Search Results

Search found 43347 results on 1734 pages for 'php security'.

Page 80/1734 | < Previous Page | 76 77 78 79 80 81 82 83 84 85 86 87  | Next Page >

• Managing Apache to Compensate for WebDAV's Security Masking

  - by Tohuw

  When a user creates a file via WebDAV, the default behavior is that the file is owned by the user and group running the Apache process, with a umask of 022. Unfortunately, this makes it impossible for unprivileged users to write to the files by other means without being a member of the group Apache runs under (which strikes me as a particularly bad idea). My current solution is to set umask 000 in Apache's envvars and remove all world permissions from the webdav parent directory for the user. So, if the WebDAV share is /home/foo/www, then /home/foo/www is owned by www-data:foo with permissions of 770. This keeps other unprivileged users out, more or less, but it's hokey at best and a security disaster awaiting at worst. From my research and poking around at mod_dav and Apache, I cannot find a reasonable solution short of a cron job flipping all the permissions back (I'd rather not have the load and increased complexity on the server). SuExec won't work, either, because WebDAV operations are not going to execute as a different user. Any thoughts on this? Thank you.

  Read the article

• Microsoft Security Essentials & MsMpEng.exe hogging resources

  - by Mike

  I've been using MSE for a couple months now, never had a single problem. All of a sudden the process "MsMpEng.exe" will randomly go crazy and hog all my system resources so I can't do anything unless I kill it in the task manager. (I've quit the program for now and my comp is running smooth). When I restart the program, reboot, whatever, it goes off and hogs all the resources again after a couple minutes. If I kill the process it will go away and then come back a couple minutes later and do the same thing. I've scanned with MSE, another antivirus and malware with no probs. Any ideas? Should I uninstall and find something else? The thing is I've liked it so far. I'm running Win7 64-bit. Also, I'm not running any other conflicting security programs. This is the only one on my PC right now. Windows Defender is also off.

  Read the article

• Mac Management Without Permission and Security

  - by Bart Silverstrim

  I was going through some literature on managing OS X laptops and asked someone some questions about usage scenarios when using the MacBooks. I asked someone more knowledgeable than I about whether it was possible for my Mac to be taken over if I were visiting another site for a conference or if I went on a wifi network at a local coffee house with policies from an OS X Server with workgroup manager (either legit for the site or someone running a version of OS X Server on hardware they have hidden somewhere on the network), which apparently could be set up to do things like limit my access to Finder or impose other neat whiz-bang management features. He said that it is indeed possible for it to happen as it would be assigned via the DHCP server and the OS X server would assume my Mac is a guest and could hand out restrictions and apparently my Mac will happily accept them without notifying me or giving me an option, unlike Windows which I believe would need to be joined to a domain before it becomes "managed" by Active Directory. So my question is as network admins and sysadmins with users traveling with MacBooks, is there a way to reasonably protect your users from having their machines hijacked without resorting to just turning off networking all the time? Or isn't this much of a security hazard? What threat does this pose to the road warriors in your businesses?

  Read the article

• Resources for Smartphone Security

  - by Shial

  My organization is currently working on improving our data and network security due to increasing HIPAA laws and a general need to get a better grasp on controlling our health related information. We are a non-profit working with people with developmental disabilities so we handle a lot of medical related information. One area that has been identified as a risk is our use of smartphones, specifically at this time Windows Mobile 6.1 devices from T-Mobile. We do not utilize the VPNs on the phones so there isn't any way they can access our databases or file servers (username/password for VPNs is not the domain logons). What would be exposed however is the particular user's email account since you could extract out the username/password and access the email either on the device or on our web email (Exchange 2003) which could contain HIPAA protected confidential information about clients and services and this would be an incident that would have to be reported. What resources or ideas would help us secure these devices? I'm not worried about data interception (using SSL) but more about physical theft or loss of the device. Are there websites that I just have not found with guidelines and suggestions or particualar products that would help protect us? I also don't want to limit the discussion to windows Mobile either. I myself am looking at an android 2.0 device and there is always the eventual possibility we could get pushed to enable the VPNs. I know this is a subject that likely won't have any particular correct answer and it is something we should all be aware of since there devices are sitting outside of our immediate control most of the time.

