Search Results

Search found 41147 results on 1646 pages for 'database security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 428/1646 | < Previous Page | 424 425 426 427 428 429 430 431 432 433 434 435  | Next Page >

  • Using directory traversal attack to execute commands

    - by gAMBOOKa
    Is there a way to execute commands using directory traversal attacks? For instance, I access a server's etc/passwd file like this http://server.com/..%01/..%01/..%01//etc/passwd Is there a way to run a command instead? Like... http://server.com/..%01/..%01/..%01//ls ..... and get an output? EDIT: To be clear here, I've found the vuln in our company's server. I'm looking to raise the risk level (or bonus points for me) by proving that it may give an attacker complete access to the system

    Read the article

  • Validate authenticity of website owner

    - by Cyber Junkie
    Hello all! I'm planning to develop a web app where users will list their site/blog. When people submit their sites, how can I confirm that they are the owners of it? So for instance there is a user Mark who wants to submit someone else's website without their approval. I want to restrict Mark from doing so unless he is the actual owner. My idea was to do a comparison between the user's email domain and the website domain she/he wants to submit. If they match allow the user to submit the website. However most people don't register with their website domain address.. or perhaps I'll implement a Facebook connect in the future. What other methods would you suggest?

    Read the article

  • Is this a secure way to structure a mysql_query in PHP

    - by Supernovah
    I have tried and tried to achieve an SQL injection by making custom queries to the server outside of firefox. Inside the php, all variables are passed into the query in a string like this. Note, by this stage, $_POST has not been touched. mysql_query('INSERT INTO users (password, username) VALUES(' . sha1($_POST['password']) . ',' . $_POST['username'] . ')); Is that a secure way to make a change?

    Read the article

  • Should I convert overly-long UTF-8 strings to their shortest normal form?

    - by Grant McLean
    I've just been reworking my Encoding::FixLatin Perl module to handle overly-long UTF-8 byte sequences and convert them to the shortest normal form. My question is quite simply "is this a bad idea"? A number of sources (including this RFC) suggest that any over-long UTF-8 should be treated as an error and rejected. They caution against "naive implementations" and leave me with the impression that these things are inherently unsafe. Since the whole purpose of my module is to clean up messy data files with mixed encodings and convert them to nice clean utf8, this seems like just one more thing I can clean up so the application layer doesn't have to deal with it. My code does not concern itself with any semantic meaning the resulting characters might have, it simply converts them into a normalised form. Am I missing something. Is there a hidden danger I haven't considered?

    Read the article

  • How can I gain root access on a Mac OS X system without wiping the OS?

    - by Richard T
    My father died recently and I've inherited his Mac. I'd love to put it to use in my own life, but I don't want to wipe its brains out just so I can reconfigure it to use in my network, etc. His old files are historically important to me—I trust you can understand my desire to keep them. I can log in as I had an account on the machine before he passed, but that's about it.

    Read the article

  • Secure way to run other people code (sandbox) on my server?

    - by amikazmi
    I want to make a web service that run other people code locally... Naturally, I want to limit their code access to certain "sandbox" directory, and that they wont be able to connect to other parts of my server (DB, main webserver, etc) Whats the best way to do it? Run VMware/Virtualbox: (+) I guess it's as secure as it gets.. even if someone manage to "hack".. they only hack the guest machine (+) can limit the cpu & memory the process uses (+) easy to setup.. just create the VM (-) harder to "connect" the sandbox directory from the host to the guest (-) wasting extra memory and cpu for managing the VM Run underprivileged user: (+) doesnt waste extra resources (+) sandbox directory is just a plain directory (?) cant limit cpu and memory? (?) dont know if it's secure enough... Any other way? Server running Fedora Core 8, the "other" codes written in Java & C++

    Read the article

  • Rails - How to secure foreign keys and still allow association selection

    - by Bryce
    For simplicity, assume that I have a simple has-many-through relationship class User < ActiveRecord::Base has_many :courses, :through => :registrations end class Registration < ActiveRecord::Base belongs_to :user belongs_to :course end class Course < ActiveRecord::Base has_many :users, :through => :registrations end I want to keep my app secure, so I use attr_accessible to whitelist my attributes. My question is twofold: How would I set up my whitelist attributes such that I could create a new Registration object through a form (passing in :user and :course, but not risk allowing those foreign keys to be maliciously updated later? How would I set up my validations such that both belongs_to associations are required BUT also allow for Registration objects to be created in nested forms?

    Read the article

  • Latest stream cipher considered reasonably secure & easy to implement?

    - by hythlodayr
    (A)RC4 used to fit the bill, since it was so simple to write. But it's also less-than-secure these days. I'm wondering if there's a successor that's: Code is small enough to write & debug within an hour or so, using pseudo code as a template. Still considered secure, as of 2010. Optimized for software. Not encumbered by licensing issues. I can't use crypto libraries, otherwise all of this would be moot. Also, I'll consider block algorithms though I think most are pretty hefty. Thanks.

    Read the article

  • Are sessions modifiable by the client/user?

    - by Sev
    In my PHP Web-App I use sessions to store the user's data. For exmaple, if a user logs in, then an instance of the User class is generated and stored in a Session. I have access levels associated with each user to determine their privileges. Store the user in a session by: $_SESSION['currentUser'] = new User($_POST['username']); For example: if($_SESSION['currentUser'] -> getAccessLevel() == 1) { //allow administration functions } where getAccessLevel() is simply a get method in the User class that returns the _accesslevel member variable. Is this secure? Or can the client somehow modify their access level through session manipulation of some sort?

