Search Results

Search found 62763 results on 2511 pages for 'net security'.

Page 103/2511 | < Previous Page | 99 100 101 102 103 104 105 106 107 108 109 110 | Next Page >

Session ID Rotation - does it enhance security?

- by dound

(I think) I understand why session IDs should be rotated when the user logs in - this is one important step to prevent session fixation. However, is there any advantage to randomly/periodically rotating session IDs? This seems to only provide a false sense of security in my opinion. Assuming session IDs are not vulnerable to brute-force guessing and you only transmit the session ID in a cookie (not as part of URLs), then an attacker will have to access your cookie (most likely by snooping on your traffic) to get your session ID. Thus if the attacker gets one session ID, they'll probably be able to sniff the rotated session ID too - and thus randomly rotating has not enhanced security.

Read the article
Data-related security Implementation

- by devdude

Using Shiro we have a great security framework embedded in our enterprise application running on GF. You define users, roles, permissions and we can control at any fine-grain level if a user can access the application, a certain page or even click a specific button. Is there a recipe or pattern, that allows on top of that, to restrict a user from seeing certain data ? Sample: You have a customer table for 3 factories (part of one company). An admin user can see all customer records, but the user at the local factory must not see any customer data of other factories (for whatever reason). Te security feature should be part of the role definition. Thanks for any input and ideas

Read the article
What is IP security?

- by NetSide

Is there any brief explanation for IP security? And Why do we use it?

Read the article
How does IPC generate security holes?

- by Walidix

How does interprocess communication generate security holes? Examples appreciated.

Read the article
Using ScriptCombining through a ScriptManager on a Master Page

- by Hmobius

ASP.NET 3.5 SP1 adds a great new ScriptCombining feature to the ScriptManager object as demonstrated on this video. However he only demonstrates how to use the feature with the ScriptManager on the same page. I'd like to use this feature on a site where the scriptmanager is on the master page but can't figure out how to add the scripts I need for each page programmatically to the manager. I've found this post to use as a starting point, but I'm not really getting very far. can anyone give me a helping hand? Thanks, Dan

Read the article
which collection should I use

- by Masna

Hello, I have a number of custom objects of type X. X has a number of parameters and must be unique in the collection. (I created my own equals method based on the custom parameters to examine this) In each object of type x, I have a list of objects y. I want to add/remove/modify easily an object y. For example: To write the add method, it would be something like add(objTypeX, objTypeY) I would check or the collections already has a objTypeX. If so: i would add the objTypeY to the already existing objTypeX else: i would create objTypeX and add objTypeY to this object. To modify an objTypeY, it would be something like(objTypeX, objTypeY, newobjTypeY) I would get objTypeX out of the collections and modify objTypeY to newobjTypeY Which collections should I use? I tried with hashset but i can get a specific object out of the list, without run down the list till I find that object. I develop this in vb.net 3.5

Read the article
Security precautions and techniques for a User-submitted Code Demo Area

- by Jack W-H

Hey folks Maybe this isn't really feasible. But basically, I've been developing a snippet-sharing website and I would like it to have a 'live demo area'. For example, you're browsing some snippets and click the Demo button. A new window pops up which executes the web code. I understand there are a gazillion security risks involved in doing this - XSS, tags, nasty malware/drive by downloads, pr0n, etc. etc. etc. The community would be able to flag submissions that are blatantly naughty but obviously some would go undetected (and, in many cases, someone would have to fall victim to discover whatever nasty thing was submitted). So I need to know: What should I do - security wise - to make sure that users can submit code, but that nothing malicious can be run - or executed offsite, etc? For your information my site is powered by PHP using CodeIgniter. Jack

Read the article
Spring 3 - Custom Security

- by Eqbal

I am in the process of converting a legacy application from proprietary technology to a Spring based web app, leaving the backend system as is. The login service is provided by the backend system through a function call that takes in some parameter (username, password plus some others) and provides an output that includes the authroizations for the user and other properties like firstname, lastname etc. What do I need to do to weave this into Spring 3.0 security module. Looks like I need to provide a custom AuthenticationProvider implementation (is this where I call the backend function?). Do I also need a custom User and UserDetailsService implementation which needs loadUserByName(String userName)? Any pointers on good documentation for this? The reference that came with the download is okay, but doesn't help too much in terms of implementing custom security.

