Search Results

Search found 68155 results on 2727 pages for 'data security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 421/2727 | < Previous Page | 417 418 419 420 421 422 423 424 425 426 427 428  | Next Page >

  • My page was attacked via xss, but on ftp all files are not changed?

    - by Dobiatowski
    Hi, yesterday i noticed that sometimes on my webpage shows up javascript errors. when i went to source code, i found that one of .js files was totaly replaced with a ton of porn links. i checked the ftp for this file, but there was just old javascript file without any changes. yet i go back to check source code via browser and indeed there was again original .js today i visited my webpage again and the problem repeated. first visit showed me ton of porn pages cached .js file was hacked but after clearing browser cache js go back to oryginal i checked all files on my ftp against my offilne version, but all files are without any change. in last few years i was attacked by xss few times but in every case it was easy to diagnose and fix. but now i spend 12h and didnt find infection. do you have any idea how to find it? the webpage is: http://robert.frk.pl

    Read the article

  • PHP - What to store in a session?

    - by eWolf
    I know about all the issues with session fixation and hijacking. My question is really basic: I want to create an authentication system with PHP. For that, after the login, I would just store the user id in the session. But: I've seen some people do weird things like generating a GUID for each user and session and storing that instead of just the user id in the session. Why? The content of a session cannot be obtained by a client - or can it?

    Read the article

  • How to securely serve S3 files to blog

    - by Hugo Palma
    I'm starting a blog and i'm in the process of choosing where should i host it. For now i want a free solution like Blogger or Wordpress.com. The problem i'm facing is that i want to use files i have in a S3 bucket in my blog but none of the blog solutions i found supports any kind of server code, which means that in order to use S3 query string authentication i would have to put vulnerable information in the client. For obvious reasons i don't want to do that. So, i'm looking for ideas on how i can safely include content from S3 in a free blog host.

    Read the article

  • Best evidence to offer a sandboxed appdomain for a C# evaluator.

    - by scope-creep
    I have a c# evaluator which uses the (I think) the .Net 4 new simplified sandboxed appdomain model to host the c# assembly, with remoting doing the rest. The call to create the appdomain is Evidence ev = new Evidence(); ev.AddHostEvidence(new Zone(SecurityZone.Trusted)); PermissionSet pset = SecurityManager.GetStandardSandbox(ev); AppDomainSetup ads = new AppDomainSetup(); ads.ApplicationBase = "C:\\Sandbox"; // Create the sandboxed domain. AppDomain sandbox = AppDomain.CreateDomain( "Sandboxed Domain", ev, ads, pset, null); The c# eval is embedded in a server app, but I don't want give the sandbox to much control unless it bo bo's the caller. What i'm looking for is regarding some clarification as to what to provide as Evidence from the caller. I'm looking for advice and guidance. Any help would be appreciated.

    Read the article

  • Use my own authentication in tomcat

    - by mabuzer
    how can I force tomcat to use my own implementation of Authenticator, and not the existing one like [FORM, BASIC, DIGEST,, etc]. I know if I added my authentication class name in org.apache.catalina.startup.Authenticators.properties it would work,,, any help please... I need an alternative for this...

    Read the article

  • Find the min max and average of one column of data in python

    - by user1440194
    I have a set of data that looks like this 201206040210 -3461.00000000 -8134.00000000 -4514.00000000 -4394.00000000 0 201206040211 -3580.00000000 -7967.00000000 -4614.00000000 -7876.00000000 0 201206040212 -3031.00000000 -9989.00000000 -9989.00000000 -3419.00000000 0 201206040213 -1199.00000000 -6961.00000000 -3798.00000000 -5822.00000000 0 201206040214 -2940.00000000 -5524.00000000 -5492.00000000 -3394.00000000 0 I want to take the second to last column and find the min, max, and average. Im a little confused on how to use split when the columns are delimited by a space and -. i Figure once i do that i can use min() and max function. I have written a shell script to do the same here #!/bin/ksh awk '{print substr($5,2);}' data' > /data1 sort -n data1 > data2 tail -1 data2 head -1 data2 awk '{sum+=$1} END {print "average = ",sum/NR}' data2 Im just not sure how to do this in python. Thanks

    Read the article

  • What makes an input vulnerable to XSS?

