Search Results

Search found 88705 results on 3549 pages for 'web application security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 91/3549 | < Previous Page | 87 88 89 90 91 92 93 94 95 96 97 98  | Next Page >

  • Multiple login locations for an online app.

    - by Goro
    Hello, I am working on a browser based application that will have many users. The catch is that every user should have their own customized login page, but the actual application is the same for everyone, and needs to be in a central location. What is the most secure way of doing this? Would it make more sense to have a copy of the application for each user, and keep the database centralized? The projected number of users is not very high, probably around 20-80. Thank you,

    Read the article

  • ColdFusion Security

    - by Andrew
    What are the best practices for securing a coldfusion webpage from malicious users? (including, but not limited to, sql injection attacks) Is cfqueryparam enough?

    Read the article

  • Naming my application in android

    - by Sephy
    Hi, I think i'm getting senile because I was convinced that to give a name to your application, you had to fill this part of the manifest : <application android:icon="@drawable/icon" android:label="MyApplicationName"> However for a reason I don't understand, my application gets the name of my first activity, in which I load data, henceforce, It is called "Loading"...(defined as follows in the manifest) <activity android:name="AccueilSplash" android:label="Loading"> Any idea why that is?

    Read the article

  • Lisp data security/validation

    - by Wayne Werner
    This is really just a conceptual question for me at this point. In Lisp, programs are data and data are programs. The REPL does exactly that - reads and then evaluates. So how does one go about getting input from the user in a secure way? Obviously it's possible - I mean viaweb - now Yahoo!Stores is pretty secure, so how is it done?

    Read the article

  • Solr security question

    - by Camran
    I have a linux server, and I am about to upload a classifieds website to it. The website is php based. That means php code adds/removes classifieds, with the help of the users offcourse. The php-code then adds/removes a classified to a database index called Solr (like MySql). Problem is that anybody can currently access the database, but I only want the website to access the database (solr). Solr is on port 8983 as standard btw. My Q is, if I add a rule in my firewall (iptables), to only allow connections coming from the servers IP to the Solr port nr, would this solve my issue? Thanks

    Read the article

  • Third party Application's Idle Session expiry

    - by Manjoor
    We have a third party application running. It shows login dialog when idle for 20 minutes. We need to prevent the application to display login screen. We do not have any idea how idle state is handled internally in that application. We have done the follwoing with no luck. Created an small application in c# which focus it after every 5 minutes (using SetForegroundWindow()) and send a BM_CLICK message to one of its child window. Does not work. focus it after every 5 minutes (using SetForegroundWindow()) and move the cursor few pixels then restore cursor at its previous position. This does not work too! Is there any other way to achieve the goal?

    Read the article

  • Spring security - same page to deliver different content based on user role

    - by Ramesh
    Hello, i tried to search for any previous post related to my issue but couldnt find any. I have a scenario where in page handles 3 different scenarios and one of them not working. This page returns different content depending on if the user is authenticated or anonymous. localhost:8080/myApp/muUrl?test=authenticatedContent - used for Scenario 1 & 2 localhost:8080/myApp/muUrl?test=anonymousContent - used for Scenario 3 Scenario: 1) Authenticated user accesing the page url - the user gets displayed correct information. Works fine 2) Anonymous user accesing page URL with parameters that requires authentication - If anonymous, there is second level of check on the content they are accessing. for example, based on the GET parameters, there is custom logic to determine if the user has to be authenticated. In which case the page gets redirected to login page (WORKS fine). 3) Anonymous user accessing page URL with parameters that doesnt need authentication - in this case i get the SAvedRequest and redirect to the URL which is taking me to an infinite loop. Am i missing something very obvious or is there a way in AuthenticationProcessFilterEntryPoint to say "DON'T redirect to LOGIN page but process it" ? thanks.

    Read the article

  • Custom security permission_types in Jetspeed

    - by shikarishambu
    Is it possible to create and manage custom permission types in Jetspeed. In addition to the default - folder, page, link, portlet I would like to add document as a type. I want to then use the list of permissions of type "document" that a principal has to manage access to documents. Thanks

    Read the article

  • Basic security, PHP mySQl

    - by yuudachi
    So I am making a basic log-in page. I have a good idea of what to do, but I'm still unsure of some things. I have a database full of students and a password column of course. I know I'm going to use md5 encryption in that column. The student enters their e-mail and student ID, and they get e-mailed a password if correct. But, where do I create the password? Do I have to manually add the password (which is just a randomly generated string) in mySQL to all the students? And I am suppose to send the password to the student; how will I know what to send the student if the password is encrypted? I was thinking about generating the password when the student first enters their e-mail and student ID. They get an e-mail of the random string, and at the same time, I add the same random string to the database, encrypted. Is that how it's suppose to work though? And it feels unsafe doing that all on the same page. Sorry for the long-winded, newbish question. I find this all facisnating at the same time as well (AES and RSA encryption :O)

