Search Results

Search found 88705 results on 3549 pages for 'web application security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 90/3549 | < Previous Page | 86 87 88 89 90 91 92 93 94 95 96 97  | Next Page >

  • PageMethods security

    - by TenaciousImpy
    Hi, I'm trying to 'AJAX-ify' my site in order to improve the UI experience. In terms of performance, I'm also trying to get rid of the UpdatePanel. I've come across a great article over at Encosia showing a way of posting using PageMethods. My question is, how secure are page methods in a production environment? Being public, can anyone create a JSON script to POST directly to the server, or are there cross-domain checks taking place? My PageMethods would also write the data into the database (after filtering). I'm using Forms Authentication in my pages and, on page load, it redirects unauthenticated users to the login page. Would the Page Methods on this page also need to check authentication if the user POSTs directly to the method, or is that authentication inherited for the entire page? (Essentially, does the entire page cycle occur even if a user has managed to post only to the PageMethod)? Thanks

    Read the article

  • firefox extension security issue

    - by rep_movsd
    I'm writing a firefox addon that logs certain user activity and displays some statistics on a webpage. When the page is opened, the page sends an event to the addon. The addon adds data to the page and sends an event back, and the page refreshes the statistics. Now how do I ensure that the extension only puts the (sensitive) data on the right page and not some other malicious one? Thanks V

    Read the article

  • Python: Dennis Nedry - Security

    - by Peter Nielsen
    Has anyone seen Jurrassic Park where Dennis Nedry has protected the system with an animation that says 'You didn't say the magic word' where after the system goes down. Is it possible to do something similar ikn Python ? To describe it less humoristic: A response screen which waits for a condition fulfilled by the user. And encrypts and locks the system after a certain time. Is that possible on a linux system by the use of Python ?

    Read the article

  • How to Package and Deploy Eclipse Java Application

    - by Rick
    Before I begin, I'm new to eclipse, please keep that in mind when replying. :) Here is the situation, I have built an java application that has some dependencies (~10 of them). I would like to easily package this application up and deploy it as a single file to a CD or usb drive. My question is there doesn't seem to be any "nice" wizard to search the project, grab the dependencies and setup the classpath on the target computer. Seems to me I have to do this manually. Is there a better way. Something simple, easy and straight forward. A link to a tutorial on this would be great. Seems to me that this should be a built-in feature to eclipse. Deployment of a web application seems easy enough, but not a java application. Thanks!

    Read the article

  • Hacking your own application

    - by instigator
    I am a web developer that is very conscious of security and try and make my web applications as secure as possible. How ever I have started writing my own windows applications in C# and when it comes testing the security of my C# application, I am really only a novice. Just wondering if anyone has any good tutorials/readme's on how to hack your own windows application and writing secure code.

    Read the article

  • Asp.net Security: IIdentity.IsAuthenticated default implementation.

    - by Pickels
    Hello Stackoverflowers, I am writing my own custom Identity class which implements IIdentity. I don't need to change the default method IsAuthenticated but so now I was wondering how does the default IIdentity determines if it should return true or false? I thought to find the answer in the FormsAuthenticationTicket I am using but not sure if that is correct. Thanks in advance, Pickels

    Read the article

  • Thoughts on security model to store credit card details

    - by Faisal Abid
    Here is the model we are using to store the CC details how secure does this look? All our information is encrypted using public key encryption and the keypair is user dependent (its generated on the server and the private key is symmetric encrypted using the users password which is also Hashed on the database) So basically on first run the user sends in his password via a SSL connection and the password is used with the addition of salt to generate an MD5 hash, also the password is used to encrypt the private key and the private key is stored on the server. When the user wants to make a payment, he sends his password. The password decrypts the private key, and the private key decrypts the CC details and the CC details are charged.

    Read the article

  • Quick question about PayPal IPN Security

    - by Alix Axel
    PayPal IPN sends a POST request with a variable number of fields to the notify URL, in order to confirm that the POST request is legit we need to resubmit the same request along with a additional cmd=_notify-validate field to PayPal, which then replies SUCCESS or FAILURE. My question is, why do we need to resend the request to PayPal? Wouldn't something like this work? if (preg_match('~^(?:.+[.])?paypal[.]com$~i', gethostbyaddr($_SERVER['REQUEST_ADDR'])) > 0) { // request came from PayPal, it's legit. } Iff we can trust the server to correctly resolve IPs, I assume we can trust PayPal POST requests, no?