    - by vtortola
    Hi! I've been reading about XSS and I made a simple form with a text and submit input, but when I execute <script>alert();</script> on it, nothing happens, the server gets that string and that's all. What do I have to do for make it vulnerable?? (then I'll learn what I shouldn't do hehe) Cheers.

    Read the article

  • How to manually verify a user against the asp.net memberhip database

    - by Ekk
    I would like to know how I can verify a user's credential against an existing asp.net membership database. The short story is that we want provide single sign on access. So what I've done is to connect directly to the membership database and tried to run a sql query against the aspnet_Membership table: private bool CanLogin(string userName, string password) { // Check DB to see if the credential is correct try { string passwordHash = FormsAuthentication.HashPasswordForStoringInConfigFile(password, "SHA1"); string sql = string.Format("select 1 from aspnet_Users a inner join aspnet_Membership b on a.UserId = b.UserId and a.applicationid = b.applicationid where a.username = '{0}' and b.password='{1}'", userName.ToLowerInvariant(), passwordHash); using (SqlConnection sqlConn = new SqlConnection(ConfigurationManager.ConnectionStrings["LocalSqlServer"].ConnectionString)) using (SqlCommand sqlCmd = new SqlCommand(sql, sqlConn)) { sqlConn.Open(); int count = sqlCmd.ExecuteNonQuery(); sqlConn.Close(); return count == 1; } } catch (Exception ex) { return false; } } The problem is the password value, does anyone know how the password it is hashed?

    Read the article

  • How to prevent arbitrary code execution vulnerability in our programs?

    - by Calmarius
    You always read in changelogs when your system or browser or any program updates that they fixed a bug that made possible that an attacker can execute any code in your computer with a forged website, or attacking your computer with carefully forged packets, etc... Because you read it so often that means any program can have similar vulnerabilites... What causes this? how to design our programs to prevent similar issues?

    Read the article

  • What's the best way to identify subdomains by PHP dynamically?

    - by kavoir.com
    I have configured the wildcard DNS of *.mydomain.com and it's all working properly. My question is which of these should I rely on identifying client subdomain requests? $_SERVER["HTTP_HOST"] $_SERVER["SERVER_NAME"] $_SERVER["SCRIPT_URI"] They all seem to contain the subdomain part I want but after reading this article by Chris: http://shiflett.org/blog/2005/feb/more-on-filtering-input-and-escaping-output, I'm lost at see and there appears to be no safe way to do this? Any idea on accomplishing this task securely?

    Read the article

  • SQL Server Reporting Services 2008: How to set the credentials property properly?

    - by wgpubs
    No matter how I configure the Credentials property I get a 401 exception when I try to Render the report. Here is my (latest) code: var rs = new ReportExecutionService(); rs.Url = "https://myserver/reportserver/reportexecution2005.asmx"; var myCache = new System.Net.CredentialCache(); myCache.Add(new Uri(rs.Url), "kerberos" , new System.Net.NetworkCredential("username", "password", "Domain")); rs.Credentials = myCache; The URL and credentials are all correct. But still getting a 401 when I cal rs.Render(...). The Reporting Services install is sitting on a Windows Server 2008 box and requires integrated authentication. Thanks

    Read the article

  • Safest communication method between applications on same machine

    - by Radu
    What is the safest communication method between two applications on the same machine, both Java and C/C++ clients with a Java server. Are SSL sockets safe enough or they can be broken by "man in the middle" attacks? As i saw in the documentation and code samples, JSSE retrieves private/public keys and certificates from keystore files which a malicious user can see. The only thing that you can hide in the code is the password used to unlock the keystores. Can hackers retrieve that password?