  Read the article

• Securing SSH/SFTP and best practices on security

  - by MultiformeIngegno

  I'm on a fresh VPS with Ubuntu Server 12.04. I wanted to ask you the good practices to apply to enhance security over a stock Ubuntu-server. This is what I did up to now: I added Google Authenticator to SSH, then I created a new user (whom I'll use instead of 'root' for SSH & SFTP access) which I added to my /etc/sudoers list below 'root', so now it's: # User privilege specification root ALL=(ALL:ALL) ALL new_user ALL=(ALL:ALL) ALL Then I edited sshd_config and set PermitRootLogin to 'no'. Then restarted the ssh service. Is this ok? There are a few things I'd like to ask you though: 1) What's the sense of adding a new (sudoer) user whilst the root user still exist (ok it can't access with root privilege but it's still there..)? 2) System files are owned by 'root'.. I want to use my new_user to access via SFTP but with it I can't edit those files!! Should I mass-CHMOD 'em so that new_user has write perms too? What's the good practice on this? Thanks in advance, I hope you'll tell me if I did something wrong and/or other ways to secure the system. :)

  Read the article

• Can I disable this Windows (XP) Security Warning?

  - by FumbleFingers

  I recently reformatted my hard drive and reinstalled Windows XP (I know I'll have to take the plunge and commit to Win8 "real soon, now", but I'm just not quite ready for the upheaval yet! :) I used to use WinRar (and later, when I got fed up with the "nag" messages, 7-Zip), but I haven't installed either of them in my new configuration, so I must be using the built-in XP facility when I open *.zip files. For years, I've been opening downloaded *.zip archives, and using "drag & drop" to copy to a File Explorer window open on the folder where I want the files to end up (usually, My Documents\Downloads). But now I find that when I "drop" the file(s), I get a pop-up Windows Security Warning saying Are you sure you want to copy or move files to this folder? You should only move or copy files from locations that you trust Can anyone explain why I'm getting this message, and is there any (reasonably easy, please! :) way to suppress it? Since I've already put the *.zip file on my computer, it seems a bit late to ask if I trust it. (Thus far, the files in question have always been plain text, so it's not a matter of dodgy programs, etc.) Apologies for the low quality image - I don't have the appropriate tools or knowledge to do any better, and it doesn't help that my "PrtScr" screen capture has included what would have been on my second monitor (TV) if it had been turned on. If you can't read it, trust me - I have copied the text verbatim.

  Read the article

• Hiding subfolders from users with Windows Server security

  - by Frans

  Using Windows Server 2008. I would like to allow all users to map to a common network drive and be able to browse it. But, I only want them to be able to see the subfolders they actually have access rights to. Is this doable? Example I have a share with two folders on it; \\domain\share\FolderA \\domain\share\FolderB With three different security groups, I would like to map a network drive for all three to \\domain\share. However, for group1, I want them to only be able to see FolderA, group2 should only see FolderB and group3 should see both. I am not just talking about denying access to the actual folder, which is easy enough, I don't want the user to even be able to see that the folder exists. In other words, when group 1 logs in and do "dir n:\" they should see N:\FolderA When group 2 logs in, they should see N:\FolderB and when group 3 logs in they should see N:\Folder A N:\Folder B My half-baked solution If I completely block access to the root then I can't map a drive to it. I can give everyone the traverse right which then allows the user to map a drive. However, if a member of group1 or group2 tries to go to "N:\" they get an access denied error. If they go to N:\FolderA (for group1) then it works. So, that sort of works, but it would be nicer if the user could actually browse to N:\ and just only see the subfolders they have access to. I am pretty sure I have seen this done but not sure how to do it myself. Any advice would be greatly appreciated.

