Search Results

Search found 30819 results on 1233 pages for 'software security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 339/1233 | < Previous Page | 335 336 337 338 339 340 341 342 343 344 345 346  | Next Page >

  • include() Why should I not use it?

    - by aliov
    I am working through an older php mysql book written in 2003. The author uses the include() function to construct html pages by including header.inc, footer.inc, main.inc files, etc. Now I find out that this is not allowed in the default ini settings, (allow_url_include is set to Off) after I got many warnings from the server. I noticed also that you can use include without the parenthesis. I tried this and it works and I get no error messages or warnings. Are the two different? That is, is include() different from include ?

    Read the article

  • Is it possible to password protect an SQL server database even from administrators of the server ?

    - by imanabidi
    I want to install an application (ASP.Net + SQL server 2005 express) in local network of some small company for demo but I also want nobody even sysadmin see anything direct from the database and any permission wants a secure pass . I need to spend more time on this article Database Encryption in SQL Server 2008 Enterprise Edition that i found from this answer is-it-possible-to-password-protect-an-sql-server-database but 1.I like to be sure and more clear on this because the other answer in this page says : Yes. you can protect it from everyone except the administrators of the server. 2.if this is possible, the db have to be enterprise edition ? 3.is there any other possible solutions and workaround for this? thanks in advance

    Read the article

  • Possible to view PHP code of a website?

    - by Camran
    Is it possible to somehow view another websites php files/codes? Or to rephrase the question, Can my php codes be viewed by anybody except for those who have access to the file? If so, how cant I best prevent this? Thanks Ps: Server OS is Ubuntu 9.10 and PHP version is 5+ (Apache2)

    Read the article

  • Hide form if javascript disabled

    - by Kero
    I need to check on disabling JavaScript if the user disabled JavaScript from browser or firewall or any other place he will never show the form. I have lots of search and solutions, but unfortunately didn't got the right one. - Using style with no-script tag: This one could be broke with removing style... <noscript> <style type="text/css"> .HideClass { display:none; } </style> </noscript> The past code will work just fine but there is lots of problems in no-script tag as here Beside that i don't want to redirect user with no-script tag too...Beside that i can quickly stop loading the page to broke this meta or disable Meta tag from IE: <meta http-equiv="refresh" content="0; URL=Frm_JavaScriptDisable.aspx" /> Another way to redirect user with JavaScript but this will work let's say for 99% of users and this one isn't lovely way and will slow down the website... window.location="http://www.location.com/page.aspx"; Is there is any other ideas or suggestions to secure working with JavaScript...and prevent user from entering the website or see my form except when JavaScript enabled...

    Read the article

  • Is it okay to store user data in XML files?

    - by rity
    I have an app that is being used by a few users (< 12 users). There are less than 2000 records so I decided to use an XML file and store the file under \company\product\p.xml. Is this okay or am I breaking some design guidelines without realizing it? EnvironmentL .net/c#/winforms

    Read the article

  • All PHP files getting hacked

    - by nsearle
    Hey All, Like always, just want to say thank you for all of the help and input in advance. I have a particular site that I am the web developer for and am running into a unique problem. It seems that somehow something is getting into every single PHP file on my site and adding some malware code. I have deleted the code from every page multiple times and changed FTP and DB passwords, but to no avail. The code that is added looks like this - eval(base64_decode(string)) - which the string is 3024 characters. Not sure if anyone else has ran into this problem or if any one has ideas on how I can secure my php code up. Thanks again.

    Read the article

  • compromised site

    - by pinniger
    So, I have a web site that has been compromised twice in two weeks. every index.php and .js file gets a script injecting into the source code of the file. The problem is that I have no idea how they're doing it. I've seen this done via sql injection before, but I don't know how they are actually writing to the file. I've dug through the Apache logs but didn't find anything interesting. The site is built using the cakephp framework on a godaddy shared server. Anybody know what secturity settings or log files to check to see how they are doing this?

    Read the article

  • Which computing publisher has the best refereed research resources for the working programmer?

    - by Stephen
    When I have a problem I often search the computing literature. Some of the resources[*] I use are: The professional associations? ACM Digital Library IEEE Xplore The scientific publishers? Lecture Notes in Computer Science HCI Bibliography What do you use? What is the best resource source (if there is one) for the working programmer? [*] after stackoverflow and google of course :) PS what tags should I use for this question?