    Read the article

  • Firing through HTTP a Perl script for sending signals to daemons

    - by Eric Fortis
    Hello guys, I'm using apache2 on Ubuntu. I have a Perl script which basically read the files names of a directory, then rewrites a text file, then sends a signal to a daemon. How can this be done, as secure as possible through a web-page? Actually I can run the code below, but not if I remove the comments. I'm looking for advise considering: Using HTTP Requests? How about Apache file permissions on the directory shown in code? Is htaccess enough to enable user/pass access to the cgi? Should I use a database instead of writing to a file and run a cron querying the db with permission granted to write and send the signal? Granting as less permissions as possible to the webserver. Should I set a VPN? #!/usr/bin/perl -wT use strict; use CGI; #@fileList = </home/user/*>; #read a directory listing my $query = CGI->new(); print $query->header( "text/html" ), $query->p( "FirstFileNameInArray" ), #$query->p( $fileList[0] ), #output the first file in directory $query->end_html;

    Read the article

  • How to design authentication in a thick client, to be fail safe?

    - by Jay
    Here's a use case: I have a desktop application (built using Eclipse RCP) which on start, pops open a dialog box with 'UserName' and 'Password' fields in it. Once the end user, inputs his UserName and Password, a server is contacted (a spring remote-servlet, with the client side being a spring httpclient: similar to the approaches here.), and authentication is performed on the server side. A few questions related to the above mentioned scenario: If said this authentication service were to go down, what would be the best way to handle further proceedings? Authentication is something that I cannot do away with. Would running the desktop client in a "limited" mode be a good idea? For instance, important features/menus/views will be disabled, rest of the application will be accessible? Should I have a back up authentication service running on a different machine, working as a backup? What are the general best-practices in this scenario? I remember reading about google gears and how it would let you edit and do stuff offline - should something like this be designed? Please let me know your design/architectural comments/suggestions. Appreciate your help.

    Read the article

  • LINQ2SQL: orderby note.hasChildren(), name ascending

    - by Peter Bridger
    I have a hierarchical data structure which I'm displaying in a webpage as a treeview. I want to data to be ordered to first show nodes ordered alphabetically which have no children, then under these nodes ordered alphabetically which have children. Currently I'm ordering all nodes in one group, which means nodes with children appear next to nodes with no children. I'm using a recursive method to build up the treeview, which has this LINQ code at it's heart: var filteredCategory = from c in category orderby c.Name ascending where c.ParentCategoryId == parentCategoryId && c.Active == true select c; So this is the orderby statement I want to enhance. Shown below is the database table structure: [dbo].[Category]( [CategoryId] [int] IDENTITY(1,1) NOT NULL, [Name] [varchar](100) NOT NULL, [Level] [tinyint] NOT NULL, [ParentCategoryId] [int] NOT NULL, [Selectable] [bit] NOT NULL CONSTRAINT [DF_Category_Selectable] DEFAULT ((1)), [Active] [bit] NOT NULL CONSTRAINT [DF_Category_Active] DEFAULT ((1))

