Search Results

Search found 120608 results on 4825 pages for 'code access security'.

Page 55/4825 | < Previous Page | 51 52 53 54 55 56 57 58 59 60 61 62  | Next Page >

• Looking for resources to explain a security risk.

  - by Dave

  I've a developer which has given users the ability to download a zip archive which contains an html document which references a relative javascript file and flash document. The flash document accepts as one of it's parameters a url which is embedded in the html document. I believe that this archive is meant to be used as a means to transfer an advertisement to someone who would use the source to display the ad on their site, however the end user appears to want to view it locally. When one opens the html document the flash document is presented and when the user clicks on the flash document it redirects to this embedded url. However, if one extracts the archive on the desktop and opens the html document in a browser and clicks the flash object, nothing observable happens, they will not be redirected to the external url. I believe this is a security risk because one is transferring from the local computer zone to an external zone. I'm trying to determine the best way to explain this security risk in the simplest of terms to a very end user. They simply believe it's "broken" when it's not broken, they're being protected from a known vulnerability. The developer attempted to explain how to copy the files to a local iis instance, which I highly doubt is running on the users machine, and I do not consider this to be a viable explanation.

  Read the article

• Security considerations processing emails

  - by Timmy O' Tool

  I have process that will be reading emails from an account. The objective of the process is saving to a database those emails with image(s) as attachments. I will be saving sender, subject body and image path (the image will be saved on the process). I will be showing this information on a page so I would like to know all (or most of them :) ) security aspects to cover. I plan to sanitize the subject and body of the email. I can remove most of the tags, probably it would be enough keeping the <p> tag. I'm not sure if I can trust just in a sanitizer. I would like to HTML encode everything except for the <p> tag after sanitize, just in case. Any suggestion? I'm only accepting images as attachment as I said above, any security risk I have to take into account in relation to the attachment? Thanks!

  Read the article

• How do I remove a root kit from Windows XP?

  - by Chloe

  I was looking for root kits following these instructions http://computersight.com/software/how-to-manually-remove-rootkit/ and saw this in my boot log: Loaded driver \SystemRoot\System32\Drivers\awhk9fmc.SYS I tried to search for that filename in Google but there was absolutely nothing found. I tried to look at the file on the disk but could not find it. Nearly every other file is there. I even tried to boot in Windows 98 and mount the NTFS and see the file, but it still wasn't there. I ran a full scan with Microsoft Security Essentials but it found nothing. When I rebooted, I saw this line instead: Loaded driver \SystemRoot\System32\Drivers\a6n163gl.SYS How can I remove this? How can I find out what it does? How can I find out when it was put in? How can I find out who wrote it? Here is my full boot log: Service Pack 3 10 31 2012 17:35:36.500 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver sptd.sys Loaded driver ACPI.sys Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver pciide.sys Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver disk.sys Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver MpFilter.sys Loaded driver KSecDD.sys Loaded driver WudfPf.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver uagp35.sys Loaded driver Mup.sys Loaded driver \SystemRoot\system32\DRIVERS\amdk7.sys Loaded driver \SystemRoot\system32\DRIVERS\sisgrp.sys Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys Loaded driver \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys Loaded driver \SystemRoot\system32\drivers\cmuda.sys Loaded driver \SystemRoot\system32\DRIVERS\usbohci.sys Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\system32\DRIVERS\sisnicxp.sys Loaded driver \SystemRoot\System32\Drivers\avzk9sf5.SYS Loaded driver \SystemRoot\system32\DRIVERS\fdc.sys Loaded driver \SystemRoot\system32\DRIVERS\serial.sys Loaded driver \SystemRoot\system32\DRIVERS\serenum.sys Loaded driver \SystemRoot\system32\DRIVERS\parport.sys Loaded driver \SystemRoot\system32\DRIVERS\gameenum.sys Loaded driver \SystemRoot\system32\DRIVERS\serscan.sys Loaded driver \SystemRoot\system32\drivers\DrmCAudio.sys Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\system32\DRIVERS\psched.sys Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys Loaded driver \SystemRoot\system32\DRIVERS\tap0901.sys Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys Loaded driver \SystemRoot\system32\DRIVERS\update.sys Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\system32\DRIVERS\dtsoftbus01.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\system32\DRIVERS\flpydisk.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\system32\DRIVERS\srvkp.sys Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\system32\DRIVERS\ctxusbm.sys Loaded driver \??\C:\WINDOWS\system32\drivers\cbfs3.sys Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Did not load driver \SystemRoot\System32\Drivers\StarOpen.SYS Loaded driver \SystemRoot\system32\DRIVERS\srv.sys Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\Drivers\HTTP.sys

