software security - Page 853

PHP complete sample website source

- by MarceloRamires

I'm new to PHP, and it appears that the way I learn the fastest is to study a new language a well developed complete program (or website, in this case) changing stuff seeing what happens and consulting books. There are lots of recommendations of books all around, and that's pretty much covered. I'd like to find the sourcecode of a website. Either a well known, well developed open-source website, or a sample sourcecode of a complete website (maybe one used in a book or something). Everyone says they should find the way they learn better.. Well, that's mine. PS.: By complete I mean having several common functionalities (such as login), database connection, use of security conventions, maybe a popular framework, and being up-to-date.

Read the article

Templating Engine Pros and Cons with Zend Framework

- by manyxcxi

I am getting familiar with Zend Framework (and MVC with PHP in general) for a personal project. I have previous experience with Smarty and have no major gripes with it, but I would like to use this project as a good in-depth learning exercise. Those of you familiar with different templating engines and ZF: Do you believe there are better templating engines than Smarty in conjunction with ZF and why? I would like to apply what I learn to the real world and production environments. The personal project will be fairly robust. User management, sessions, security, database interaction, form input, jQuery, etc.

Read the article

What keying option does the keychain use?

- by Rudiger

I have read into the keychain and have found that it uses Triple DES. What I can't find is what keying option it uses. I am guessing / hoping that its keying option 1 where all 3 passwords are unique but if thats the case I can only think of two passwords it can use (user password and App ID that comes from your dev cert) so where is the third coming from? Is it a key private to Apple? If its keying option 2 (first and third key are the same) it might not be secure enough for our company to rely on. Although that might sound paranoid I have to justify to our security department that it is secure enough.

Read the article

SQL Server Agent 2005 job runs but no output

- by alimack

Essentially I have a job which runs in BIDS and as as a stand lone package and while it runs under the SQL Server Agent it doesn't complete properly (no error messages though). The job steps are: 1) Delete all rows from table; 2) Use For each loop to fill up table from Excel spreasheets; 3) Clean up table. I've tried this [MS page][1] (steps 1 & 2), didn't see any need to start changing from Server side security. Also SQLServerCentral.com for [this page][2], no resolution. How can I get error logging or a fix? Note I've reposted this from Server Fault as it's one of those questions that's not pure admin or programming. I have logged in as the proxy account I'm running this under, and the job runs stand alone but complains that the Excel tables are empty?

Read the article

how to initialize spring bean from database

- by wavelet

hi,i use spring security and my config is in database: <sec:http auto-config="true" entry-point-ref="casProcessingFilterEntryPoint"> <sec:remember-me /> <sec:session-management> <sec:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" /> </sec:session-management> <sec:logout logout-success-url="${host.url}/logout/" /> <sec:custom-filter ref="casAuthenticationFilter" after="CAS_FILTER" /> <sec:custom-filter ref="filterInvocationInterceptor" before="FILTER_SECURITY_INTERCEPTOR" /> </sec:http> like ${host.url} is in database how can i initialize ?

Read the article

SBT equivalent of Ant target

- by adelbertc

What is the SBT equivalent (if any) of Ant targets? For example, a snippet in a build.xml file for Ant would be: <target name="runClient" description="run client"> <java classname="client.Client" fork="true"> <jvmarg value="-Djava.rmi.server.codebase=${client_web_codebase}"/> <jvmarg value="-Djava.security.policy=policy"/> <arg value="localhost"/> <classpath> <pathelement location="dist/client.jar"/> </classpath> </java> </target> And then I would do something like ant runClient to launch the application "client.Client" with the jvmargs specified in the XML.. is there an SBT equivalent, or a way for SBT to hook into Ant to do this?

Read the article

if isset PHP not working?

