Search Results

Search found 13222 results on 529 pages for 'security gate'.

Page 409/529 | < Previous Page | 405 406 407 408 409 410 411 412 413 414 415 416 | Next Page >

My AES encryption/decryption functions don't work with random ivecs

- by Brendan Long

I was bored and wrote a wrapper around openSSL to do AES encryption with less work. If I do it like this: http://pastebin.com/V1eqz4jp (ivec = 0) Everything works fine, but the default ivec is all 0's, which has some security problems. Since I'm passing the data back as a string anyway, I figured, why not generate a random ivec and stick it to the front, the take it back off when I decrypt the string? For some reason it doesn't work though. With random ivec: http://pastebin.com/MkDBFcn6 Well actually, it almost works. It seems to decrypt the middle of the string, but not the beginning or end: String is: 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF Encrypting.. ???l%%1u???B! ?????`pN)?????[l????{?Q???2?/?H??y"?=Z?Cu????l%%1u???B! Decrypting.. String is: ?%???G*?5J?0??0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF!-e????V?5 I honestly have no idea what's going wrong. Maybe some stupid mistake, or maybe I'm missing something about AES?

Read the article
What ASP.NET Web Config entries could limit certain file access by date and time?

- by Dr. Zim

What entries in a web.config could allow certain files to become publicly accessible after a certain date and time? Specifically, we have these files starting with AB_.jpg where the _ could be anything. We put them in a folder on April 27th for example, but they shouldn't be accessible until April 30th at 11:59:59 PM. I think the web.config in part works like Unix's FTP .htaccess file to define file security. For example, this web.config entry allows directory browsing: <?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <directoryBrowse enabled="true" /> </system.webServer> </configuration>

Read the article
Javascript parent page redirection from iframe.

- by Danil

Hello to all. I need to implement parent page redirection from iframe. I know that it is impossible to do in different domains due to browsers security. However I found that links have target attribute and tried to use it in the following way: <a href="http://google.com" target="_top" id="testParentRedirect">someLink</a> It works fine if I click this link manually, but I couldn't find cross-browser solution to simulate it using javascript. document.getElementById('testParentRedirect').click(); This works fine in IE, however Firefox and Safary don't know click function :). I tried to work with jquery, but for some reason they don't simulate click event for links. (see following post) I couldn't find any appropriate solution on stackoverflow. Maybe someone could help me in it. I will appreciate it. :)

Read the article
Sanitize HTML before storing in the DB or before rendering? (AntiXSS library in ASP.NET)

- by user102533

I have an editor that lets users add HTML that is stored in the database and rendered on a web page. Since this is untrusted input, I plan to use Microsoft.Security.Application.AntiXsSS.GetSafeHtmlFragment to sanitize the HTML. Should I santiize before saving to the database or before rendering the untrusted input into the webpage? Is there an advantage in including the AntiXSS source code in my project instead of just the DLL? (Maybe I can customize the white list?) Which class file should I look in for actual implementation of the GetSafeHtmlFragment

Read the article
MSDTC Distributed Transaction Coordinator Enabling

- by Curtis White

I've a web server and a separate SQL server. I'm trying to use transaction scope to ensure that SQL queries are completed with my linq queries. I wrap everything with this using (TransactionScope scope = new TransactionScope()) I want to know where I need to install DTC. Do I need to install it on the IIS 7.5 box AND the SQL server? Do I need to unblock some ports? Are there any security risk in doing so? I've setup this up once before but don't remember how. If I can't get access to DTC then is there any other way to ensure a lINQ and sql query is atomic?

Read the article
How has test first development changed the way you write software?

- by Toran Billups

I've started to find that I can't write software without writing a test first. I ask this subjective question because I want to hear what others in the community think about the reasons I can't go back to writing production code without a test first. If you can't write a test for something you don't understand it Without a regression test you can't clean the code You are going to test it anyway, spend the time to do it right Evolutionary design is possible without fear You actually write less code yourself Fast feedback cycles save time and money Job security (less bugs makes your boss happy) It actually makes my work more enjoyable

Read the article
Django or Drupal, which one should I use that suits best my needs ?