    Read the article

  • Securing paths in PHP

    - by tjm
    I'm writing some PHP which takes some paths to different content directories, and uses these to include various parts of pages later. I'm trying to ensure that the paths are as they seem, and none of them break the rules of the application. I have PRIVATEDIR which must lie above DOCUMENT_ROOT (aka) PUBLICDIR. CONTENTDIR which must lie within PRIVATEDIR and not go back below PUBLICDIR and some other *DIR's which must remain within CONTENTDIR. Currently I set up some defaults, and then override the ones the user specifies and then sanity check them with the following. private function __construct($options) { error_reporting(0); if(is_array($options)) { $this->opts = array_merge($this->opts, $options); } if($this->opts['STATUS']==='debug') { error_reporting(E_ALL | E_NOTICE | E_STRICT); } $this->opts['PUBLICDIR'] = realpath($_SERVER['DOCUMENT_ROOT']) .DIRECTORY_SEPARATOR; $this->opts['PRIVATEDIR'] = realpath($this->opts['PUBLICDIR'] .$this->opts['PRIVATEDIR']) .DIRECTORY_SEPARATOR; $this->opts['CONTENTDIR'] = realpath($this->opts['PRIVATEDIR'] .$this->opts['CONTENTDIR']) .DIRECTORY_SEPARATOR; $this->opts['CACHEDIR'] = realpath($this->opts['PRIVATEDIR'] .$this->opts['CACHEDIR']) .DIRECTORY_SEPARATOR; $this->opts['ERRORDIR'] = realpath($this->opts['CONTENTDIR'] .$this->opts['ERRORDIR']) .DIRECTORY_SEPARATOR; $this->opts['TEMPLATEDIR' = realpath($this->opts['CONTENTDIR'] .$this->opts['TEMPLATEDIR']) .DIRECTORY_SEPARATOR; // then here I have to check that PRIVATEDIR is above PUBLICDIR // and that all the rest remain within private dir and don't drop // down into (or below) PUBLICDIR again. And die with an error if // they don't conform. } The thing is this seems like a lot of work to do, especially as it must be run, every time a page is accessed, before I can do anything else, e.g check for a cached version of the page I'm serving. Part of me is thinking, since all of these paths are predefined by the maintainer of the site, they SHOULD be aware of what paths they are allowing access to and ensuring they are secure. But, I think I'm thinking that because currently I am said maintainer, and I KNOW my paths conform to the rules. That said, I do want to secure this thing from any accidental errors by future maintainers (and I bet, now I've said above "I KNOW...", probably from myself somewhere down the line). This just feels like a suboptimal solution. I wonder how fast this would really be and what you would suggest to improve it or as an alternative? Thanks.

    Read the article

  • Cure for puzzle piece programming habbits?

    - by Recursion
    Even though I went to a decent CS school, I was still taught with the mentality of programming with puzzle pieces. By puzzle pieces I mean, looking up code segments at each step of the development process and adding them together as needed. Eventually gathering all of the pieces and having a properly working program. So as an example, if in my program the next step is to tokenize a string, I go to google and search "how do I tokenize a string in language". All instead of critically thinking about its implementation. I personally don't think its a very good way to program and I always seem to forget everything that I have searched for. So how can I get out of this puzzle piece mode of programmer that I was taught.

    Read the article

  • What reasons are there NOT to use OpenID?

    - by cletus
    You see a fair bit (in the Geek community anyway) about OpenID. It seems like a good idea. I'm developing a website that will be targeted at a somewhat less geeky audience (but not quite Mom and Pops either) so I have to wonder if OpenID is going to be "too hard" for some audiences. What do you think? That aside, are there any other technical or non-technical reasons NOT to use OpenID?

    Read the article

  • Validate authenticity of website owner

    - by Cyber Junkie
    Hello all! I'm planning to develop a web app where users will list their site/blog. When people submit their sites, how can I confirm that they are the owners of it? So for instance there is a user Mark who wants to submit someone else's website without their approval. I want to restrict Mark from doing so unless he is the actual owner. My idea was to do a comparison between the user's email domain and the website domain she/he wants to submit. If they match allow the user to submit the website. However most people don't register with their website domain address.. or perhaps I'll implement a Facebook connect in the future. What other methods would you suggest?

    Read the article

  • What are the downside of not having an index.html file to some directories

    - by Pennf0lio
    Hi, I'm curious what are some effects/downside of not putting an index.html file to your directories (e.g images). I know when an index file is not present to a directory, files inside that directory are no longer private and will be visible to the browsers when point (eg yoursite.com/images/). Aside from that what are some big effects to consider? and how to properly secure them. thanks!

    Read the article

  • In Rails, what could cause a user to have another user's session?

    - by DavidNorth
    I have a Rails application using with an authentication system using Restful Authentication without any modification. Users have reported finding themselves logged in as the wrong user. In at least one case it was on their very first page view, never having logged in before. Is it possible their session ids are getting mixed up? Would switching to CookieStore make it impossible for this to happen since no session data is stored on the server this way? I suspect the problem is related to Passenger but I don't know where to start debugging this. Its only happened about 4 times in several months of being live so its virtually impossible to reproduce. Environment: ActiveRecord session storage Rails 2.2.2 Passenger 2.0.1 Apache 2 Ruby 1.8.6 Many thanks

    Read the article

  • "slash before every quote" problem

    - by Camran
    I have a php page which contains a form. Sometimes this page is submitted to itself (like when pics are uploaded). I wouldn't want users to have to fill in every field again and again, so I use this as a value of a text-input inside the form: value="<?php echo htmlentities(@$_POST['annonsera_headline'],ENT_COMPAT,'UTF-8');?>"> This works, except it adds a "\" sign before every double-quote... For instance writing 19" wheels gives after page is submitted to itself: 19\" wheels And if I don't even use htmlentities then everything after the quotes dissappears. What is the problem here?

    Read the article

  • Should default passwords always be empty?

    - by mafutrct
    I'm currently designing a system that requires an admin to log in using a password. For certain reasons, it is difficult to set this password during installation, but it can be changed later. My idea is this: If I leave the default password empty, it is so horridly insecure that every admin is going to fix this as soon as possible. If I were to use some kind of predefined password instead, admins may think "ah.. nobody would think I've got 'defaultpassword' as my password so it's not very important to change." So the basic thought is to make it so terrible that even the most lazy people are going to do something about it.

    Read the article

  • Authentication Sceme for RESTful API used by desktop app.

    - by user346087
    I'm providing a RESTful API. This API is used by a third party desktop application. The API is currently secured using Basic Authentication. That isn't very secure because the credentials have to be stored in the client application. The communication between the desktop and API can also easily be intercepter. The desktop application also communicates with a third party server (run by the publisher of the desktop application) I am unable to figure out how the secure the API in a good way. Ideas?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 335 336 337 338 339 340 341 342 343 344 345 346  | Next Page >