  Read the article

• Windows 2008 server smart card security module problem

  - by chris13work

  Hi, I've got a smart card reader and a server application using it as a security module. If I run it under DOS prompt, everything is fine. The server is running and clients can connect to it. I tried to install the server as window service and start it. The server starts but always gives back authentication error because it cannot call the smart card to do encryption. Then I tried to start it with task scheduler and set the trigger factor as "on startup". The server starts also but still cannot access the smart card reader. Then I tried remote desktop to the machine and run the server application under DOS prompt. Same error is returned. The situation is that the smart card reader only works under active console desktop environment. In the server application, WINSCARD API is used to access the smart card reader. Any suggestion so that we can access the smart card reader in running services? OS: Windows Server 2008 Smart Card Driver: Windows USB smart card Reader Smart Card API: WINSCARD

  Read the article

• Windows 2008 server smart card security module problem

  - by chris13work

  Hi, I've got a smart card reader and a server application using it as a security module. If I run it under DOS prompt, everything is fine. The server is running and clients can connect to it. I tried to install the server as window service and start it. The server starts but always gives back authentication error because it cannot call the smart card to do encryption. Then I tried to start it with task scheduler and set the trigger factor as "on startup". The server starts also but still cannot access the smart card reader. Then I tried remote desktop to the machine and run the server application under DOS prompt. Same error is returned. The situation is that the smart card reader only works under active console desktop environment. In the server application, WINSCARD API is used to access the smart card reader. Any suggestion so that we can access the smart card reader in running services? OS: Windows Server 2008 Smart Card Driver: Windows USB smart card Reader Smart Card API: WINSCARD

  Read the article

• Webcam security camera software that runs as a service

  - by hurfdurf

  I've been looking for Windows webcam software that will run as a Windows service without any user login. The goal is to use the webcam as a cheap security camera and log the results to secure networked storage (windows share, not FTP). The requirements are: Motion detection Video capture Runs as a service (should start recording immediately after reboot) Nice to have: Round-robin storage, e.g. 10Gb limit, oldest files overwritten/deleted when space gets low I've read the other webcam questions but still haven't stumbled across anything suitable. Evaluations thus far: Title MotionDetect Service Snapshots Video SpaceLimit License Yawcam Yes Yes Yes No No GPL WebCam ZoneTrigger Yes No Yes Yes No Commercial Dorgem Yes No Yes Yes No GPL AbelCam Yes No Yes Yes No Commercial Logitech Yes No Yes Yes No Paired with camera IspyConnect Yes No Yes Yes Yes Free SecureCam (SourcefoYes No Yes Yes No GPL AbelCam Yes No Yes Yes No Commercial Active WebCam Yes Yes(?) Yes Yes Volume Free Commercial WebCam Surveyor Yes No Yes Yes No Commercial WebCamsPy NA NA NA NA NA GPL Camera: Logitech Webcam Pro 9000 Windows 7 32-bit WebCamsPy failed to initialize so couldn't be tested So far, the contenders: Active Webcam comes the closest, and claims to run as a service, but i haven't been able to get it to record after a cold boot even though a service is running. Yawcam can be set up as a service but doesn't record video. IspyConnect has exactly the type of space limit I want and looks great, but doesn't run as a service (seems also to be a bit of a cpu hog) Any other suggestions? I'm locked into Windows so can't use linux Motion, which looks almost perfect. Any pointers to rich Windows webcam/motion detection libraries out there that could easily be turned into a command line program would also be appreciated.

  Read the article

• Linux security: The dangers of executing malignant code as a standard user

  - by AndreasT

  Slipping some (non-root) user a piece of malignant code that he or she executes might be considered as one of the highest security breaches possible. (The only higher I can see is actually accessing the root user) What can an attacker effectively do when he/she gets a standard, (let's say a normal Ubuntu user) to execute code? Where would an attacker go from there? What would that piece of code do? Let's say that the user is not stupid enough to be lured into entering the root/sudo password into a form/program she doesn't know. Only software from trusted sources is installed. The way I see it there is not really much one could do, is there? Addition: I partially ask this because I am thinking of granting some people shell (non-root) access to my server. They should be able to have normal access to programs. I want them to be able to compile programs with gcc. So there will definitely be arbitrary code run in user-space...