- by HJ-INCPP

Hello, I want to learn and use Drupal or Django for the following: dynamic web sites, medium database, multi-level users, paypal integration, content managment, speed (developing), security I like MVC, ORM and object-oriented prg. Which is better to jump into ? Which one is more mature, powerful, understandable, object-oriented and easier to use by the time ? What about Python Spring ... Also, which of these 3 are better documented, are better for a cv and have more extensions? Known languages: php, java, mysql Thank you !

Read the article
How to find what ActiveX control is referred on a web page?

- by Sly

I have developed a web application (ASP.NET Web Forms). One of my customer has very restrictive policies. When he accesses the web page, IE shows this message: Your security settings do not allow Web sites to use ActiveX controls installed on your computer. This page may not display correctly. As far as I know, we don't use ActiveX controls on our page. I did a "View Souce" and did not find anything suspect. How can I find what part of my page refers to an ActiveX. The application uses jQuery and a few jQuery plug-ins. Is there a tool/add-in like "Fire Bug" that I can use to list the ActiveX controls referred on a page?

Read the article
anonymous access disabled but...

- by Melody Friedenthal

My web app (asp VB 2005) uses Windows authentication. If the user isn't part of a specific AD security group they don't get to edit the data; instead I redirect the user to a read-only page. The program works fine in the IDE. I published the web app to my laptop and Disabled anonymous access. When I ran the program I got redirected to the read-only page. I added a write event to the application event log to see what was going on, and found that the WindowsPrincipal.Identity.Name contained my laptop's ID, not my user name. I reassert: anonymous access is disabled in IIS and the web.config file has Windows Authentication. Can anyone suggest what else to check? Or can you explain what's going on?

Read the article
Implementing a 'Send Feedback' feature in a Java desktop application

- by William

I would like to implement a 'Send Feedback' option in a Java desktop application. One which will pop up a box for the user to enter a comment, then send it to us along with a screenshot of the application window. How would be the best way to communicate the data to us? Two obvious solutions spring to mind: Email - I'm thinking that the application would connect to an SMTP server set-up by us, with the username/password somehow hidden in the code. SMTP over SSL for security (not of the data being sent, but of the SMTP username/password). Web service - pretty self explanatory. Which of these would be best, or is there a better alternative?

Read the article
Aes key length significance/implications

- by cppdev

Hi, I am using a AES algorithm in my application for encrypting plain text. I am trying to use a key which is a six digit number. But as per the AES spec, the key should be minimum sixteen bytes in length. I am planning to append leading zeros to my six digit number to make it a 16 byte and then use this as a key. Would it have any security implications ? I mean will it make my ciphertext more prone to attacks. Please help.

Read the article
How to retrieve all errors and messages from a query using ADO

- by Johan Levin

When a SQL batch returns more than one message from e.g. print statements, then I can only retrieve the first one using the ADO connection's Errors collection. How do I get the rest of the messages? If I run this script: Option Explicit Dim conn Set conn = CreateObject("ADODB.Connection") conn.Provider = "SQLOLEDB" conn.ConnectionString = "Data Source=(local);Integrated Security=SSPI;Initial Catalog=Master" conn.Open conn.Execute("print 'Foo'" & vbCrLf & "print 'Bar'" & vbCrLf & "raiserror ('xyz', 10, 127)") Dim error For Each error in conn.Errors MsgBox error.Description Next Then I only get "Foo" back, never "Bar" or "xyz". Is there a way to get the remaining messages?

Read the article
Salting example in Zend Framework

- by Geoffrey

Hello all, I am pretty new to the Zend framework and looking to build an application with pretty tight password security. I have been trying to follow the user guides in relation to password salting but haven't had any luck so far. I have setup my database and table adapter (As described in the documentation on the Zend Framework site but it didn't seem to finish the example (or I am not following well enough!) I have started with: $authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter, 'users', 'username', 'password', "MD5(CONCAT('".Zend_Registry::get('staticSalt')."', ?, password_salt))" ); But from here, what is done with the password salt? I just need an example and I'll be away! Does anyone have an example or point me in the right direction?? Many thanks!