- by Ellie

Okay, Im trying to set a captcha up, However with this code in, it breaks. if(isset($_POST["captcha"])) if($_SESSION["captcha"]==$_POST["captcha"]) When i do it with out it, the page works, but the captcha is letting incorrect submits through. Parse error: syntax error, unexpected '"', expecting T_STRING or T_VARIABLE or T_NUM_STRING in /hermes/waloraweb085/b2027/moo.lutarinet/jointest.php on line 71 <?php $pagetitle = "Home"; $checkrank = 0; include ($_SERVER['DOCUMENT_ROOT'].'/header.inc.php'); ECHO <<<END <br><br> <b><center><i><u>DO NOT</u> USE YOUR NEOPETS PASSWORD OR PIN NUMBER!!!</b></i></center> <p> ?> <?php session_start() ?> <center><P><FORM ACTION="join.pro.php" enctype="multipart/form-data" METHOD=POST> <table width="393" height="188" border="0" cellpadding="0" cellspacing="0"> <td width="150">Username</td> <td width="243"><input type=text name="name" value="" size=32 maxlength=15></td> </tr> <tr> <td>Password</td> <td><input type=password name="pass1" VALUE="" maxlength=15></td> </tr> <tr> <td>Confirm Password</td> <td><input type=password name="pass2" VALUE="" size=32 maxlength=15></td> </tr> <tr> <td>Security Code (4 Diget Number)</td> <td><input type=password name="security" VALUE="" size=32 maxlength=4></td> </tr> <tr> <td>Email Address</td> <td><INPUT TYPE=text NAME="email" VALUE="" SIZE=32 maxlength=100></td> </tr> <tr> <td height="41" colspan="2" valign="middle"><p><p><center> By registering an account here you agree to all of our <A HREF="$baseurl/tos.php">Terms and Conditions</A>. You can also view our <A HREF="$baseurl/privacy.php">Privacy Policy</A>. </center></p></td> </tr> <tr><td align="center">CAPTCHA:<br> (antispam code, 3 black symbols)<br> <table><tr><td><img src="captcha.php" alt="captcha image"></td><td><input type="text" name="captcha" size="3" maxlength="3"></td></tr></table> </td></tr> <td height="27" colspan="2" valign="middle"> <center><input type=submit name=Submit value="Register"></center> </td> </table> </form> <?php if(isset($_POST["captcha"])) if($_SESSION["captcha"]==$_POST["captcha"]) { //CAPTHCA is valid; proceed the message: save to database, send by e-mail ... echo 'CAPTHCA is valid; proceed the message'; } else { echo 'CAPTHCA is not valid; ignore submission'; } ?> <?php END; include ($_SERVER['DOCUMENT_ROOT'].'/footer.inc.php'); ?> captcha.php <?php session_start(); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); function _generateRandom($length=6) { $_rand_src = array( array(48,57) //digits , array(97,122) //lowercase chars // , array(65,90) //uppercase chars ); srand ((double) microtime() * 1000000); $random_string = ""; for($i=0;$i<$length;$i++){ $i1=rand(0,sizeof($_rand_src)-1); $random_string .= chr(rand($_rand_src[$i1][0],$_rand_src[$i1][1])); } return $random_string; } $im = @imagecreatefromjpeg("http://sketchedneo.com/images/sitedesigns/captcha.jpg"); $rand = _generateRandom(3); $_SESSION['captcha'] = $rand; ImageString($im, 5, 2, 2, $rand[0]." ".$rand[1]." ".$rand[2]." ", ImageColorAllocate ($im, 0, 0, 0)); $rand = _generateRandom(3); ImageString($im, 5, 2, 2, " ".$rand[0]." ".$rand[1]." ".$rand[2], ImageColorAllocate ($im, 255, 0, 0)); Header ('Content-type: image/jpeg'); imagejpeg($im,NULL,100); ImageDestroy($im); ?> Help please anyone? Line 71: if(isset($_POST["captcha"])) Line 72: if($_SESSION["captcha"]==$_POST["captcha"])

Read the article

Creating java executable using JNI ?

- by Xinus

I am trying to create executable under windows platform for Java program using JNI ,C/C++ and invocation API, I have already created jar file for my program which includes all dependencies. I want to embed it in exe file, I was successful in running simple main class(present in file system) using JNI invocation API, I am planning to add jar file as resource in C/C++ program. But I don't know how do I run that jar file , One option is create temporary jar file on file system and run it using java, But I do not want to expose my jar file to everyone for security reasons, How can I run serialized jar file on the fly using JNI ?

Read the article

At what point should I change the way Struts acquires the session token?