    Read the article

  • What is the best nuclear missile crypto system?

    - by The Rook
    You are on a submarine and there is an encrypted message that you want to read. Two people must use their keys at the same time in order to obtain the plain text. What is best cryptographic primitive to use? Are the following two implementations suitable? plain_text=decrypt(Key1 XOR key2,ciper_text,IV) plain_text=decrypt(Key1,rc4_encrypt(key2,ciper_text,IV2),IV1)

    Read the article

  • Restricting IFRAME access in PHP

    - by m0j0
    I am creating a small web page using PHP that will be accessed as an IFRAME from a couple of sites. I'm wanting to restrict access to this site to work ONLY within the "approved" sites, and not other sites or accessed directly. Does anyone have any suggestions? Is this even possible? The PHP site will be Apache, and the sites iframing the content will probably be .NET. Just to clarify, any site can view the page, as long as it's iframe'd within an approved site. I want to block people from accessing it directly. I'm thinking cookies might be a solution, but I'm not sure.

    Read the article

  • Is there a unique computer identifier that can be used reliably even in a virtual machine?

    - by SaUce
    I'm writing a small client program to be run on a terminal server. I'm looking for a way to make sure that it will only run on this server and in case it is removed from the server it will not function. I understand that there is no perfect way of securing it to make it impossible to ran on other platforms, but I want to make it hard enough to prevent 95% of people to try anything. The other 5% who can hack it is not my concern. I was looking at different Unique Identifiers like Processor ID, Windows Product ID, Computer GUID and other UIs. Because the terminal server is a virtual machine, I cannot locate anything that is completely unique to this machine. Any ideas on what I should look into to make this 95% secure. I do not have time or the need to make it as secure as possible because it will defeat the purpose of the application itself. I do not want to user MAC address. Even though it is unique to each machine it can be easily spoofed. As far as Microsoft Product ID, because our system team clones VM servers and we use corporate volume key, I found already two servers that I have access to that have same Product ID Number. I have no Idea how many others out there that have same Product ID By 95% and 5% I just simply wanted to illustrate how far i want to go with securing this software. I do not have precise statistics on how many people can do what. I believe I might need to change my approach and instead of trying to identify the machine, I will be better off by identifying the user and create group based permission for access to this software.

    Read the article

  • How to check for a file's authenticity ?

    - by Ale_x
    Let's say I write a game application. I want the level of the player to be stored in an external file. How can I prevent a hacker from writing and modifying the file to put another level ? I want the file to be modified by my application only. I can sign the file's content with a key, but then this key will be stored in the application, therefore it would be possible for a hacker to decompile the binary and find the key. Is there any way to do this ?

    Read the article

  • how can i hide the main form when it log out! ??

    - by Azka
    when i click onto login button, login page appears and when i enter the user id and password it proceeds to main form.. but.. when i log out, the main form appears and the controls transfer back to the log in page.. ... i need to hide that main form when it log outs.. ?? is it clear now??

    Read the article

  • Migrating just article contect of Joomla 1.0 to 2.5.x / 3.x?

    - by user2919408
    I have a simple website using Joomla 1.0.15, just having articles in some categories. As i want to install or remove components from admin area, i got : "You are not authorised to view this resource" or something like that. This is uncommon, this site is about 5 years old, and never got error message like that. I think my website is hacked ?? I have set safe_mode = off in php.ini, turn of sh404sef, removing .htaccess file etc ... and it still does not work. Then i try to upgrade to Joomla 2.5.x / 3.x . I found that i must migrate to Joomla 1.5.x first, then from there to 2.5.x. I got problem installing "migration.zip" component in my Joomla 1.0.x (always alert/err message pop up is shown). Is there another way to migrate the website ? May be just get the article section, category, article id and the content of Joomla 1.0.x , then import it to Joomla 2.5.x / 3.x ? I don't need components, modules, mambots (if any) of the old site. How to do it ? Thanks

    Read the article

  • php Mail function; Is this way of using it safe?

    - by Camran
    I have a classifieds website, and inside each classified, there is a small form. This form is for users to be able to tip their "friends": <form action="/bincgi/tip.php" method="post" name="tipForm" id="tipForm"> Tip: <input name="email2" id="email2" type="text" size="30 /> <input type="submit" value="Skicka Tips"/> <input type="hidden" value="<?php echo $ad_id;?>" name="ad_id2" id="ad_id2" /> <input type="hidden" value="<?php echo $headline;?>" name="headline2" id="headline2" /> </form> The form is then submitted to a tip.php page, and here is my Q, is this below code safe, ie is it good enough or do I need to make some sanitations and more safety details? $to = filter_var($_POST['email2'], FILTER_SANITIZE_EMAIL); $ad_id = $_POST['ad_id2']; $headline = $_POST['headline2']; $subject = 'You got a tip'; $message ='Hi. You got a tip: '.$headline.'.\n'; $headers = 'From: [email protected]\r\n'; mail($to, $subject, $message, $headers); I haven't tested the above yet.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 424 425 426 427 428 429 430 431 432 433 434 435  | Next Page >