Read the article
Is it secure to use malloc?

- by Felix Guerrero

Somebody told me that allocating with malloc is not secure anymore, I'm not a C/C++ guru but I've made some stuff with malloc and C/C++. Does anyone know about what risks I'm into? Quoting him: [..] But indeed the weak point of C/C++ it is the security, and the Achilles' heel is indeed malloc and the abuse of pointers. C/C++ it is a well known insecure language. [..] There would be few apps in what I would not recommend to continue programming with C++."

Read the article
How to run an .exe application in another computer?

- by ADAM

I am working on a C# application in Visual Studio 2013. When I run the .exe file from my computer, the application runs very well and all the features work. When I tried to run the .exe on another computer, the database side doesn't work well and the connection with the database couldn't be opened. The SqlConnection is constructed as follows: SqlConnection cn = new SqlConnection("Data Source=ADAM-PC;Initial Catalog=integrationdatabase;Integrated Security=True" I don't know how to change the data source to make the connection with the database established in another computer. How can I solve this problem?

Read the article
Mobile Application Upgrade/Update Framework

- by sharjeel

I am developing a few mobile apps for different platforms including Blackberry, Windows Mobile, Android and Symbian S60. I want my mobile apps to have the capability of checking for updates before starting and in case a new version is available, prompt the user to upgrade. Moreover in certain cases (like security patches), the user must be forced to update or the app won't work. Surely I can cook some code to achieve the task but I was wondering if there are already existing framework to serve the purpose so that I don't have to re-invent the wheel and test all over?

Read the article
database design suggesion

- by Bharanikumar

Hi , am going to start new travel site, I want some advise from guru's regarding database design , Things coming to picture are, Book taxi online , This is the core idea, So i like to implement lot of jquery,ajax stuff in my site , Main thing site must run veryt fast,safe,security, In mysql , which typw shall i use, MYISAM OR INNODB Which is best type for ajax works, fast,safe ,secure ,performance view . This is my demo site, Just look this site, i implemented some ajax stuff here, my-url In this site please choose the postcode in the taxifrom tab, It ask you value please enter, just enter nw7 , See How long it will take for response,some time no response and system goes to hang or idle mode, Also please look the diversion , select No diversion, There you will list of textbox, enter the nw3 then hit the search icon , See after 80seconds only , you will get response from DB, See this too bad response ... This is DB , my Database type if myisam ,no idexing , no fulltext and nothing...no constraints, So please advise me , which database type i choose, Myisam or innodb, Thanks Bharanikumar

Read the article
Are there any e-commerce websites that use NoSQL databases

- by Saif Bechan

I have read a lot lately about 'NoSQL' databases such as CouchDB, MongoDB etc. Most of the websites I have seen using this are mainly text based websites such as The New York Times and Source forge. I was wondering if you could apply this to websites where payment is a huge issue. I am thinking of the following issues: How well can you secure the data Do these system provide an easy backup/restore machanism How are transactions handled commit/rollback I have read the following articles that cover some aspects: Can I do transactions and locks in CouchDB? Pros/Cons of document based database vs relational database In these posts the aspect of transactions if covered. However the questions of security and backups is not covered. Can someone shed some light on this subject? And if possible, does anyone know of some e-commerce websites that have successfully implemented the document based database.

Read the article
Applet problem with IPlanet and Firefox (class not found)

- by JB Hurteaux

I have an applet which loads nicely when accessed locally (both IE and Firefox). However, when I put my webpage in a webserver (local IPlanet), it refuses to load on Firefox (but still fine on IE). I get the following error in the java console: load: class XXX.localprinting.LocalPrintingApplet.class not found. java.lang.ClassNotFoundException: XXX.localprinting.LocalPrintingApplet.class at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source) at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source) at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: java.io.IOException: open HTTP connection failed:https://XXX/test/XXX/localprinting/LocalPrintingApplet/class.class at sun.plugin2.applet.Applet2ClassLoader.getBytes(Unknown Source) at sun.plugin2.applet.Applet2ClassLoader.access$000(Unknown Source) at sun.plugin2.applet.Applet2ClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) ... 7 more Exception: java.lang.ClassNotFoundException: XXX.localprinting.LocalPrintingApplet.class Any idea what could explain the different behavior in the webserver? I researched the issue of "class not found" already but without finding something relevant.

