

  • Should methods that are required to be executed in a specific order be private?

    - by TooFat
    I have a Class that retrieves some data and images does some stuff to them and them uploads them to a third party app using web services. The object needs to perform some specific steps in order. My question is should I be explicitly exposing each method publicly like so. myObject obj = new myObject(); obj.RetrieveImages(); obj.RetrieveAssociatedData(); obj.LogIntoThirdPartyWebService(); obj.UploadStuffToWebService(); or should all of these methods be private and encapsulated in a single public method like so. public class myObject() { private void RetrieveImages(){}; private void RetrieveAssociatedData(){}; private void LogIntoThirdPartyWebService(){}; private void UploadStuffToWebService(){}; public void DoStuff() { this.RetrieveImages(); this.RetrieveAssociatedData(); this.LogIntoThirdPartyWebService(); this.UploadStuffToWebService(); } } which is called like so. myObject obj = new myObject(); obj.DoStuff();

    Read the article

  • Do you take the pain of learning it or use an out of the box solution?

    - by Mantorok
    Hi all What I'm getting at here is being presented with a control or framework that does 95% of what you want but has its shortcomings when opposed to learning how to do it yourself. To give a good example (ASP.Net) UpdatePanel vs DIY JS/JSON. The UpdatePanel gives you AJAX instantly without doing anything additional, however I've come to learn that its shortcomings are mainly that it's a bit of a hack and performs badly on busy pages and I've found myself having to scrap UpdatePanels in favour of rolling my own JS, and I've now made it a habit to fully investigate any shortcomings in out-of-the-box solutions, as I've been stung by this experience. So I guess what I'm asking is: Is it better to find out how to DIY or is it considered a better approach to try the available solution and risk going a full circle? Obviously I've only targetted a single control, but it is a very attractive control to people learning AJAX - I'm sure there are others out there. Sorry if dupliate. Thanks

    Read the article

  • How important is it to use SSL on every page of your website?

    - by Mark
    Recently I installed a certificate on the website I'm working on. I've made as much of the site as possible work with HTTP, but after you log in, it has to remain in HTTPS to prevent session hi-jacking, doesn't it? Unfortunately, this causes some problems with Google Maps; I get warnings in IE saying "this page contains insecure content". I don't think we can afford Google Maps Premier right now to get their secure service. It's sort of an auction site so it's fairly important that people don't get charged for things they didn't purchase because some hacker got into their account. All payments are done through PayPal though, so I'm not saving any sort of credit card info, but I am keeping personal contact information. Fraudulent charges could be reversed fairly easily if it ever came to that. What do you guys suggest I do? Should I take the bulk of the site off HTTPS and just secure certain pages like where ever you enter your password, and that's it? That's what our competition seems to do.

    Read the article

  • How to securely transfer

    - by michaeltk
    I have two servers -- a backend server, and a frontend server. Every night, the backend server generates static .html files, which are then compressed into .tar format. I need to write a script that resides on the backend server that will transfer the .tar file to the frontend server, and then decompress that .tar file into to the public web directory of the frontend server. What is the standard, secure way to do this? Thanks in advance.

    Read the article

  • Smart Client App: How to give Different Settings for Different Users

    - by Daniel
    Hi! I have a smart client application being deployed with a CickOnce webpage. here's the current scenario. User runs the application, and the application shows a login form. User enters ID/Password in the login form, and the application sends that information to the server. The server authenticates the user and sends configuration and data to the application. Different users have different configuration and data for their application. I was concerned that anyone can download the application from the webpage if they know the URL. So I'm trying to change the authentication scheme, so that users can login at the webpage to download the application. I want to send the authentication info from the webpage(Program running at the server) to the smart client app, so that application can download the configuration information from the server, without prompting users to make a login again. How can the webpage send the ID/Passoword to the application securely?

    Read the article

  • PHP Frontpage/Page controller

    - by atno
    I using the following as Frontpage/Page Controller(s) and it's working ok so far, except two problems I'm facing which as you can see are the $pages array and the switch, which are actually much much longer as the one I've pasted here. Everytime there is a need for a new page controller I have to add it to $pages array and to switch which makes that list very long. How would you overcome this problem and do you see any other improvement on this code? loadLogic() in page controllers it is used to get functions under pages/controllername/logic/function.php. Frontpage Controller - index.php: include 'common/common.php'; if(!isset($_GET['p']) OR $_GET['p'] == ''){ $_GET['p'] = 'home'; header('Location: index.php?p=home'); } $pages = array('home','register','login','logout','page1','page2','page3'); $_GET['p'] = trim($_GET['p']); if(isset($_GET['p'])){ if(in_array($_GET['p'], $pages)){ switch ($_GET['p']) { case 'home': include 'home.php'; break; case 'register': include 'register.php'; break; case 'login': include 'login.php'; break; case 'logout': include 'logout.php'; break; case 'page1': include 'page1.php'; break; case 'page2': include 'page2.php'; break; case 'page3': include 'page3.php'; break; } }else{ echo '404!'; } } Page Controller - {home,register,login,logout,page1,page2,page3}.php: include 'tpl/common/header.php'; contentStart(); if(isset($_SESSION['logged'])){ loadLogic('dashboard'); }else{ loadLogic('nologin'); } //Display login form in logic page instead links // if(!isset($_SESSION['logged'])){ contentEnd(); loadLogic('nologinForm'); }else{ contentEnd(); include'tpl/common/rcol.php'; } include 'tpl/common/footer.php'; function loadLogic(): function loadLogic($logic) { $path = dirname(__DIR__) . '/pages'; $controller = preg_split('/&/',$_SERVER['QUERY_STRING']); $controller = trim($controller[0],"p="); $logicPath = 'logic'; $logic = $logic . '.php'; $err = 0; $logicFullPath = $path.'/'.$controller.'/'.$logicPath.'/'.$logic; if($err == '0'){ include "$logicFullPath"; } } Folder Structure: projectName | ---> common | ---> pages | | | --->home | | | --->register | | | --->login | | | --->logout | | | --->page1 | | | --->page2 | | | --->page3 | ---> tpl | | | ---> common | --> home.php | --> register.php | --> login.php | --> logout.php | --> page1.php | --> page2.php | --> page3.php

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 321 322 323 324 325 326 327 328 329 330 331 332  | Next Page >