Read the article
Building an ASP.Net 4.5 Web forms application - part 4

- by nikolaosk

?his is the fourth post in a series of posts on how to design and implement an ASP.Net 4.5 Web Forms store that sells posters on line.There are 3 more posts in this series of posts.Please make sure you read them first.You can find the first post here. You can find the second post here. You can find the third post here. In this new post we will build on the previous posts and we will demonstrate how to display the posters per category.We will add a ListView control on the PosterList.aspx and will bind data from the database. We will use the various templates.Then we will write code in the PosterList.aspx.cs to fetch data from the database.1) Launch Visual Studio and open your solution where your project lives2) Open the PosterList.aspx page. We will add some markup in this page. Have a look at the code below <section class="posters-featured"> <ul> <asp:ListView ID="posterList" runat="server" DataKeyNames="PosterID" GroupItemCount="3" ItemType="PostersOnLine.DAL.Poster" SelectMethod="GetPosters"> <EmptyDataTemplate> <table id="Table1" runat="server"> <tr> <td>We have no data.</td> </tr> </table> </EmptyDataTemplate> <EmptyItemTemplate> <td id="Td1" runat="server" /> </EmptyItemTemplate> <GroupTemplate> <tr ID="itemPlaceholderContainer" runat="server"> <td ID="itemPlaceholder" runat="server"></td> </tr> </GroupTemplate> <ItemTemplate> <td id="Td2" runat="server"> <table> <tr> <td> </td> <td> <a href="PosterDetails.aspx?posterID=<%#:Item.PosterID%>"> <img src="<%#:Item.PosterImgpath%>" width="100" height="75" border="1"/></a> </td> <td> <a href="PosterDetails.aspx?posterID=<%#:Item.PosterID%>"> <span class="PosterName"> <%#:Item.PosterName%> </span> </a> <br /> <span class="PosterPrice"> <b>Price: </b><%#:String.Format("{0:c}", Item.PosterPrice)%> </span> <br /> </td> </tr> </table> </td> </ItemTemplate> <LayoutTemplate> <table id="Table2" runat="server"> <tr id="Tr1" runat="server"> <td id="Td3" runat="server"> <table ID="groupPlaceholderContainer" runat="server"> <tr ID="groupPlaceholder" runat="server"></tr> </table> </td> </tr> <tr id="Tr2" runat="server"><td id="Td4" runat="server"></td></tr> </table> </LayoutTemplate> </asp:ListView> </ul> </section> 3) We have a ListView control on the page called PosterList. I set the ItemType property to the Poster class and then the SelectMethod to the GetPosters method. I will create this method later on. (ItemType="PostersOnLine.DAL.Poster" SelectMethod="GetPosters")Then in the code below I have the data-binding expression Item available and the control becomes strongly typed.So when the user clicks on the link of the poster's category the relevant information will be displayed (photo,name and price) <td> <a href="PosterDetails.aspx?posterID=<%#:Item.PosterID%>"> <img src="<%#:Item.PosterImgpath%>" width="100" height="75" border="1"/></a> </td>4) Now we need to write the simple method to populate the ListView control.It is called GetPosters method.The code follows public IQueryable<Poster> GetPosters([QueryString("id")] int? PosterCatID) { PosterContext ctx = new PosterContext(); IQueryable<Poster> query = ctx.Posters; if (PosterCatID.HasValue && PosterCatID > 0) { query = query.Where(p=>p.PosterCategoryID==PosterCatID); } return query; } This is a very simple method that returns information about posters related to the PosterCatID passed to it.I bind the value from the query string to the PosterCatID parameter at run time.This is all possible due to the QueryStringAttribute class that lives inside the System.Web.ModelBinding and gets the value of the query string variable id.5) I run my application and then click on the "Midfilders" link. Have a look at the picture below to see the results. In the Site.css file I added some new CSS rules to make everything more presentable. .posters-featured { width:840px; background-color:#efefef;}.posters-featured a:link, a:visited, a:active, a:hover { color: #000033; }.posters-featured a:hover { background-color: #85c465; } 6) I run the application again and this time I do not choose any category, I simply navigate to the PosterList.aspx page. I see all the posters since no query string was passed as a parameter.Have a look at the picture below ?ake sure you place breakpoints in the code so you can see what is really going on.In the next post I will show you how to display poster details.Hope it helps!!!

Read the article
Spring security oauth2 provider to secure non-spring api

- by user1241320

I'm trying to set up an oauth 2.0 provider that should "secure" our restful api using spring-security-oauth. Being a 'spring fan' i thought it could be the quicker solution. main point is this restful thingie is not a spring based webapp. boss says the oauth provider should be a separate application, but i'm starting to doubt that. (got this impression by reading spring-security-oauth) i'm also new here so haven't really got my hands into this other (jersey-powered) restul api (core of our business). any help/hint will be much appreciated.

Read the article
Which Javascript history back implementation is the best?

- by Malcolm Frexner

There are implementations for history.back in Micrososft AJAX and jQuery (http://www.asual.com/jquery/address/). I already have jQuery and asp.net ajax included in my project but I am not sure which implementation of history.back is better. Better for me is: Already used by some large projects Wide browser support Easy to implement Little footprint Does anybody know which one is better? EDIT: Another jquery plugin is http://plugins.jquery.com/project/history It is recommmended in the book JQuery Cookbook. This one worked well so far.