  Read the article

• Best approach to create a security environment in Java

  - by Tom Brito

  I need to create a desktop application that will run third party code, and I need to avoid the third party code from export by any way (web, clipboard, file io) informations from the application. Somethig like: public class MyClass { private String protectedData; public void doThirdPartyTask() { String unprotedtedData = unprotect(protectedData); ThirdPartyClass.doTask(unprotectedData); } private String unprotect(String data) { // ... } } class ThirdPartyClass { public static void doTask(String unprotectedData) { // Do task using unprotected data. // Malicious code may try to externalize the data. } } I'm reading about SecurityManager and AccessControler, but I'm still not sure what's the best approach to handle this. What should I read about to do this implementation?

  Read the article

• Property on business objects - getting and setting

  - by Mike

  Hi, I am using LINQ to SQL for the DataAccess layer. I have similar business objects to what is in the data access layer. I have got the dataprovider getting the message #23. On instantiation of the message, in the message constructor, it gets the MessageType and makes a new instance of MessageType class and fills in the MessageType information from the database. Therefore; I want this to get the Name of the MessageType of the Message. user.Messages[23].MessageType.Name I also want an administrator to set the MessageType user.Messages[23].MessageType = MessageTypes.LoadType(3); but I don't want the user to publicly set the MessageType.Name. But when I make a new MessageType instance, the access modifier for the Name property is public because I want to set that from an external class (my data access layer). I could change this to property to internal, so that my class can access it like a public variable, and not allow my other application access to modify it. This still doesn't feel right as it seems like a public property. Are public access modifiers in this situation bad? Any tips or suggestions would be appreciated. Thanks.

  Read the article

• QR Codes for Files on Google Code

  - by Synetech inc.

  Hi, When you download files from Google Code now (example), in addition to the text version of the SHA1 hash, it includes a QR code of it. The device that the file was downloaded to is the one that has to hash the file. But, if it can download the file (ie, has access to the webpage), it also has access to the text version of the hash, so the QR code seems completely useless—and more work to decode when the raw text is available. How would reading the hash into a mobile phone allow you to verify the file you download to the computer? Or if you download the file to the phone, how would you use the phone to take a picture of the QR code displayed on the webpage on its own screen? Does anyone know what the point to the QR code is or how you would use it to verify the downloaded file (I don’t mean QR codes in general, but specifically in this context).

  Read the article

• What to watch out for when writing code at an Interview?

  - by Philip

  Hi, I have read that at a lot of companies you have to write code at an interview. On the one hand I see that it makes sense to ask for a work sample. On the other hand: What kind of code do you expect to be written in 5 minutes? And what if they tell me "Write an algorithm that does this and that" but I cannot think of a smart solution or even write code that doesn't semantically work? I am particularly interested in that question because I do not have that much commercial programming experience, 2 years part-time, one year full-time. (But I am interested in programming languages since nearly 15 years though usually I was more concentrated in playing with the language rather than writing large applications...) And actually I consider my debugging and problem solving skills much better than my coding skills. I sometimes see myself not writing the most beautiful code when looking back, but on the other hand I often come up with solutions for hard problems. And I think I am very good at optimizing, fixing, restructuring existing code, but I have problems with writing new applications from scratch. The software design sucks... ;-) Therefore I don't feel comfortable when thinking about this code writing situation at an interview... So what do the interviewers expect? What kind of information about my code writing are they interested in? Philip

  Read the article

• Rawr Code Clone Analysis&ndash;Part 0

  - by Dylan Smith

  Code Clone Analysis is a cool new feature in Visual Studio 11 (vNext).  It analyzes all the code in your solution and attempts to identify blocks of code that are similar, and thus candidates for refactoring to eliminate the duplication.  The power lies in the fact that the blocks of code don't need to be identical for Code Clone to identify them, it will report Exact, Strong, Medium and Weak matches indicating how similar the blocks of code in question are.   People that know me know that I'm anal enthusiastic about both writing clean code, and taking old crappy code and making it suck less. So the possibilities for this feature have me pretty excited if it works well - and thats a big if that I'm hoping to explore over the next few blog posts. I'm going to grab the Rawr source code from CodePlex (a World Of Warcraft gear calculator engine program), run Code Clone Analysis against it, then go through the results one-by-one and refactor where appropriate blogging along the way.  My goals with this blog series are twofold: Evaluate and demonstrate Code Clone Analysis Provide some concrete examples of refactoring code to eliminate duplication and improve the code-base Here are the initial results:   Code Clone Analysis has found: 129 Exact Matches 201 Strong Matches 300 Medium Matches 193 Weak Matches Also indicated is that there was a total of 45,181 potentially duplicated lines of code that could be eliminated through refactoring.  Considering the entire solution only has 109,763 lines of code, if true, the duplicates lines of code number is pretty significant. In the next post we’ll start examining some of the individual results and determine if they really do indicate a potential refactoring.