  Read the article

• PHP, javascript, single quote problems with IE when passing variable from ajax post to javascript fu

  - by Mattis

  Hi! I have been trying to get this to work for a while, and I suspect there's an easy solution that I just can't find. My head feels like jelly and I would really appreciate any help. My main page.php makes a .post() to backend.php and fetches a list of cities which it echoes in the form of: <li onclick="script('$data');">$data</li> The list is fetched and put onto the page via .html(). My problem occurs when $data has a single quote in it. backend.php passes the variable just fine to page.php but when i run html() it throws a javascript error (in IE, not FF obviously); ')' is expected IE parses the single quote and messes up the script()-call. I've been trying to rebuild the echoed string in different ways, escaping the 's on the php side and/or on the javascript side - but in vain. Do I have to review the script in total? page.php $.post("backend.php", {q: ""+str+""}, function(data) { if(data.length >0) { $('#results').html(data); } backend.php while ($row = $q->fetch()) { $city = $row['City']; // $city = addslashes($row['City']); // $city = str_replace("'","&#39;",$row['City']); echo "<li onclick=\"script('$city');\">".$city."</li>"; }

  Read the article

• Xdebug configuration with PHP fastcgi and eclipse?

  - by mac

  I have been using eclipse-pdt in conjunction with xdebug and apache without problems, for over one year. Things worked flawlessly and I could do all the interactive debugging I wanted from within eclipse (using my own machine as a server). Now I switched from apache to nginx (and therefore PHP runs now not as an Apache service but as fast-cgi) and I can't find a way to configure eclipse to work nicely with xdebug. I am neither sure if the problem is with xdebug or with eclipse (or both) to be sure. In the eclipse configuration I already changed the reference to the PHP configuration file to /etc/php5/cli/php.ini. Attempts with php.ini version 1 With the following php.ini file zend_extension=/usr/lib/php5/20060613/xdebug.so I see that xdebug is working (for example if I do a var_dump() I get the xdebug version of it, not the plain PHP one) I can't have the interactive debugging from eclipse: the browser opens up and loads the page completely with the typical URL containing ...?XDEBUG_SESSION_START=ECLIPSE_DBGP&KEY=..., but the program execution does not stop at breakpoints In the bottom-right corner of eclipse I see a suspicious message: *"Launching =put_the_name_of_my_project_here=: 57%"* that alternates with the "refreshing workspace" one. Attempts with php.ini version 2 If I use this other version of the file (which is what it worked until I switched to nginx): zend_extension=/usr/lib/php5/20060613/xdebug.so xdebug.remote_enable=On xdebug.remote_autostart=On xdebug.remote_handler=dbgp xdebug.remote_host=localhost xdebug.remote_port=9000 xdebug.remote_mode=req I can't access any page of my sites at all. Any help or suggestion appreciated, thank you in advance for your time! PS: Additional data on my machine: - OS: GNU/Linux - Ubuntu 9.10 64 bit. - PHP: 5.2.10-2ubuntu6.3 with Suhosin-Patch 0.9.7; Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies with Xdebug v2.0.4 - Eclipse: see screenshot.

  Read the article

• php claims my defined variable is undefined

  - by tedders

  My php is a little rusty but this is boggling my mind right now. I googled this and read all the stackoverflow questions I could find that looked related, but those all seemed to have legitimate undefined variables in them. That leads me to believe that mine is the same problem, but no amount of staring at the simple bit of code I have reduced this to seems to get me anywhere. Please someone give me my dunce cap and tell me what I did wrong! <?php //test for damn undefined variable error $msgs = ""; function add_msg($msg){ $msgs .= "<div>$msg</div>"; } function print_msgs(){ print $msgs; } add_msg("test"); add_msg("test2"); print_msgs(); ?> This gives me the following, maddening output: Notice: Undefined variable: msgs in C:\wamp\www\fgwl\php-lib\fgwlshared.php on line 7 Notice: Undefined variable: msgs in C:\wamp\www\fgwl\php-lib\fgwlshared.php on line 7 Notice: Undefined variable: msgs in C:\wamp\www\fgwl\php-lib\fgwlshared.php on line 10 Yes, this is supposed to be a shared file, but at the moment I have stripped it down to just what I pasted. Any ideas?