Read the article
Is it possible to expose an API for my own WebSite ... but use oAuth for the api authentication?

- by Pure.Krome

Hi Folks, currently I expose an api for my website. Works great .. and i use Basic Authentication to authenticate users to get access to the data. eg. http://www.MyWebSite.com <-- main site. http://api.MyWebSite.com <-- my api website. sample api RESTful url http://user1:[email protected]/games?type=battlefield2 (yes yes i know browsers stop people from putting in user1:pass1 (Basic Auth) into the url directly .. cause of security . but it's to highlight that we're using Basic Auth)). So .. how can i do this with oAuth?

Read the article
Pass HTML form entries into a Javascript array to then be written to a client side cookie?

- by Tom

I'm building a bit of a test-case JS application, something very basic, but have run into some problems. I'm trying to use a HTML form for a user to enter a number, which is then written to a Javascript Array. The user then has the option to write that same array to a local (client side) cookie. (I understand the security implications of this - it's a test-case and not for commercial use.) However, I can't make the connection - how can I capture the HTML entry, press 'submit' which will send it to a JS array, where the user can then press a different 'submit' which will write the array to a text file? If anyone can help I'd appreciate it because it's been nearly 6 hours and it's not funny anymore.

Read the article
building a website

- by Ant

Not sure if this is the right place to post this, or if it should be under programmers.stackexchange... Anywho, a couple of my friends run a business and they asked me to build them a public website. It will only be used for information about the company with soe pictures. No transactions will be involved. Right now I work for a company where I build internal websites, and do alot of backend programming in C#. I understand html, css, jquery, etc. so I feel like I am completely capable of building a website for them. However, I do not know all the basic knowledge to building one. For example, where should we host the files, what type of security issues do I need to be aware of, what's the best software to use for developing websites (I use visual studio at work), where can I find some design techniques, etc. Any help is appreciated.

Read the article
Symfony 2 - UrlGenerator::doGenerate is called before listener

- by guyaloni

I want to add to the context a parameter, so when login is called I can use it in the route (similar to _locale). I can add this piece of code in HttpUtils.php (as resetLocale), but i don't find it very clean. The reason I need it is the firewall redirection to the login controller, which I would like to have in its route a customized parameter. My problem is that my listener is called after UrlGenerator::doGenerate is called, so I get a MissingMandatoryParametersException. Here is my config.yml relevant code: services: mycompany.demobundle.listener.request: class: MyCompany\DemoBundle\RequestListener arguments: [@router, @security.context] tags: - { name: kernel.event_listener, event: kernel.request, method: onKernelRequest } Any idea???

Read the article
How do I set permissions on a Server 2003 folder

- by Richard210363

Hi There, In my part time position as entire IT department at my Office ( I'm a MCSD developer normally ) I have been asked to change a shared folder. Only I don't really understand all the Shared / Security options. I have a folder that must be accessed by 2 people in the company (and no one else). They both must have read/write/edit and change access. They must be able to read/write/edit each others files; existing or newly created. Should be easy but I'm a bit overwhelemd by all the choices. What should I set? Thanks for your help richard

Read the article
Please Find the error :

- by jagdeep

using System; using System.Collections; using System.Configuration; using System.Data; using System.Linq; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Xml.Linq; public partial class Expt : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { } protected void Bttnadd_Click(object sender, EventArgs e) { FileUpload1.SaveAs(MapPath("~/img//"+DateTime.Now.ToString()+FileUpload1.FileName)); } } Exception Details: System.Web.HttpException: ~/img//1/1/2011 1:47:52 PMWinter.jpg is not a valid virtual path.

Read the article

< Previous Page | 405 406 407 408 409 410 411 412 413 414 415 416 | Next Page >