    Read the article

  • Spring Security: Authentication returns null

    - by Mike
    Hi! I implemented FilterInvocationSecurityMetadataSource. in getAttribute, i am trying to extract the Authentication object to achieve the user and get his allowed views from the database:Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); but the authentication is null! why? how can i achieve it?

    Read the article

  • application packaging

    - by user285825
    The application packaging (software deliverables) is a vague concept to me. I worked in web application before so all I know how to prepare the deliverables ie WAR and then put them into the servlet container and rest of this being taken care of. But when considering other java or c++-based application (.exe or .class) how to prepare the package? What should be considered for preparation of the package and deployment of the application? Like I understand there should be some entries made into the windows registry or some libraries to be put in /usr/bin directory and so on. And during the development phase the execution and testing is done in more informal manner like writing some shell script or so on. But the deployment scenario is a more formal thing. As I said I have only the idea of deploying web applications I am not much knowledgeable in the other areas. Are there any kind of conventions like there are conventions for documentations like javadoc or doxygen/man pages? Application packaging is not that sort of a thing that there are much discussion on books or online materials. This is very disappointing.

    Read the article

  • Android Application Icon Change

    - by soclose
    Hi, Is it possible to change the android application icon at run time? I've read through Changing the application icon text dynamically in Android and How can i change an application icon programmatically in Android?. All answered can't. I use Android 1.6. Is there any way?

    Read the article

  • Security implications of writing files using PHP

    - by susmits
    I'm currently trying to create a CMS using PHP, purely in the interest of education. I want the administrators to be able to create content, which will be parsed and saved on the server storage in pure HTML form to avoid the overhead that executing PHP script would incur. Unfortunately, I could only think of a few ways of doing so: Setting write permission on every directory where the CMS should want to write a file. This sounds like quite a bad idea. Setting write permissions on a single cached directory. A PHP script could then include or fopen/fread/echo the content from a file in the cached directory at request-time. This could perhaps be carried out in a Mediawiki-esque fashion: something like index.php?page=xyz could read and echo content from cached/xyz.html at runtime. However, I'll need to ensure the sanity of $_GET['page'] to prevent nasty variations like index.php?page=http://www.bad-site.org/malicious-script.js. I'm personally not too thrilled by the second idea, but the first one sounds very insecure. Could someone please suggest a good way of getting this done?

    Read the article

  • why develop in windows/desktop application?

    - by Alexander
    Just wondering what your comments are regarding the current trend as everything is moving to the web or even the cloud. The significance of an OS or desktop application is getting less attention than web application. So to those folks out there who still develop windows applications, such as WPF. Why still do it? Why not move to web programming? Silverlight instead for example...

    Read the article

  • Best Practices / Patterns for Enterprise Protection/Remediation of SSNs (Social Security Numbers)

    - by Erik Neu
    I am interested in hearing about enterprise solutions for SSN handling. (I looked pretty hard for any pre-existing post on SO, including reviewing the terriffic SO automated "Related Questions" list, and did not find anything, so hopefully this is not a repeat.) First, I think it is important to enumerate the reasons systems/databases use SSNs: (note—these are reasons for de facto current state—I understand that many of them are not good reasons) Required for Interaction with External Entities. This is the most valid case—where external entities your system interfaces with require an SSN. This would typically be government, tax and financial. SSN is used to ensure system-wide uniqueness. SSN has become the default foreign key used internally within the enterprise, to perform cross-system joins. SSN is used for user authentication (e.g., log-on) The enterprise solution that seems optimum to me is to create a single SSN repository that is accessed by all applications needing to look up SSN info. This repository substitutes a globally unique, random 9-digit number (ASN) for the true SSN. I see many benefits to this approach. First of all, it is obviously highly backwards-compatible—all your systems "just" have to go through a major, synchronized, one-time data-cleansing exercise, where they replace the real SSN with the alternate ASN. Also, it is centralized, so it minimizes the scope for inspection and compliance. (Obviously, as a negative, it also creates a single point of failure.) This approach would solve issues 2 and 3, without ever requiring lookups to get the real SSN. For issue #1, authorized systems could provide an ASN, and be returned the real SSN. This would of course be done over secure connections, and the requesting systems would never persist the full SSN. Also, if the requesting system only needs the last 4 digits of the SSN, then that is all that would ever be passed. Issue #4 could be handled the same way as issue #1, though obviously the best thing would be to move away from having users supply an SSN for log-on. There are a couple of papers on this: UC Berkely: http://bit.ly/bdZPjQ Oracle Vault: bit.ly/cikbi1

    Read the article

  • What is application and process?