  Read the article

• Probably an easy one - PHP/CodeIgniter 'Undefined Variable'

  - by Jack W-H

  Morning y'all This is probably an easy one but I barely got any sleep last night and am struggling to comprehend anything. I've got a CodeIgniter library I've made called Points.php. Here's the contents of Points: <?php if (!defined('BASEPATH')) exit('No direct script access allowed'); class Points { function __construct() { $this->ci =& get_instance(); $this->ci->load->database(); } function getpoints($params) { echo $userid; } } /* End of file Points.php */ /* Location: ./application/libraries/Points.php */ ?> As you can see, I'm building it up slowly and it's being kept simple. In one of my views, I want it to display the number of 'points' (which for the time being is simply the third segment of the URI). I call it like this: <p>Points: <?php $params['user_id']=$this->uri->segment(3,1); echo $this->points->getpoints($params); ?></p> The warning I get back in the view is this: A PHP Error was encountered Severity: Notice Message: Undefined variable: userid Filename: libraries/Points.php Yes I know it's such a simple problem but I've tried lots of things. Some variations include echoing in Points.php $params['userid']; etc. But I don't see what I'm doing wrong? This is my first CodeIgniter class and I've fallen at the first step, haha...

  Read the article

• Problem calling Java from PHP script

  - by Jack

  I am working on windows. I am running PHP (5.1.3) scripts on Tomcat using PHP/Java bridge. Here is my simple code //test.php <?php require_once("java\Java.inc"); $systemInfo = new Java("Test"); print $systemInfo->foo(); ?> Test.class is in the same folder as test.php. But the php file is not able to locate the test class and I get the following error - Fatal error: Uncaught [[o:Exception]:"java.lang.Exception: CreateInstance failed: new Test. If I use a standard class like below. It works - <?php require_once("java\Java.inc"); $systemInfo = new Java("java.lang.System"); print "Total seconds since January 1, 1970: ".$systemInfo->currentTimeMillis(); ?> What should I do? 1)Should I copy my class to the standard location where all Java classes are kept. (What is this location?) 2) Do some changes in the php.ini file

  Read the article

• urlQuey and Security

  - by jasmine

  In url query with id I use is_numeric($_GET['id']) for security issues. But in query with for example category name, is urlencode() a right way for security? Thanks in advance.

  Read the article

• How can you become a competent web application security expert without breaking the law?

  - by hal10001

  I find this to be equivalent to undercover police officers who join a gang, do drugs and break the law as a last resort in order to enforce it. To be a competent security expert, I feel hacking has to be a constant hands-on effort. Yet, that requires finding exploits, testing them on live applications, and being able to demonstrate those exploits with confidence. For those that consider themselves "experts" in Web application security, what did you do to learn the art without actually breaking the law? Or, is this the gray area that nobody likes to talk about because you have to bend the law to its limits?

  Read the article

• replace string in preg_replace

  - by zahir hussain

  <?php $a="php.net s earch for in the all php.net sites this mirror only function list online documentation bug database Site News Archive All Changelogs just pear.php.net just pecl.php.net just talks.php.net general mailing list developer mailing list documentation mailing list What is PHP? PHP is a widely-used..."; ?> I want to highlight specific words. For example php, net and func: php.net s earch for in the all **php**.**net** sites this mirror only **func**tion list online documentation bug database Site News Archive All Changelogs just pear.**php**.**net** just pecl.**php**.**net** just talks.php.net general mailing list developer mailing list documentation mailing list What is **PHP**? **PHP** is a widely-used... Thanks advance.

  Read the article

• How do I get security updates for restricted/partner packages?

  - by laramichaels

  I want to perform just security updates on Ubuntu 12.04 LTS, keeping the rest of the system unchanged. I need to do this from the command line, no the GUI update manager. I have implemented the solution described here, which seems to work great for this purpose. I merely substituted 'precise' for 'lucid' given that I am on 12.04. My question is: by using apt pinning as described in that answer, will I still receive security updates for packages distributed through the "other" repositories - partner, restricted, multiverse, etc? Or will it only get me updates for the packages in the "core" distribution? thanks! ~l

  Read the article

• Help with php code - need to add condition to make one link https

  - by Kaskade

  Hi, I have a wordpress blog and I need to make one of the pages secure. I have been told to make the link to that page point to https://claimpage.html as opposed to http://claimpage.html. The problem is I don't actually create the menu that links the user to the individual pages. This is done automatically by the code in the background. I think I need to put in some sort of an IF statement, saying, if the title of the page is "claim now" then use https otherwise use http. I found this code in the header.php so I think my changes need to go in here but I'm not really sure what to do. <div id="navbar"> <ul class="menu"> <li class="<?php if ( is_home() ) { ?>current_page_item<?php } else { ?>page_item<?php } ?>"><a href="<?php echo get_settings('home'); ?>"><?php _e('Home'); ?></a></li> <?php wp_list_pages('sort_column=id&depth=1&title_li='); ?> <?php wp_register('<li>','</li>'); ?> </ul> </div> <!-- end of #navbar --> Any suggestions as to how I can make one page that I know the title and url or https while the others are kept using normal http? The site is hosted on a secure server so I do have an ssl certificate.