Read the article
How to define using statements in web.config?

- by Hasan Gürsoy

I'm using MySql in my asp.net project. But I don't want to type every "using MySql.Data.MySqlClient;" statement in every aspx.cs file. How can I define this lines in web.config file? I've defined some namespaces like below but this only works for aspx pages: <?xml version="1.0"?> <configuration> <system.web> <compilation debug="false" targetFramework="4.0"/> <pages> <namespaces> <add namespace="System.Web.Configuration"/> <add namespace="MySql.Data"/> <add namespace="MySql.Data.MySqlClient"/> </namespaces> </pages> </system.web> </configuration>

Read the article
TFS Security and Documents Folder

- by pm_2

I'm getting an issue with TFS where the documents folder is marked with a red cross. As far as I can tell, this seems to be a security issue, however, I am set-up as project admin on the relevant projects. I’ve come to the conclusion that it’s a security issue from running the TFS Project Admin tool (available here). When I run this, it tells me that I don’t have sufficient access rights to open the project. I’ve checked, and I’m not included in any groups that are denied access. Please can anyone shed any light as to why I may not have sufficient access to these projects?

Read the article
Why would this line throw exception for type initializer failed?

- by Jaggu

I had a class: public class Constant { public static string ConnString = ConfigurationManager.ConnectionStrings["ConnString"].ConnectionString; } which would throw exception on LIVE: Type initialize failed for Constant ctor If I change the class to: public class Constant { public static string ConnString { get { return ConfigurationManager.ConnectionStrings["ConnString"].ConnectionString; } } } it works. I wasted 2 hours behind this but I still don't know why would this happen. Any ideas? Note: The 1st class used to work on DEV environment but not on LIVE. The 2nd class works on DEV and also on Production. I am using VS2010 on production and Asp.Net 4.0 Website project. I am totally amazed by this inconsistency to say the least! Edit: This class was in App_Code folder.

Read the article
ObjectDataSource Insert and Update methods error

- by Jack

I m developing asp.net 3.5 project. When I want to Insert with DetailsView this error occured: Error : ObjectDataSource 'ObjectDataSource2' could not find a non-generic method 'AddCity' that has parameters: CITY_NAME. <asp:ObjectDataSource ID="ObjectDataSource2" runat="server" SelectMethod="GetCityByID" UpdateMethod="UpdateCity" InsertMethod="AddCity" TypeName="NOP_CRM.Lib.nop_cities" OldValuesParameterFormatString="original_{0}"> <SelectParameters> <asp:ControlParameter ControlID="GridView1" Name="cityid" PropertyName="SelectedValue" Type="Int32" DefaultValue="1" /> </SelectParameters> <UpdateParameters> <asp:Parameter Name="CITY_NAME" Type="String" /> </UpdateParameters> <InsertParameters> <asp:Parameter Name="CITY_NAME" Type="String" /> </InsertParameters> </asp:ObjectDataSource> ... public int AddCity(string cityname) { CITY_NAME = cityname; Insert(); return _CITY_ID; }

Read the article
Need an Asp.net MVC Application solution

- by Daoming Yang

I have implemented a small ordering and stock control system (for internal using) with the MVC 2 framework. Now my friends, they want to have a website to present the existing products for their customers. I know, I know they will ask me to do this one day. So in the beginning, I have made the controller name to start with "Admin". But now I am not sure the best way to implement their requirements. Could you advise me? 1.For the security reason, I did not allowed anonymous user to access the website a part from the CSS and image files. My question is the controllers' name are not folders' name, how could I set this up? 2.I'm planning to put the admin section into an "area" and will it be a good way to go? Can anyone provide me some suggestions. Many thanks.

Read the article
Why doesnt doesnt HTML input of type file not work with Ajax update panel

- by Sean P

I have a input of type file and when i try to do a Request.files when the input is wrapped in an update panel...it always returns an empty httpfilecollection. Why??? This is the codebehind: (At HttpContext.Current.Request.Files...its always 0 for the count.) Protected Sub btnSubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnSubmit.Click Dim uploads As HttpFileCollection uploads = HttpContext.Current.Request.Files For i As Integer = 0 To (uploads.Count - 1) If (uploads(i).ContentLength > 0) Then Dim c As String = System.IO.Path.GetFileName(uploads(i).FileName) Try uploads(i).SaveAs("C:\UploadedUserFiles\" + c) Span1.InnerHtml = "File Uploaded Sucessfully." Catch Exp As Exception Span1.InnerHtml = "Some Error occured." End Try End If Next i End Sub This example comes from the ASP.Net website...but my application is very similar.