  Read the article

• How do you stay productive when dealing with extremely badly written code?

  - by gaearon

  I don't have much experience in working in software industry, being self-taught and having participated in open source before deciding to take a job. Now that I work for money, I also have to deal with some unpleasant stuff, which is normal of course. Recently I was assigned to add logging to a large SharePoint project which is written by some programmer who obviously was learning to code on the job. After 2 years of collaboration, the client switched to our company, but the damage was done, and now somehow I need to maintain this code. Not that the code was too hard to read. Despite problems - each project has one class with several copy-pasted methods, enormous if nestings, Systems Hungarian, undisposed connections — it's still readable. However, I found myself absolutely unproductive despite working on something as simple as adding logging. Basically, I just need to go through the code step by step and add some trace calls. However, the idiocy of the code is so annoying that I get tired within 10 minutes of starting. In the beginning, I used to add using constructs, reduce nesting by reversing if's, rename the variables to readable names—but the project is large, and eventually I gave up. I know this is not the task I should be doing, but at least reducing the mess gave me some kind of psychological reward so I could keep going. Now the trick stopped working, and I still have 60% of my work to do. I started having headaches after work, and I no longer get the feeling of satisfaction I used to get - which would usually allow me to code for 10 hours straight and still feel fresh. This is not just one big rant, for I really do have an actual question: Is there a way to stay productive and not to fight the windmills? Is there some kind of psychological trick to stay focused on the task, instead of thinking “How stupid is that?” each time I see another clever trick by the previous programmer? The problem with adding logging is that I actually have to understand what the code does, and doing so hurts my brain in an unpleasant fashion.

  Read the article

• Which reference provides your definition of "elegant" or "beautiful" code?

  - by Donnied

  This question is phrased in a very specific way - it asks for references. There was a similar question posted which was closed because it was considered a duplicate to a good code question. The Programmers FAQ points out that answers should have references - or its just an unproductive sharing of (seemingly) baseless opinions. There is a difference between shortest code and most elegant code. This becomes clear in several seminal texts: Dijkstra, E. W. (1972). The humble programmer. Communications of the ACM, 15(10), 859–866. Kernighan, B. W., & Plauger, P. J. (1974). Programming style: Examples and counterexamples. ACM Comput. Surv., 6(4), 303–319. Knuth, D. E. (1984). Literate programming. The Computer Journal, 27(2), 97–111. doi:10.1093/comjnl/27.2.97 They all note the importance of clarity over brevity. Kernighan & Plauger (1974) provide descriptions of "good" code, but "good code" is certainly not synonymous with "elegant". Knuth (1984) describes the impo rtance of exposition and "excellence of style" to elegant programs. He cites Hoare - who describes that code should be self documenting. Dijkstra (1972) indicates that beautiful programs optimize efficiency but are not opaque. This sort of conversation is qulaitatively different than a random sharing of opinions. Therefore, the question - Which reference provides your definition of "elegant" or "beautiful" code? "Which *reference*" is not subjective - anything else will most likely shut the thread down, so please supply *references* not opinions.

  Read the article

• Copy-and-Pasted Test Code: How Bad is This?

  - by joshin4colours

  My current job is mostly writing GUI test code for various applications that we work on. However, I find that I tend to copy and paste a lot of code within tests. The reason for this is that the areas I'm testing tend to be similar enough to need repetition but not quite similar enough to encapsulate code into methods or objects. I find that when I try to use classes or methods more extensively, tests become more cumbersome to maintain and sometimes outright difficult to write in the first place. Instead, I usually copy a big chunk of test code from one section and paste it to another, and make any minor changes I need. I don't use more structured ways of coding, such as using more OO-principles or functions. Do other coders feel this way when writing test code? Obviously I want to follow DRY and YAGNI principles, but I find that test code (automated test code for GUI testing anyway) can make these principles tough to follow. Or do I just need more coding practice and a better overall system of doing things? EDIT: The tool I'm using is SilkTest, which is in a proprietary language called 4Test. As well, these tests are mostly for Windows desktop applications, but I also have tested web apps using this setup as well.

  Read the article

• How would you react if someone told you your code is a mess?

