Search Results

Search found 97980 results on 3920 pages for 'code security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 329/3920 | < Previous Page | 325 326 327 328 329 330 331 332 333 334 335 336  | Next Page >

  • Validate authenticity of website owner

    - by Cyber Junkie
    Hello all! I'm planning to develop a web app where users will list their site/blog. When people submit their sites, how can I confirm that they are the owners of it? So for instance there is a user Mark who wants to submit someone else's website without their approval. I want to restrict Mark from doing so unless he is the actual owner. My idea was to do a comparison between the user's email domain and the website domain she/he wants to submit. If they match allow the user to submit the website. However most people don't register with their website domain address.. or perhaps I'll implement a Facebook connect in the future. What other methods would you suggest?

    Read the article

  • Are sessions modifiable by the client/user?

    - by Sev
    In my PHP Web-App I use sessions to store the user's data. For exmaple, if a user logs in, then an instance of the User class is generated and stored in a Session. I have access levels associated with each user to determine their privileges. Store the user in a session by: $_SESSION['currentUser'] = new User($_POST['username']); For example: if($_SESSION['currentUser'] -> getAccessLevel() == 1) { //allow administration functions } where getAccessLevel() is simply a get method in the User class that returns the _accesslevel member variable. Is this secure? Or can the client somehow modify their access level through session manipulation of some sort?

    Read the article

  • php web based portal authentication through IP.

    - by user434885
    i have a web portal running which involves basic data entry. The issue being that this is highly sensitive data. And the credibility of the data entry personel is very low. Therefore i have implemented recording of IP when an entry is made. The Problem i am facing is if this if this person starts forwarding his IP from a proxy server then i am unable to track authenticity of the data. How do i detect if the IP forwarding is happening/ get the real ip address of the person.

    Read the article

  • Using directory traversal attack to execute commands

    - by gAMBOOKa
    Is there a way to execute commands using directory traversal attacks? For instance, I access a server's etc/passwd file like this http://server.com/..%01/..%01/..%01//etc/passwd Is there a way to run a command instead? Like... http://server.com/..%01/..%01/..%01//ls ..... and get an output? EDIT: To be clear here, I've found the vuln in our company's server. I'm looking to raise the risk level (or bonus points for me) by proving that it may give an attacker complete access to the system

    Read the article

  • Restricting IFRAME access in PHP

    - by m0j0
    I am creating a small web page using PHP that will be accessed as an IFRAME from a couple of sites. I'm wanting to restrict access to this site to work ONLY within the "approved" sites, and not other sites or accessed directly. Does anyone have any suggestions? Is this even possible? The PHP site will be Apache, and the sites iframing the content will probably be .NET. Just to clarify, any site can view the page, as long as it's iframe'd within an approved site. I want to block people from accessing it directly. I'm thinking cookies might be a solution, but I'm not sure.

    Read the article

  • Rails - How to secure foreign keys and still allow association selection

    - by Bryce
    For simplicity, assume that I have a simple has-many-through relationship class User < ActiveRecord::Base has_many :courses, :through => :registrations end class Registration < ActiveRecord::Base belongs_to :user belongs_to :course end class Course < ActiveRecord::Base has_many :users, :through => :registrations end I want to keep my app secure, so I use attr_accessible to whitelist my attributes. My question is twofold: How would I set up my whitelist attributes such that I could create a new Registration object through a form (passing in :user and :course, but not risk allowing those foreign keys to be maliciously updated later? How would I set up my validations such that both belongs_to associations are required BUT also allow for Registration objects to be created in nested forms?

    Read the article

  • How do you use the C language to produce a ruby gem?

    - by DJTripleThreat
    I would like to see some source code or maybe a link to some that gives at least a stub for writing ruby gems in the C languages (C++?? is that possible too?) Also, some of you may know that Facebook compiles some of their code natively as php extensions for better performance. Is anyone doing this in Rails? If so, what has been your experience with it? Have you found it to be useful? Thanks. Edit: I guess I'll answer my own question with some stuff I learned today but I'm going to leave the question open for another answer because I'd like to see what others have to say on this topic

    Read the article

  • How to check for a file's authenticity ?

    - by Ale_x
    Let's say I write a game application. I want the level of the player to be stored in an external file. How can I prevent a hacker from writing and modifying the file to put another level ? I want the file to be modified by my application only. I can sign the file's content with a key, but then this key will be stored in the application, therefore it would be possible for a hacker to decompile the binary and find the key. Is there any way to do this ?

    Read the article

  • Migrating just article contect of Joomla 1.0 to 2.5.x / 3.x?