    - by Lu Lu
    An application consists of one or more processes. A process, in the simplest terms, is an executing program. One or more threads run in the context of the process. A thread is the basic unit to which the operating system allocates processor time. A thread can execute any part of the process code, including parts currently being executed by another thread. Source: http://msdn.microsoft.com/en-us/library/ms684841%28VS.85%29.aspx I understand about thread, but I can't distinguish between application & process. What is application? What is process? How do an application have more than 1 process? And please give me an example in C#. Thanks.

    Read the article

  • Uploading PDF or .doc and security

    - by Kamo
    I have a script that lets the user upload text files (PDF or doc) to the server, then the plan is to convert them to raw text. But until the file is converted, it's in its raw format, which makes me worried about viruses and all kinds of nasty things. Any ideas what I need to do to minimize the risk of these unknown files. How to check if it's clean, or if it's even the format it claims to be and that it does not crash the server.

    Read the article

  • PHP Form Security With Referer

    - by Jascha
    I'm putting together a site that will make itself available for user input. I was wondering if writing a function like: if(getenv("HTTP_REFERER") != 'http://www.myURL.com/submitArea'){ die('don\'t be an jerk, ruin your own site'); }else{ // continue with form processing } is enough to prevent cross site form submissions.

    Read the article

  • Cloud security and privacy

    - by Rakesh K
    Hi, I have a very basic doubt regarding cloud computing that is catching up pretty fast these days. To my understanding, cloud computing is a paradigm in which companies put up their data and applications on somebody else's machines aka 'The Cloud'. I want to know just how secure is it to put up my data on some third party machines, especially if my data contains private details. In particular, how can an enterprise trust the cloud computing service providers in this data privacy aspect? Thanks, rakesh.

    Read the article

  • running .net application over a network

    - by Marlon
    Hello, I need some advice please. I need to enable a .Net application to run over a network share, the problem is that this will be on clients network shares and so the path will not be identical. I've had a quick look at ClickOnce and the publish options in VS2008 but it wants a specific network share location - and I'm assuming this location gets stored somewhere when it does its thing. At the moment the job is being done with a old VB6 application and so gets around all these security issues, but that application is poorly written and almost impossible to maintain so it really needs to go. Is it possible for the domain controller to be set up to allow this specific .Net application to execute? Any other options would be welcomed as I want to get this little application is very business critical. I aught to say that the client networks are schools, and thus are often quite locked down as are the client machines, so manually adding exceptions to each client machine is a big no no. Marlon --Edit-- Apologies, I forgot to mention we're restricted to .net 2.0 for the moment, we are planning to upgrade this to 4.0 but that won't be immediate.

    Read the article

  • SSRS 2008 Snapshotting Security

    - by Holy Christ
    Hi, I'm writing a report that will show data based on the User!UserID built into the SSRS infrastructure. The data is sensitive to the user's department. In addition to these department users, there will be admins that should be able to run for all departments, or have a report parameter to run for a specific department. Ideally, I'd like to use SSRS snapshotting so that users can rerun a report they ran on a previous date. It's important that a user can only view the snapshots he created for his department. My questions are: 1.) Does SSRS snapshotting provide a mechanism to limit viewing snapshots by the user that created them? 2.) Will I need to write two reports, one for the admin and one for the department users? I think I do since there isn't a way to secure report parameters. Thanks!

    Read the article

  • Windows Server TCP Client application in c# Stops working after a while

    - by user1692494
    I am developping an application in C# Net framework 2.0. It is basicly a service application with a tcp client class. Class for Tcp Client Part public TelnetConnection(string Hostname, int Port) { host = Hostname; prt = Port; try { tcpSocket = new TcpClient(Hostname, Port); } catch (Exception e) { //Console.WriteLine(e.Message); } } The application is connecting to the server and revieves update's and more information. It works for about 20 minutes then stops recieving information from the server. -- Server side Client is still connected and the client side its still connected but stops receiving information from the server. I've been searching Stack Overflow and Google but no luck. try { if (!tcpSocket.Connected) return null; StringBuilder sb = new StringBuilder(); do { Parse(sb); System.Threading.Thread.Sleep(TimeOutMs); } while (tcpSocket.Available > 0); return sb.ToString(); } Application works perfect when it runs as console application but when running as service. It just stops.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 86 87 88 89 90 91 92 93 94 95 96 97  | Next Page >