  Read the article

• Triggering PHP from ActiveMQ

  - by scompt.com

  Background: Our current system involves two services (one written in Java, the other in PHP) that communicate with each other using HTTP callbacks. We would like to migrate from HTTP callbacks to a message-based architecture using ActiveMQ (or another, if necessary). We'll probably use STOMP to communicate between them. Eventually, the PHP service will be rewritten in Java, but that's not part of this project. Question: How can the ActiveMQ system notify PHP that a new message has been posted to the queue that the PHP system is subscribed to? In the current system, the callback inherently calls into the PHP and triggers it. This goes away with a message-based architecture. Possible solutions: Cron regularly calls a PHP script that checks for new messages. yuck. A long-running PHP process that loops and sleeps and checks for new messages. less yuck? ActiveMQ calls a PHP script when a new message is posted. good, how? ??

  Read the article

• nested foreach in PHP problem

  - by Neuquino

  I'm having problems to iterate twice on the same array: <? $indice=0 ?> <?php foreach ($comisiones as $comision1):?> <tr> <td><?php echo ++$indice ?></td> <td><?php echo tag('select',array('name'=>'comision_'.$indice),true)?> <?php foreach ($comisiones as $comision2):?> <option value="<?php echo $comision2->getId()?>"> <?php echo $comision2->getNombre()." - ".$comision2->getDescripcion()?> </option> <?php endforeach?> </select> </td> </tr> <?php endforeach?> The above code prints: And I'm expecting to see something like this (labels of the combos in the images are not the same, but I think the idea is clear): Thanks in advance

  Read the article

• PHP Parse Error Help Needed

  - by adcmarti

  I am receiving this PHP parse error on the last line of this php file. What am I missing? Here is the last 15 lines or so. <div id="footer"> <br /> <p><b>Member Total:</b><?php echo $database->getNumMembers(); ?> <br>There are <?php echo $database->num_active_users; ?> registered members and <?php $database->num_active_guests; ?> guests viewing the site.<br><br> <?php include("include/view_active.php"); ?> </p> </div><!-- #footer --> <? } ?> </div><!-- #main --> <?php include("_footer.html"); ?> Any help would be appreciated. Thank you!

  Read the article

• Does mod_php honor HEAD requests properly?

  - by rkulla

  The HTTP/1.1 RFC stipulates "The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response." I know Apache honors the RFC but modules don't have to. My question is, does mod_php5 honor this? The reason I ask is because I just came across an article saying that PHP developers should check this themselves with: if (stripos($_SERVER['REQUEST_METHOD'], 'HEAD') !== FALSE) { exit(); } but seeing as how browsers send HEAD requests for cache checking it seems unlikely to me that no book, docs, etc., advise PHP developers to do this check. I googled a second and not much turned up, other than some people saying they try to strange things like mod_rewrite/redirect after getting HEAD requests and some old bug ticket from like 2002 claiming that mod_php still executed the rest of the script by default. So I just ran a quick test by using PECL::HTTP to run http_head('http://mysite.com/test-head-request.php'); while having: <?php error_log('REST OF SCRIPT STILL RAN'); ?> in test-head-request.php to see if the rest of the script still executed, and it didn't. I figure that should be enough to settle it, but want to get more feedback and maybe help clear up confusion for anyone else who has wondered about this. So if anyone knows off the top of their head (no pun intended) - or have any conventions they use for receiving HEAD requests, that'd be great. Otherwise, I'll grep the C source later and respond in a comment with my findings. Thanks.

  Read the article

< Previous Page | 76 77 78 79 80 81 82 83 84 85 86 87  | Next Page >