    - by user2919408
    I have a simple website using Joomla 1.0.15, just having articles in some categories. As i want to install or remove components from admin area, i got : "You are not authorised to view this resource" or something like that. This is uncommon, this site is about 5 years old, and never got error message like that. I think my website is hacked ?? I have set safe_mode = off in php.ini, turn of sh404sef, removing .htaccess file etc ... and it still does not work. Then i try to upgrade to Joomla 2.5.x / 3.x . I found that i must migrate to Joomla 1.5.x first, then from there to 2.5.x. I got problem installing "migration.zip" component in my Joomla 1.0.x (always alert/err message pop up is shown). Is there another way to migrate the website ? May be just get the article section, category, article id and the content of Joomla 1.0.x , then import it to Joomla 2.5.x / 3.x ? I don't need components, modules, mambots (if any) of the old site. How to do it ? Thanks

    Read the article

  • Joining the same model twice in a clean way, but making the code reusable

    - by Shako
    I have a model Painting which has a Paintingtitle in each language and a Paintingdescription in each language: class Painting < ActiveRecord::Base has_many :paintingtitles, :dependent => :destroy has_many :paintingdescriptions, :dependent => :destroy end class Paintingtitle < ActiveRecord::Base belongs_to :painting belongs_to :language end class Paintingdescription < ActiveRecord::Base belongs_to :painting belongs_to :language end class Language < ActiveRecord::Base has_many :paintingtitles, :dependent => :nullify has_many :paintingdescriptions, :dependent => :nullify has_many :paintings, :through => :paintingtitles end As you might notice, I reference the Language model from my Painting model via both the Paintingtitle model and Paintingdescription model. This works for me when getting a list of paintings with their title and description in a specific language: cond = {"paintingdescription_languages.code" => language_code, "paintingtitle_languages.code" => language_code} cond['paintings.publish'] = 1 unless admin paginate( :all, :select => ["paintings.id, paintings.publish, paintings.photo_file_name, paintingtitles.title, paintingdescriptions.description"], :joins => " INNER JOIN paintingdescriptions ON (paintings.id = paintingdescriptions.painting_id) INNER JOIN paintingtitles ON (paintings.id = paintingtitles.painting_id) INNER JOIN languages paintingdescription_languages ON (paintingdescription_languages.id = paintingdescriptions.language_id) INNER JOIN languages paintingtitle_languages ON (paintingtitle_languages.id = paintingtitles.language_id) ", :conditions => cond, :page => page, :per_page => APP_CONFIG['per_page'], :order => "id DESC" ) Now I wonder if this is a correct way of doing this. I need to fetch paintings with their title and description in different functions, but I don't want to specify this long join statement each time. Is there a cleaner way, for instance making use of the has_many through? e.g. has_many :paintingdescription_languages, :through => :paintingdescriptions, :source => :language has_many :paintingtitle_languages, :through => :paintingtitles, :source => :language But if I implement above 2 lines together with the following ones, then only paintingtitles are filtered by language, and not the paintingdescriptions: cond = {"languages.code" => language_code} cond['paintings.publish'] = 1 unless admin paginate( :all, :select => ["paintings.id, paintings.publish, paintings.photo_file_name, paintingtitles.title, paintingdescriptions.description"], :joins => [:paintingdescription_languages, :paintingtitle_languages], :conditions => cond, :page => page, :per_page => APP_CONFIG['per_page'], :order => "id DESC" )

    Read the article

  • Password generation, best practice

    - by Aidan
    I need to generate some passwords, I want to avoid characters that can be confused for each other. Is there a definitive list of characters I should avoid? my current list is il10o8B3Evu![]{} Are there any other pairs of characters that are easy to confuse? for special characters I was going to limit myself to those under the number keys, though I know that this differs depending on your keyboards nationality! As a rider question, I would like my passwords to be 'wordlike'do you have a favoured algorithm for that? Thanks :)

    Read the article

  • how can i hide the main form when it log out! ??

    - by Azka
    when i click onto login button, login page appears and when i enter the user id and password it proceeds to main form.. but.. when i log out, the main form appears and the controls transfer back to the log in page.. ... i need to hide that main form when it log outs.. ?? is it clear now??

    Read the article

  • Secure Menu Items Based on User

    - by Mike Wills
    On this winform application I am writing, I want to secure one menu item from most users. It runs a month-end and cannot be easily backed out if accidentally run. The menu option opens up a window to prompt the user for some information before processing. I don't care where exactly I do the check, but I want to be sure only certain users can run this function. A Google search (on my question title above) didn't turn up anything obvious. Can anyone point me in a direction to pick up who is signed into Windows and how to check if they are authorized?

    Read the article

  • Is there a unique computer identifier that can be used reliably even in a virtual machine?

