Search Results

Search found 15914 results on 637 pages for 'physical security'.

Page 181/637 | < Previous Page | 177 178 179 180 181 182 183 184 185 186 187 188  | Next Page >

• FileSystemWatcher surpassing Active Directory restrictions

  - by DevexPP

  While experimenting with FileSystemWatcher, I've found out that it somehow surpasses Active Directory's restrictions to files and folders, and will raise change events with information about what has changed in files and folders that you don't even have access to. I have two questions about that: 1) Why does this happen ? 2) Is this a problem in the AD configuration ? how do I fix it ? 3) Is there any way to gather these files, or even create a FileSystemInfo of them to get more info about the files (not only the changes made on them) ? As far as I've tried, only the FileSystemWatcher immune to the restrictions, I can't run any other thing over it, here's a list of what I've tried: File.Exists Directory.Exists FileInfo instance on found files DirectoryInfo instance on found files File.Copy File.Delete

  Read the article

• Accessing Identity.AuthenticationType

  - by Tewr

  While implementing a custom authentication type in a wcf service, I'm trying to read the property IIdentity.AuthenticationType using the call Thread.CurrentPrincipal.Identity.AuthenticationType. Unless the account running the service is local administrator, UnauthorizedAccessException is thrown when accessing this property, much like described in this support thread. I can however reset the Thread.CurrentPrincipalobject without hassle, thus altering the Authentication Type - But read it, I cannot. Is running as an administrator the only way here or is there some trick to let the user running the service "just" access this property?

  Read the article

• How to limit setAccessible to only "legitimate" uses?

  - by polygenelubricants

  The more I learned about the power of setAccessible, the more astonished I am at what it can do. This is adapted from my answer to the question (Using reflection to change static final File.separatorChar for unit testing). import java.lang.reflect.*; public class EverythingIsTrue { static void setFinalStatic(Field field, Object newValue) throws Exception { field.setAccessible(true); Field modifiersField = Field.class.getDeclaredField("modifiers"); modifiersField.setAccessible(true); modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL); field.set(null, newValue); } public static void main(String args[]) throws Exception { setFinalStatic(Boolean.class.getField("FALSE"), true); System.out.format("Everything is %s", false); // "Everything is true" } } You can do truly outrageous stuff: public class UltimateAnswerToEverything { static Integer[] ultimateAnswer() { Integer[] ret = new Integer[256]; java.util.Arrays.fill(ret, 42); return ret; } public static void main(String args[]) throws Exception { EverythingIsTrue.setFinalStatic( Class.forName("java.lang.Integer$IntegerCache") .getDeclaredField("cache"), ultimateAnswer() ); System.out.format("6 * 9 = %d", 6 * 9); // "6 * 9 = 42" } } Presumably the API designers realize how abusable setAccessible can be, but must have conceded that it has legitimate uses to provide it. So my questions are: What are the truly legitimate uses for setAccessible? Could Java has been designed as to NOT have this need in the first place? What would the negative consequences (if any) of such design be? Can you restrict setAccessible to legitimate uses only? Is it only through SecurityManager? How does it work? Whitelist/blacklist, granularity, etc? Is it common to have to configure it in your applications?

  Read the article

• Detect someone hooking onto a window handle

  - by Secure The World

  Can you detect if someone is trying to hook into a window handle of your application (or a part thereof) in .NET?

  Read the article

• Is MD5 really that bad?

  - by Col. Shrapnel

  Everyone says that MD5 is "broken". Though I have never seen a code that can show it's weakness. So, I hope someone of local experts can prove it with simple test. I have an MD5 hash c1e877411f5cb44d10ece283a37e1668 And a simple code to produce it $salt="#bh35^&Res%"; $pass="***"; echo $hash=md5($salt.$pass); So, the question is: 1. Is MD% really that bad? 2. If so, what's the pass behind the asterisks?

  Read the article

• Multiple Sandboxes in the same JavaVM

  - by Bendlas

  Is there a framework or api to let multiple isolated sandboxes run in a single java vm?

  Read the article

• Secure password transmission over unencrypted tcp/ip

  - by academicRobot

  I'm in the designing stages of a custom tcp/ip protocol for mobile client-server communication. When not required (data is not sensitive), I'd like to avoid using SSL for overhead reasons (both in handshake latency and conserving cycles). My question is, what is the best practices way of transmitting authentication information over an unencrypted connection? Currently, I'm liking SRP or J-PAKE (they generate secure session tokens, are hash/salt friendly, and allow kicking into TLS when necessary), which I believe are both implemented in OpenSSL. However, I am a bit wary since I don't see many people using these algorithms for this purpose. Would also appreciate pointers to any materials discussing this topic in general, since I had trouble finding any.

  Read the article

• How do I secure a folder used to let users upload files?

  - by Eduardo Molteni

  I have a folder in my web server used for the users to upload photos using an ASP page. Is it safe enough to give IUSR write permissions to the folder? Must I secure something else? I am afraid of hackers bypassing the ASP page and uploading content directly to the folder. I'm using ASP classic and IIS6 on Windows 2003 Server. The upload is through HTTP, not FTP. Edit: Changing the question for clarity and changing my answers as comments.

  Read the article

• PHP: Safe way to store decryptable passwords

  - by Jammer

  I'm making an application in PHP and there is a requirement that it must be possible to decrypt the passwords in order to avoid problems in the future with switching user database to different system. What encryption/decryption algorithm would you suggest? Is it good idea to just store the encrypted value and then compare the future authentication attempts to that value? Are the passwords still as safe as MD5/SHA1 when the private key is not available to the attacker (Hidden in USB drive for example)? I should still use salting, right? What encryption libraries should I use for PHP?