  - by newbie

  I am a good programmer, or so I thought before. I always love to program. And I want to learn many things about programming to make me a better programmer. I studied programming for 1 year and now I am working as a programmer for almost 2 years. So in short, I have almost 3 years programming experience. Our team is composed of 5 programmers, and 4 of us are new, 1 has more than 3 year experience. We've been working for a program for almost a year now and nobody ever review my code and I was given a page to work with. We never had a code review and we are all new so we don't know what is a clean code looks like. I think programmers learn by themselves? We deployed our program to the program without thorough testing. Now it is tight and we need an approval and code review first before we make changes with the code. For the first time, someone reviews my code and he says it is a mess. I feel so sad and hurt. I really love programming and making them say something like that really hurts me. I really want to improve myself. But it seems like I'm not a genius programmer like in the movies. Can you give me advise on how to be better? Have you ever experience something criticizing your code and you feel really hurt? What do you do on those events.. Thank you

  Read the article

• How to setup a Wireless Access-Point using my laptop's WiFi card?

  - by Abdul Karim Memon

  want to share my Laptops (running Ubuntu 10.10) Broadband with my Android (Galaxy Mini) running 2.2.1. Since Androids currently do not support ad-hoc networks so the "Create new wireless network.." won't help. Q1) How do i setup a Wireless Access Point using my Laptops WiFi card? Q2) What is the difference between an "ad-hoc" network and an "access point"? **abdulkarim@aK-laptop**:~$ lspci | grep ireless 03:00.0 Network controller: Atheros Communications Inc. AR9287 Wireless Network Adapter (PCI-Express) (rev 01) iw list Wiphy phy0 Band 1: Capabilities: 0x11ce HT20/HT40 SM Power Save disabled RX HT40 SGI TX STBC RX STBC 1-stream Max AMSDU length: 7935 bytes DSSS/CCK HT40 Maximum RX AMPDU length 65535 bytes (exponent: 0x003) Minimum RX AMPDU time spacing: 8 usec (0x06) HT TX/RX MCS rate indexes supported: 0-15 Frequencies: * 2412 MHz [1] (20.0 dBm) * 2417 MHz [2] (20.0 dBm) * 2422 MHz [3] (20.0 dBm) * 2427 MHz [4] (20.0 dBm) * 2432 MHz [5] (20.0 dBm) * 2437 MHz [6] (20.0 dBm) * 2442 MHz [7] (20.0 dBm) * 2447 MHz [8] (20.0 dBm) * 2452 MHz [9] (20.0 dBm) * 2457 MHz [10] (20.0 dBm) * 2462 MHz [11] (20.0 dBm) * 2467 MHz [12] (20.0 dBm) (passive scanning) * 2472 MHz [13] (20.0 dBm) (passive scanning) * 2484 MHz [14] (disabled) Bitrates (non-HT): * 1.0 Mbps * 2.0 Mbps (short preamble supported) * 5.5 Mbps (short preamble supported) * 11.0 Mbps (short preamble supported) * 6.0 Mbps * 9.0 Mbps * 12.0 Mbps * 18.0 Mbps * 24.0 Mbps * 36.0 Mbps * 48.0 Mbps * 54.0 Mbps max # scan SSIDs: 4 Supported interface modes: * IBSS * managed * ** AP * AP/VLAN** * monitor * mesh point Supported commands: * new_interface * set_interface * new_key * new_beacon * new_station * new_mpath * set_mesh_params * set_bss * authenticate * associate * deauthenticate * disassociate * join_ibss * Unknown command (55) * Unknown command (57) * Unknown command (59) * set_wiphy_netns * Unknown command (65) * connect * disconnect

  Read the article

• Is full partition encryption the only sure way to make Ubuntu safe from external access?

  - by fred.bear

  (By "external access", I mean eg. via a Live CD, or another OS on the same dual-boot machine) A friend wants to try Ubuntu. He's fed up with Vista grinding to a crawl (the kids? :), so he likes the "potential" security offered by Ubuntu, but because the computer will be multi-booting Ubuntu (primary) and 2 Vistas (one for him, if he ever needs it again, and the other one for the kids to screw up (again). However, he is concerned about any non-Ubuntu access to the Ubuntu partitions (and also to his Vista partition)... I believe TrueCrypt will do the job for his Vista, but I'd like to know what the best encryption system for Ubuntu is... If TrueCrypt works for Ubuntu, it may be the best option for him, as it would be the same look and feel for both. Ubuntu will be installed with 3 partitions; 1) root 2) home 3) swap.. Will Ubuntu's boot loader clash with TrueCrypt's encrypted partition? PS.. Is encryption a suitable solution?

  Read the article

• [DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.

  - by ryw

  Our ASP/IIS web server talks to a SQL 2005 db server. Eventually, without a pattern, some pages start showing error instead of the page content: [DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error. Rebooting web server resolves it. Anyone know about it?