    - by SaUce
    I'm writing a small client program to be run on a terminal server. I'm looking for a way to make sure that it will only run on this server and in case it is removed from the server it will not function. I understand that there is no perfect way of securing it to make it impossible to ran on other platforms, but I want to make it hard enough to prevent 95% of people to try anything. The other 5% who can hack it is not my concern. I was looking at different Unique Identifiers like Processor ID, Windows Product ID, Computer GUID and other UIs. Because the terminal server is a virtual machine, I cannot locate anything that is completely unique to this machine. Any ideas on what I should look into to make this 95% secure. I do not have time or the need to make it as secure as possible because it will defeat the purpose of the application itself. I do not want to user MAC address. Even though it is unique to each machine it can be easily spoofed. As far as Microsoft Product ID, because our system team clones VM servers and we use corporate volume key, I found already two servers that I have access to that have same Product ID Number. I have no Idea how many others out there that have same Product ID By 95% and 5% I just simply wanted to illustrate how far i want to go with securing this software. I do not have precise statistics on how many people can do what. I believe I might need to change my approach and instead of trying to identify the machine, I will be better off by identifying the user and create group based permission for access to this software.

    Read the article

  • Signs that a SQL statement is dangerous

    - by Matt
    Hi, I want to develop a function in PHP that checks how dangerous a SQL statement is. When i say dangerous i mean, certain symbols, characters or strings that are used to get data from a database that the user shouldnt see. For example: SELECT * FROM users WHERE userId = '1' can be injected in several ways. Although i clean the params, i also want to monitor how safe the query is to run. Thanks in advance

    Read the article

  • Ruby does not run code correctly

    - by seefour
    I run this basic code in Ruby (on Windows): def hello () puts 'test' end hello and the Interpreter throws me this error: app.ru:1: syntax error, unexpected tIDENTIFIER, expecting $end hello puts 'test' It seems like Ruby is skipping lines? I've tried various encoding formats, other code and it still gives me an error similar to this. Why is it happening? EDIT The suggestions were to either use different editors or semi-colons to see if the lines were an issue. The version is also new - 1.9.3p327, so that shouldn't have been a problem. Parentheses aren't a problem either.

    Read the article

  • Best way to develop a secured application. With .net

    - by John S
    Hello, we are developing a windows application, and as most apps out there, there is a login form. What I don't like is that the login form validates the user and opens the main form if user and pass are correct. Simple as is. All the function calls etc are called without verifying the user and pass again, what should be the right thing to do. What's the best way to develop a secured application that if for any reason, the login form is by passed, the other function calls won't run? Some devs suggested that we include an user and pass params on each function, which seems to be wrong... thanks!

    Read the article

  • reading files provided via $_GET

    - by Max
    I have a php script which takes a relative pathname via $_GET, reads that file and creates a thumbnail of it. I dont want the user to be able to read any file from the server. Only files from a certain directory should be allowed, otherwiese the script should exit(). Here is my folder structure: files/ <-- all files from this folder are public my_stuff/ <-- this is the folder of my script that reads the files My script is accessed via mydomain.com/my_stuff/script.php?pathname=files/some.jpg. What should not be allowed e. g.: mydomain.com/my_stuff/script.php?pathname=files/../db_login.php So, here is the relevant part of the script in my_stuff folder: ... $pathname = $_GET['pathname']; $pathname = realpath('../' . $_GET['pathname']); if(strpos($pathname, '/files/') === false) exit('Error'); ... I am not really sure about that approach, doesnt seem too safe for me. Anyone with a better idea?

    Read the article

  • How To Prevent Processes From Starting?

    - by Rob P.
    I'm toying around with a very simplistic sort of process-monitor. Currently, it gets a list of the running processes and attempts to kill any process that is not white-listed. What I'm looking for is a way to prevent a process from starting that isn't on the white-list. If that's possible. My knowledge level in this area is pretty non-existent and my Google-fu only returns websites discussing Process.Start() :( Can anyone point me in the right direction?

    Read the article

  • How to detect that a process is started using C# code[windows service]

    - by infant programmer
    I am trying to design a windows-service which monitors a process namely "Gtalk", if the process is started then, the browser Internet-explorer (process iexplore) should be closed. This should happen only when the process "Gtalk" is started, [not when running] The code I have written and implemented, doesn't allow to open IExplore when Gtalk is running. That is certainly what not I am trying for. The process Gtalk should close browser only at its start-up, After the process is started, it should allow to open IExplore. Is it possible with Windows service or is it must be the part of Gtalk process itself? This is my code: while (true) { if (Process.GetProcessesByName("Gtalk").Length > 0) { foreach (Process prc in Process.GetProcessesByName("IExplore")) { prc.Kill(); } } }

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 325 326 327 328 329 330 331 332 333 334 335 336  | Next Page >