    Read the article

  • 2 Shaders using the same vertex data

    - by Fonix
    So im having problems rendering using 2 different shaders. Im currently rendering shapes that represent dice, what i want is if the dice is selected by the user, it draws an outline by drawing the dice completely red and slightly scaled up, then render the proper dice over it. At the moment some of the dice, for some reason, render the wrong dice for the outline, but the right one for the proper foreground dice. Im wondering if they aren't getting their vertex data mixed up somehow. Im not sure if doing something like this is even allowed in openGL: glGenBuffers(1, &_vertexBuffer); glBindBuffer(GL_ARRAY_BUFFER, _vertexBuffer); glBufferData(GL_ARRAY_BUFFER, numVertices*sizeof(GLfloat), vertices, GL_STATIC_DRAW); glEnableVertexAttribArray(effect->vertCoord); glVertexAttribPointer(effect->vertCoord, 3, GL_FLOAT, GL_FALSE, 0, 0); glEnableVertexAttribArray(effect->toon_vertCoord); glVertexAttribPointer(effect->toon_vertCoord, 3, GL_FLOAT, GL_FALSE, 0, 0); im trying to bind the vertex data to 2 different shaders here when i load my first shader i have: vertCoord = glGetAttribLocation(TexAndLighting, "position"); and the other shader has: toon_vertCoord = glGetAttribLocation(Toon, "position"); if I use the shaders independently of each other they work fine, but when i try to render both one on top of the other they get the model mixed up some times. here is how my draw function looks: - (void) draw { [EAGLContext setCurrentContext:context]; glBindVertexArrayOES(_vertexArray); effect->modelViewMatrix = mvm; effect->numberColour = GLKVector4Make(numbers[colorSelected].r, numbers[colorSelected].g, numbers[colorSelected].b, 1); effect->faceColour = GLKVector4Make(faceColors[colorSelected].r, faceColors[colorSelected].g, faceColors[colorSelected].b, 1); if(selected){ [effect drawOutline]; //this function prepares the shader glDrawElements(GL_TRIANGLES, numIndices, GL_UNSIGNED_SHORT, 0); } [effect prepareToDraw]; //same with this one glDrawElements(GL_TRIANGLES, numIndices, GL_UNSIGNED_SHORT, 0); } this is what it looks like, as you can see most of the outlines are using the wrong dice, or none at all: links to full code: http://pastebin.com/yDKb3wrD Dice.mm //rendering stuff http://pastebin.com/eBK0pzrK Effects.mm //shader stuff http://pastebin.com/5LtDAk8J //my shaders, shouldn't be anything to do with them though TL;DR: trying to use 2 different shaders that use the same vertex data, but its getting the models mixed up when rendering using both at the same time, well thats what i think is going wrong, quite stumped actually.

    Read the article

  • MVC Serve audio files while preventing direct linking using HttpResponseBase

    - by VinceGeek
    I need to be able to serve audio files to an mvc app while preventing direct access. Ideally the page would render with a player control so the user can start/stop the audio linked to the database record (audio files are in a folder not the db). I have a controller action like this: Response.Clear(); Response.ContentType = "audio/wav"; Response.TransmitFile(audioFilename); Response.End(); return Response; and the view uses the RenderAction method <% Html.RenderAction("ServeAudioFile"); %> this works but it won't display inline on the existing view, it opens a new page with just the media control. Am I totally barking up the wrong tree or is there a way to embed the response in the existing view? works exactly as I would like but I can't control access to the file.

    Read the article

  • Getting camera preview data without using a preview callback

    - by velocipedestrian
    I have an app that does some processing to camera preview frames before displaying them to the user. I'm currently using preview callbacks to access the image data, but the problem I have is that the onPreviewFrame() function stops getting called if you start recording video using a MediaRecorder, and I want the processing to continue when video is being recorded. I've tried doing the following: public static Bitmap convertViewToBitmap(View view) { Bitmap bitmap = Bitmap.createBitmap(view.getWidth(),view.getHeight(), Bitmap.Config.ARGB_8888); view.draw(new Canvas(bitmap)); return bitmap; } to convert the preview surface to a bitmap, but when I pass the preview SurfaceView to the function it returns an all-black bitmap (it works when I test it on normal views though). Is there any other way I can access the image data if preview callbacks are not available?

    Read the article

  • Barplot in R, aggregation of sampled data

    - by Felix
    Hello, I want an stacked barplot, or at least two barplots (histogramms) of the data below. But I cant't figure out how. plot(online) is not the solution, I´m looking for. Please see below. online offline 1 sehrwichtig wichtig 2 wichtig unwichtig 3 sehrwichtig unwichtig 4 sehrwichtig sehrwichtig 5 sehrwichtig sehrwichtig 6 sehrwichtig unwichtig 7 sehrwichtig unwichtig 8 wichtig wichtig 9 wichtig unwichtig 10 sehrwichtig sehrwichtig 11 sehrwichtig wichtig 12 sehrwichtig unwichtig 13 wichtig sehrwichtig 14 sehrwichtig wichtig I know I need a step, where the data is aggregated to: online offline sehrwichtig 6 7 unwichtig 0 1 wichtig 3 5 But how?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 417 418 419 420 421 422 423 424 425 426 427 428  | Next Page >