- by Hanno Fietz

It seems I have to find a different way to transmit the session token from a Flex client to a Struts backend without using cookies. If I were to put the session token in the payload of a request, at what point would I have to customize Struts' behaviour so that I can reuse as much of the existing session handling as possible? In particular, I don't want to reimplement whatever security measures (such as tying a token to an IP) and configuration parameters (such as session expiration interval). There's a CreateSession interceptor, rather early in the default stack, should I swap that with a subclassed version?

Read the article

ASP.NET AJAX or jQuery (UpdatePanel/ScriptManager or UFrame/jQuery.ajax)

- by Mark Redman

Hi, We use the asp.net UpdatePanel and the ScriptManager/ScriptManagerProxy for ajax related functionality; reducing full page refreshes and calling WCF Services respectively. we also use jQuery and plugins for some parts of the UI. We have had some issues with javascript library related conflicts, but have come across some posts indicating that there is a lot more overhead using the UpdatePanel. I have found some limited reference to UFrame: http://www.codeproject.com/KB/aspnet/uframe.aspx www.codeplex.com/uframe Is this a commercially viable replacement for the asp.net UpdatePanel? We use a ScriptManagerProxy to reference WCF services and easily create and use a proxy to call the various WCF service methods. Would using jQuery ajax be a more efficient solution here? We have got this working well on various browsers but now seem to be getting some security related issues (as seen in FF Firebug: Access to restricted URI denied" code: "1012) which seem to have started since using jQuery a lot more. Is it possible/viable to not use ASP.NET Ajax at all?

Read the article

App logicstics & changes due to scope creep

- by Kevin Brown

I started an app that was initially a testing platform--user management, and managers that can view their employees tests. Recently, functionality has been extended (not built yet) to allow users to complete a test in place of an employee--basically adding a record, but no user. I have three tables in use for this: users(contains user info for login/security), profiles (all personal info: address, height, etc.), and survey (contains survey answers for user). How do I extend my application to encompass this functionality with minimal change to the structure? I assume that the best way to do this would be to insert records to the tables profiles and survey, and have no username/password/email? There MUST be a user_id associated b/c the tables are linked through the user_ids...

Read the article

How to access File over the Network

- by Polo

Hi! I am having a hard time on this one, I have a folder over the network with public access (no credential restriction). I am trying to do a File.Exist or Directory.Exist and I keep on having a exception. Can someone tell me the good way to do IO over the network. EDIT 1 FOR DETAILS: if i do execture = \agoodip\Public\test.txt I get the file etc etc In my code it look like a basic Directory.Exist(@"\\agoodip\Public") or File.exist(@"\\agoodip\Public\test.txt") The exception I get is Path not found. EDIT 2 : I am using Silverlight 3, Is there any security pattern to be aware of to lookup file on the network? Thanks!

Read the article

How do I sign a HTTP request with a X.509 certificate in Java?

- by Rune

How do I perform an HTTP request and sign it with a X.509 certificate using Java? I usually program in C#. Now, what I would like to do is something similar to the following, only in Java: private HttpWebRequest CreateRequest(Uri uri, X509Certificate2 cert) { HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(uri); request.ClientCertificates.Add(cert); /* ... */ return request; } In Java I have created a java.security.cert.X509Certificate instance but I cannot figure out how to associate it to a HTTP request. I can create a HTTP request using a java.net.URL instance, but I don't seem to be able to associate my certificate with that instance (and I'm not sure whether using java.net.URL is even appropriate).

Read the article

Are there built-in issue tracking and task management in IDEs that integrate into SourceForge, Googl

- by Kai Sellgren

Hi, This question may not be exactly programming related, but this is about development. I have been trying to find IDEs that support JIRA/Bugzilla so that I could simply integrate the IDE with SourceForge. I do not like to refresh my browser to see issues, bug reports, security problems, etc. I would like to send issues, resolve issues, right from the IDE. I am currently developing with NetBeans, but I see no ways of integrating into any of the services provided by SourceForge. Am I missing something?