    Read the article

  • Ajax security problem

    - by coolboycsaba
    I want to create a browser based game and I have a huge problem, the game can be easily hacked. The problem is at a page where you can go to "work", I store in a file the work ending date and the amount of money what you will receive after finishing the work. There are 4 type of works. The problem is that I use ajax to send to a php file the necessary information. The URL looks like this x.php?date=....&pay=.... The javascript part of the page calculates the date and the pay but if you simply enter in your URL bar x.php?date=anynumber&pay=99999 you will receive that 99999 dollars. What should I do ? And sorry for my bad english :)

    Read the article

  • Chrome SSL Security Issue under Windows systems?

    - by fraido
    The Fortify.net website allows you to check what SSL Encryption key is used by your browser. I gave it a try with the browsers I've on my machine and these are the results Fedora 9 Firefox 3.0.8 = AES cipher, 256-bit key Chrome 4.0.249.30 = AES cipher, 256-bit key Windows XP SP3 IE 6.0.2x = RC4 cipher, 128-bit key Firefox = AES cipher, 256-bit key Chrome 4.1.249.1042 (42199) = RC4 cipher, 128-bit key .... WHAT!!?!! Chrome is using RC4 128-bit (as IE6 does) that is well known as been very weak! Chrome under Unix works fine... I'm wondering how is this possible? Do you have this issue or is there a way to change the default key to be AES 256bit? I'm using Chrome as the main browser under Windows and I'm really considering to switch back to Firefox

    Read the article

  • .NET security: how to check if a method is allowed to execute under current user's perrmissions

    - by Gart
    Given an ASP.NET MVC Controller class declaration: public class ItemController : Controller { public ActionResult Index() { // ... } public ActionResult Details() { // ... } [Authorize(Roles="Admin, Editor")] public ActionResult Edit() { // ... } [Authorized(Roles="Admin")] public ActionResult Delete() { // .. } } I need to reflect a list of methods in this class which may be invoked with the current user's permissions. The [Authorized] attribute is specific to ASP.NET MVC, and this is only an example. I would prefer a universal solution for this problem which works for any .NET class. Please share some ideas of what could be done in this case.

    Read the article

  • Relogging a user in with different Spring Security Authorities programmatically

    - by user1331982
    PreReq: User logs in and is given roles got from the database using a custom implementation of userService. i.e. authentication-provider user-service-ref="securityPolicyService" The implemented method loadUserByUsername gets called and the roles are load for the user for the particular club they are logging into, Default one is loaded first time in. The user then click on a different club from the UI and I call a method on a service that gets the new list of authorities for this club. I then perform the following: Object principle = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); SecureMember sm = (SecureMember) principle; Authentication auth = new UsernamePasswordAuthenticationToken(sm, null, newAuthories); <br><br> SecurityContextHolder.getContext().setAuthentication(auth);<br> request.getSession(false).invalidate(); SecureMember extends User from SpringFramework. The problem is the SecureMember authorities are never updated with the new ones. thanks Gary

    Read the article

  • Spring security @notation for IS_AUTHENTICATED_FULLY?

    - by wuntee
    I am simply trying to allow a user access to a method if they are authenticated, but nothing I am doing seems to work. Is there a way to just check if the user has been authenticated? The following still denies the user even when authenticated... Is there a built in role for an authenticated user? @RequestMapping("/secure") @PreAuthorize("hasRole('IS_AUTHENTICATED_FULLY')") public String secure(ModelMap map){ return("secure"); }

    Read the article

  • Web Form Security

    - by brandon14_99
    I set a cookie in the headers with an md5 hashed keyword. Then in my code, it checks for the exact matching cookie before displaying a form. Is this pretty much pointless? The form submits to an external site, so I am trying to secure the form without using captcha..

    Read the article

  • Authorization security of ASP.NET Forms authentication

    - by Tomi
    I'm using Forms authentication in ASP.NET MVC website and I store user account login name in AuthCookie like this: FormsAuthentication.SetAuthCookie(account.Login, false); I want to ask if there is a possibility that user on client side will somehow manage to change his login name in AuthCookie and thus he will be for example impersonated as someone with higher privileges and authorized to do more actions than he is normally supposed to have. Also is it better to save in this cookie user account login name or user account ID number?