  Read the article

• SharePoint: You cannot grant limited access permission level

  - by chiccodoro

  In my team, we implemented some UI to set user access rights (assign/revoke permission levels) on a certain SharePoint list. The UI supplies a "undo" feature: If you change the rights over the UI, you can restore the rights the user had before by clicking "undo". Now there is a problem if the user had the "Limited Access" permission level: This permission level is removed when you do a change over the UI. When trying to Undo, the permission level should be added again, which leads to a You cannot grant a user the limited access permission level. I've read that SharePoint grants that right automatically when a user gets access to some entity beneath the site. Still I can revoke the right manually, but then I cannot re-grant it. Is there a proper way I could work around that? My thoughts: Did I get it right that this "limited access" is granted by SharePoint on the site level only? So, do all the lists beneath the site only contain that permission level "accidentally" because they inherit it? Does that permission level have any effect at all on a list, or does it only apply to the site itself? So, would it be save to just remove it from a list and do not add it anymore when the user clicks "undo", since it has no effect anyway? (My UI always works on list / list item level, never on the whole site/web).

  Read the article

• How to set up Mercurial with ssl/security

  - by Sam Lee

  I've been following the hginit.com tutorial on how to use mercurial. Everything is going fine except it uses push_ssl=False. This does not work for my situation because I want pushes (and pulls if possible) to be secure. All the tutorials I've been able to find also use push_ssl=False. Can anyone give me pointers on how to set up ssl/security for Mercurial? Thanks.

  Read the article

• Web Security: Worst-Case Situation

  - by Yongho

  I currently have built a system that checks user IP, browser, and a random-string cookie to determine if he is an admin. In the worst case, someone steals my cookie, uses the same browser I do, and masks his IP to appear as mine. Is there another layer of security I should add onto my script to make it more secure?

  Read the article

• MySQL - connection and security

  - by Phil Jackson

  Hi, I was wondering if someone could tell me if there is any potential security breeches that could occur by connecting to a sql database that does not reside at 'localhost' i.e. via ip address? Regards, Phil

  Read the article

• How to refresh linked tables in an Access mdb when ODBC changes

  - by beta tester ben

  I can create an Access mdb and add a linked table to an Sql Server database via ODBC. If I change the Sql Server that the ODBC is connecting to with the ODBC control panel applet the mdb still connects to the original Sql Server until Access is restarted. Is there a way to relink these linked server tables without restarting Access? EDIT: I would like to do this in code

  Read the article

• Relative connection string to AzMan XML store when using security application block

  - by David Hall

  Is it possible to specify a relative connection string for an AzMan XML store? My current connection string is connectionString="msxml://c:/azman.xml" but I really need to make that relative so other developers and automated builds can get the latest authorization store. MS documentation seems to suggest that connectionString="msxml://azman.xml" should work but that throws a The request is not supported error. EDIT: I realised that the fact I'm using AzMan through the Enterprise Library Security Application Block was important to the question.

  Read the article

• Reports in MS Access after compiling into MDE file

  - by devnet

  I am currently working on a MS Access 2003 mdb file which is converted to an mde file before being published. How do I go about enabling the reports function of MS Access once this is converted? or better still is there a alternative to the reporting in MS Access? opensouce or free? Thanks in advnace. MB

  Read the article

• Configuring security in ASP.NET MVC at runtime

  - by Andrew

  Is it possible to have security in ASP.NET MVC configurable at runtime? For example, if I have a controller that has been marked as [Authorize(Roles="Admin")] Is there a way to add/remove roles at runtime? Or, do you have to change it in code and re-compile?

  Read the article

• Which Secure Software Development Practices do you Employ?

  - by Michael Howard-MSFT

  I work on a project known as the Security Development Lifecycle (SDL) project at Microsoft (http://microsoft.com/sdl) - in short it's a set of practices that must be used by product groups before they ship products to help improve security. Over the last couple of years, we have published a great deal of SDL documentation, as customers ask for more information about what we're doing. But what I'd like to know is: 1) What are you doing within your organization to help improve the security of your product? 2) What works? What doesn't work? 3) How did you get management to agree to this work? Thanks.

  Read the article

• Handling form security

  - by Harun Baris Bulut

  So how do you maintain the form security about posting data to different page problem? For instance you have a member and he/she tries to change the personal settings and you redirected member to www.domain.com/member/change/member_id member changed the values and post the data to another page by changing the action with firebug or something else. For instance www.domain.com/member/change/member_id_2 How do you handle this problem without using sessions?

  Read the article

< Previous Page | 51 52 53 54 55 56 57 58 59 60 61 62  | Next Page >