Read the article

Implementing a 'Send Feedback' feature in a Java desktop application

- by William

I would like to implement a 'Send Feedback' option in a Java desktop application. One which will pop up a box for the user to enter a comment, then send it to us along with a screenshot of the application window. How would be the best way to communicate the data to us? Two obvious solutions spring to mind: Email - I'm thinking that the application would connect to an SMTP server set-up by us, with the username/password somehow hidden in the code. SMTP over SSL for security (not of the data being sent, but of the SMTP username/password). Web service - pretty self explanatory. Which of these would be best, or is there a better alternative?

Read the article

What goes between SQL Server and Client?

- by worlds-apart89

This question is an updated version of a previous question I have asked on here. I am new to client-server model with SQL Server as the relational database. I have read that public access to SQL Server is not secure. If direct access to the database is not a good practice, then what kind of layer should be placed between the server and the client? Note that I have a desktop application that will serve as the client and a remote SQL Server database that will provide data to the client. The client will input their username and password in order to see their data. I have heard of terms like VPN, ISA, TMG, Terminal Services, proxy server, and so on. I need a fast and secure n-tier architecture. P.S. I have heard of web services in front of the database. Can I use WCF to retrieve, update, insert data? Would it be a good approach in terms of security and performance?

Read the article

Accessing Securised Web Service

- by Xstahef

Hi, I need to connect to a provider's web service with a Windows Form application. He gives me a certificate to access it but I have a security problem. I have done these following steps : Add certificate to personal store (on IE & Firefox) Generate a proxy with the remote wsdl (no problem) Use this code to call a method : `using (service1.MessagesService m = new service1.MessagesService()) { X509Certificate crt = new X509Certificate(@"C:\OpenSSL\bin\thecert.p12",string.Empty); m.ClientCertificates.Add(crt); var result = m.AuthoriseTransaction(aut); this.textBox1.AppendText(result.id.ToString()); }` I have the following error : The underlying connection was closed: Could not establish trust relationship for the channel SSL / TLS. Thanks for your help

Read the article

Why to store username and password in Keychain in iPhone app

- by Suriya

I have worked with NSUserDefault but this keychain concept is totally new for me. I have tried looking for similar Questions but couldn't find the exact reason to do so. What I have done: I already know how to store data in NSUserDefault. and also the reason why do we need to store it. Regarding Keychain I just know that storing in keychain stores the data with some extra security by encoding the original text while NSUserDefault stores the data as plain text. Is this the only reason for storing the data in keychain?

Read the article

RewriteCond to change displayed host, but not server

- by coneybeare

Typing out the title to this leads me to believe this might not be possible due to security concerns, but I will ask anyway. I have shortcode support running on my server, lets call it xx.yy I want it so when a user sends a request to xx.yy, it just changes the displayed host to another valid domain running on the same box. I have this so far (lets the server know to accept requests from xx.yy): RewriteCond %{HTTP_HOST} ^.*xx.yy [NC] RewriteRule ^/(.*)$ http://127.0.0.1:<PORT_OMITTED>%{REQUEST_URI} [P,QSA,L] RewriteCond %{HTTP_HOST} ^.*mysite.com [NC] RewriteRule ^/(.*)$ http://127.0.0.1:<PORT_OMITTED>%{REQUEST_URI} [P,QSA,L] It works, and it directs the traffic into my app, but the url says http://xx.yy when I would rather it say http://mysite.com I know i could redirect to http://mysite.com instead of 127.0.0.1, but I have 4 parallel boxes of mysite.com and going back out to DNS to maybe go to another box seems like a waste when I am already here. Also, I am not sure how POST requests would work like that. What can I do?

Read the article

bluetooth emulators/simulators

- by scatman

what are the best bluetooth emulators/simulators? i have a project for the security course, and i chose bluetooth as my topic. so i need to create encryption algorithms using a bluetooth simulator and test them. i have already searched for the best emulaters, and the results were google anroid, and NS2. is there any emulator better? the languages i prefer to program with are c , c++ , and c# java is also not a problem but i prefer any of the above languages.