Read the article
Control Menu Items based on Privileges of Logged In User with spring security

- by Nirmal

Hi All... Based on this link I have incorporated the spring security core module with my grails project... I am using the Requestmap concept by storing each role, user and requestmap inside the database only... Now my requirement is to provide the menu items based on the users assigned roles... For e.g.: If my "User" Main Menu have following Items : Dashboard Import User Manage User And if I have assigned a roles of Dashboard and Import User to the user with a username "auditor" then, only following Menu items should be displayed on the screen : User (Main Menu) - Dashboard (sub menu) - Import User (sub menu) I have explored the Spring Security ACL plugin for the same, but it's using the Domain classes to get it working... So, wanted to know the convenient way to do so... Thanks in advance...

Read the article
Insert dependencies dynamically in View (Javascript and CSS Files)

- by Ph.E

Friends, I am willing to follow the rules of the W3C where it is recommended that javascript and CSS files should be in individual files and not within the page. Good, following this rule, and not wanting to overload the master page, I would like to embed the dependencies dynamically. So how could I insert the libraries dynamically? I think the bigger problem is the Ajax requests. Example: <script type="text/javascript" src="http://sstatic.net/so/js/master.js?v=6523"></script> I tried using the JavascriptResult, but he writes the content on the page, and do not run as "Stream." Any help is welcome. Thanks

Read the article
Using OAuth along with spring security, grails

- by GroovyUser

I have grails app which runs on the spring security plugin. It works with no problem. I wish I could give the users the way to connect with Facebook and social networking site. So I decided to use Spring Security OAuth plugin. I have configured the plugin. Now I want user can access both via normal local account and also the OAuth authentication. More precisely I have a controller like this: @Secured(['IS_AUTHENTICATED_FULLY']) def test() { render "Home page!!!" } Now I want this controller to be accessed with OAuth authentication too. Is that possible to do so?

Read the article
GWT HTML widget security risks

- by h2g2java

In GWT javadoc, we are advised If you only need a simple label (text, but not HTML), then the Label widget is more appropriate, as it disallows the use of HTML, which can lead to potential security issues if not used properly. I would like to be educated/reminded about the security susceptibilities? It would be nice to list the description of the mechanisms of those risks. Are the susceptibilities equally potent on GAE vs Amazon vs my home linux server? Are they equally potent across the browser brands? Thank you.

Read the article
Using an IN clause in Vb.net to save something to the database using SQL

- by Rob

I have a textbox and a button on a form. I wish to run a query (in Vb.Net) that will produce a query with the IN Values. Below is an example of my code myConnection = New SqlConnection("Data Source=sqldb\;Initial Catalog=Rec;Integrated Security=True") myConnection.Open() myCommand = New SqlCommand("UPDATE dbo.Recordings SET Status = 0 where RecID in ('" & txtRecID.Text & "') ", myConnection) ra = myCommand.ExecuteNonQuery() myConnection.Close() MsgBox("Done!", _ MsgBoxStyle.Information, "Done") When I enter a single value it works but when I enter values with commas it throws an error: "Conversion failed when converting the varchar value '1234,4567' to data type int." Could someone please help me to solve this or if there is an alternative way? Many Thanks

Read the article
System.Net.WebClient Class in .Net CompactFramework 3.5 ?

- by Leen15

Hi at all! I need to comunicate with a Server that give me async answers (streamer connection). I find this: http://msdn.microsoft.com/en-en/library/ms144211%28v=VS.80%29.aspx that generate this event: http://msdn.microsoft.com/en-en/library/system.net.webclient.openreadcompleted%28v=VS.80%29.aspx I think this is what i need, but i don't have the WebClient class in my System.Net of CompactFramework 3.5. How can i do? Thanks. EDIT: I've done a more clear question: httpRequest, httpResponse, send GET through Stream and Receive the Result in C#

Read the article
Understanding CGI and SQL security from the ground up

- by Steve

This question is for learning purposes. Suppose I am writing a simple SQL admin console using CGI and Python. At http://something.com/admin, this admin console should allow me to modify a SQL database (i.e., create and modify tables, and create and modify records) using an ordinary form. In the least secure case, anybody can access http://something.com/admin and modify the database. You can password protect http://something.com/admin. But once you start using the admin console, information is still transmitted in plain text. So then you use HTTPS to secure the transmitted data. Questions: To describe to a learner, how would you incrementally add security to the least secure environment in order to make it most secure? How would you modify/augment my three (possibly erroneous) steps above? What basic tools in Python make your steps possible? Optional: Now that I understand the process, how do sophisticated libraries and frameworks inherently achieve this level of security?

Read the article
What Security Issues I should have in PHP Hosting

- by phpBOY

Hi, Just wanted to know what could be the security cautions I should know about PHP Hosting? Thanks

Read the article

< Previous Page | 99 100 101 102 103 104 105 106 107 108 109 110 | Next Page >