    Read the article

  • Stacked up with web service configuration

    - by Allan Chua
    I'm currently stacked with the web service that im creating right now. when Testing it in local it all works fine but when I try to deploy it to the web server it throws me the following error An error occurred while trying to make a request to URI '...my web service URI here....'. This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for SOAP services. You may need to contact the owner of the service to publish a cross-domain policy file and to ensure it allows SOAP-related HTTP headers to be sent. This error may also be caused by using internal types in the web service proxy without using the InternalsVisibleToAttribute attribute. Please see the inner exception for more details. here is my web config. <?xml version="1.0"?> <configuration> <configSections> </configSections> <system.webServer> <modules runAllManagedModulesForAllRequests="true"> </modules> <validation validateIntegratedModeConfiguration="false" /> <security> <requestFiltering> <requestLimits maxAllowedContentLength="2000000000" /> </requestFiltering> </security> </system.webServer> <connectionStrings> <add name="........" providerName="System.Data.SqlClient" /> </connectionStrings> <appSettings> <!-- Testing --> <add key="DataConnectionString" value="..........." /> </appSettings> <system.web> <compilation debug="true" targetFramework="4.0"> <buildProviders> <add extension=".rdlc" type="Microsoft.Reporting.RdlBuildProvider, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </buildProviders> </compilation> <httpRuntime executionTimeout="1200" maxRequestLength="2000000" /> </system.web> <system.serviceModel> <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" /> <behaviors> <serviceBehaviors> <behavior name="Service1"> <serviceMetadata httpGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" /> <dataContractSerializer maxItemsInObjectGraph="2000000000" /> </behavior> <behavior name=""> <serviceMetadata httpGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="false" /> </behavior> <behavior name="nextSPOTServiceBehavior"> <serviceMetadata httpsGetEnabled="true"/> <serviceDebug includeExceptionDetailInFaults="true" /> <dataContractSerializer maxItemsInObjectGraph="2000000000" /> </behavior> </serviceBehaviors> </behaviors> <bindings> <basicHttpBinding> <binding name="SecureBasic" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647"> <security mode="Transport" /> <readerQuotas maxArrayLength="2000000" maxStringContentLength="2000000"/> </binding> <binding name="BasicHttpBinding_IDownloadManagerService" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647"> <security mode="Transport" /> </binding> </basicHttpBinding> </bindings> <services> <service behaviorConfiguration="nextSPOTServiceBehavior" name="NextSPOTDownloadManagerWebServiceTester.Web.WebServices.DownloadManagerService"> <endpoint binding="basicHttpBinding" bindingConfiguration="SecureBasic" name="basicHttpSecure" contract="NextSPOTDownloadManagerWebServiceTester.Web.WebServices.IDownloadManagerService" /> <!--<endpoint binding="basicHttpBinding" bindingConfiguration="" name="basicHttp" contract="NextSPOTDownloadManagerWebServiceTester.Web.WebServices.IDownloadManagerService" />--> <!--<endpoint address="" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IDownloadManagerService" contract="NextSPOTDownloadManagerWebServiceTester.Web.WebServices.IDownloadManagerService" /> <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />--> </service> </services > </system.serviceModel> </configuration>

    Read the article

  • In App Purchase Resources Security.

    - by jAmi
    Hi I am setting up in app purchase where user can buy different Sounds. Once bought, he can play those sounds in the App. The Sound files are all present in my Resources Folder and I just keep a record(in a plist) of the files that have been purchased. No If I right click on the IAP file and see its content I can see the Resources, hence any one can have those sounds without actually buying them. Is there a protected Bundle or something?

    Read the article

  • Cookiless Session Is it a security risk?

    - by Costa
    Hi http://msdn.microsoft.com/en-us/library/aa479314.aspx You have a user who successfully log in from a machine in Cybercafe, Hacker H able to sniff the network and get the sessionID of the user, Can H use the sessionId and act as the user from another machine? Can H enter http://folder/(session id)/CreditCardInformation.aspx to know the credit card number of the user?

    Read the article

  • PHP Upload file enhance security

    - by mandril
    Hey.. my question is how to prevent someone upload a virus or some malicious code with the extension you pretend for example i have a pdf file uploader, anyone can upload a binary with pdf camouflage there are lots of programs to do that.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 87 88 89 90 91 92 93 94 95 96 97 98  | Next Page >