Read the article

Need an Asp.net MVC Application solution

- by Daoming Yang

I have implemented a small ordering and stock control system (for internal using) with the MVC 2 framework. Now my friends, they want to have a website to present the existing products for their customers. I know, I know they will ask me to do this one day. So in the beginning, I have made the controller name to start with "Admin". But now I am not sure the best way to implement their requirements. Could you advise me? 1.For the security reason, I did not allowed anonymous user to access the website a part from the CSS and image files. My question is the controllers' name are not folders' name, how could I set this up? 2.I'm planning to put the admin section into an "area" and will it be a good way to go? Can anyone provide me some suggestions. Many thanks.

Read the article

hash password in SQL Server (asp.net)

- by ile

Is this how hashed password stored in SQL Server should look like? This is function I use to hash password (I found it in some tutorial) public string EncryptPassword(string password) { //we use codepage 1252 because that is what sql server uses byte[] pwdBytes = Encoding.GetEncoding(1252).GetBytes(password); byte[] hashBytes = System.Security.Cryptography.MD5.Create().ComputeHash(pwdBytes); return Encoding.GetEncoding(1252).GetString(hashBytes); } EDIT I tried to use sha-1 and now strings seem to look like as they are suppose to: public string EncryptPassword(string password) { return FormsAuthentication.HashPasswordForStoringInConfigFile(password, "sha1"); } // example output: 39A43BDB7827112409EFED3473F804E9E01DB4A8 Result from the image above looks like broken string, but this sha-1 looks normal.... Will this be secure enough?

Read the article

anonymous access disabled but...

- by Melody Friedenthal

My web app (asp VB 2005) uses Windows authentication. If the user isn't part of a specific AD security group they don't get to edit the data; instead I redirect the user to a read-only page. The program works fine in the IDE. I published the web app to my laptop and Disabled anonymous access. When I ran the program I got redirected to the read-only page. I added a write event to the application event log to see what was going on, and found that the WindowsPrincipal.Identity.Name contained my laptop's ID, not my user name. I reassert: anonymous access is disabled in IIS and the web.config file has Windows Authentication. Can anyone suggest what else to check? Or can you explain what's going on?

Read the article

getRequestProperty("Authorization") always returns null

- by Thilo

I am trying to read the authorization header for an HTTP request (because I need to add something to it), but I always get null for the header value. Other headers work fine. public void testAuth() throws MalformedURLException, IOException{ URLConnection request = new URL("http://google.com").openConnection(); request.setRequestProperty("Authorization", "MyHeader"); request.setRequestProperty("Stackoverflow", "anotherHeader"); // works fine assertEquals("anotherHeader", request.getRequestProperty("Stackoverflow")); // Auth header returns null assertEquals("MyHeader", request.getRequestProperty("Authorization")); } Am I doing something wrong? Is this a "security" feature? Is there a way to make this work with URLConnection, or do I need to use another HTTP client library?

Read the article

Does CAS Support Application Level Impersonation?

- by Rob Wilkerson

I have a PHP application that is successfully authenticating against a CAS server. One of the features supported by the application is impersonation; a user with the appropriate privileges can impersonate another of the application. Generally, this isn't a problem because the app itself can keep track of who the user is impersonating and manage privileges (which are based on username). A new requirement has come up, though, that requires the original app to include, via an iframe, content from a second PHP app that is also CAS-enabled. Somehow, I need for the second app to know whether impersonation is happening in the first. I don't want to pass usernames around for security reasons, so I'm wondering whether I can offload the responsibility for handling impersonation to the CAS server which is shared by both apps. Thanks.

Search Results

Search found 30819 results on 1233 pages for 'software security'.

Page 853/1233 | < Previous Page | 849 850 851 852 853 854 855 856 857 858 859 860 | Next Page >

- by MarceloRamires

- by manyxcxi

- by Rudiger

- by alimack

- by wavelet

- by adelbertc

- by Ellie

- by Xinus

- by Hanno Fietz

- by Mark Redman

- by Kevin Brown

- by Polo

- by Rune

- by Kai Sellgren

- by William

- by worlds-apart89

- by Xstahef

- by Suriya

- by coneybeare

- by scatman

- by Daoming Yang

- by ile

- by Melody Friedenthal

- by Thilo

- by Rob Wilkerson

< Previous Page | 849 850 851 852 853 854 855 856 857 858 859 860 | Next Page >