  Read the article

• Protect files in dir .htaccess and allow access to a particular controler/action

  - by Dr Casper Black

  Hi How to protect files (documents, images..) that r being sold over internet. Is it possible to Deny access to all except a particular php file that lists those documents. for instance www.mysite.com/list

  Read the article

• How do I prevent SQL injection with ColdFusion

  - by Daniel A. White

  How do I prevent SQL injection when it comes to ColdFusion? I'm quite new to the language/framework. Here is my example query. <cfquery name="rsRecord" datasource="DataSource"> SELECT * FROM Table WHERE id = #url.id# </cfquery> I see passing in url.id as a risk.

  Read the article

• Php referrer works or not?

  - by Camran

  I need to know the referring server for a page on my site. Is there any safe method to check where the user "came" to the page FROM? I tried uploading this to my server, but this wont output anything at all when I write the adress to the file in the browsers adress bar: <?php echo $_SERVER['HTTP_REFERER']; ?> I need to check this in order to display a link on the page or not... Thanks

  Read the article

• block write access to table from an application in mysql

  - by hoberion

  Hello, We have a CMS plugin that writes statistics to 1 table, this creates performance issues on the entire platform. We decided to use another statistics plugin which can connect to a different database server (the first plugin couldn't!) however we need parts of the first plugin. I want to lock the statistics table to prevent misusage (not allowed to drop it by the developer) So I was wondering if a lock table could do this or if I can implement some sort of read only table

  Read the article

• Defeating a Poker Bot.

  - by The Rook

  There is a new Open Source poker bot called PokerPirate. I am interested in any creative ways in which a web application could detect/thwart/defeat a poker bot. (This is a purely academic discussion, in the same spirit that PokerPirate was written.)

  Read the article

• Detecting use after free() on windows.

  - by The Rook

  I'm trying to detect "Use after free()" bugs, otherwise known as "Dangling pointers". I know Valgrind can be used to detect "Use after free" bugs on the *nix platform, but what about windows? What if I don't have the source? Is there a better program than Valgrind for detecting all dangling pointers in a program? A free and open source would be preferred , but I'll use a commercial solution if it will get the job done.

  Read the article

• How can I make CAPTCHA work across multiple pages?

  - by jm04469

  Ever visit a website such as myspace where they leverage CAPTCHA to prevent spam? The typical pattern is to present a challenge to each URL that is opened, yet the challenge doesn't actually belong to the page itself which causes additional bandwidth usage. So, if I open up six pages at the same time and want to present a challenge on each page. I want the challenge to be tied to the page and not to the session. How can I make this work with Spring and/or Struts.

  Read the article

• String encryption only with numbers?

  - by HH

  Suppose your bank clerk gives you an arbitrary password such as hel34/hjal0@# and you cannot remember it without writing it to a paper. Dilemma: you never write passwords to paper. So you try to invent an encryption, one-to-one map, where you write only a key to a paper, only numbers, and leave the rest junk to your server. Of course, the password can consist of arbitrary things. Implemention should work like hel34/hjal0#@ ---- magic ----> 3442 and to other way: 3442 ---- server magic ---> hel34/hjal0#@ [Update] mvds has the correct idea, to change the base, how would you implement it?

  Read the article

• Are PDO prepared statements sufficient to prevent SQL injection?

  - by Mark Biek

  Let's say I have code like this: $dbh = new PDO("blahblah"); $stmt = $dbh->prepare('SELECT * FROM users where username = :username'); $stmt->execute( array(':username' => $_REQUEST['username']) ); The PDO documentation says The parameters to prepared statements don't need to be quoted; the driver handles it for you. Is that truly all I need to do to avoid SQL injections? Is it really that easy? You can assume MySQL if it makes a difference. Also, I'm really only curious about the use of prepared statements against SQL injection. In this context, I don't care about XSS or other possible vulnerabilities.

  Read the article

• storing original password text

  - by Richard

  My application stores external website login/passwords for interaction with them. To interact with these website I need to use the original password text, so storing just the hash in my database is not going to work. How should I store these passwords?

  Read the article

• Should I be concerned with infected zip files?

  - by Peter Smith

  I'm writing a ASP.NET application to process user submitted zip files and limiting my extraction of files from it to only the extensions I want. I've heard of infected zip files attached to emails and I was wondering if I should be concerned about extracting data from infected zip files in my application. I don't plan on executing the content inside of the zip file, but will opening and extracting from an infected zip file cause the file to execute a virus even if I'm not executing any content inside of the zip file?

  Read the article

• A scripting engine for Ruby?

  - by Earlz

  Hello, I am creating a Ruby On Rails website, and for one part it needs to be dynamic so that (sorta) trusted users can make parts of the website work differently. For this, I need a scripting language. In a sort of similar project in ASP.Net, I wrote my own scripting language/DSL. I can not use that source code(written at work) though, and I don't want to make another scripting language if I don't have to. So, what choices do I have? The scripting must be locked down and not be able to crash my server or anything. I'd really like if I could use Ruby as the scripting language, but it's not strictly necessary. Also, this scripting part will be called on almost every request for the website, sometimes more than once. So, speed is a factor. I looked at the RubyLuaBridge but it is Alpha status and seems dead. What choices for a scripting language do I have in a Ruby project? Also, I will have full control over where this project is deployed(root access), so there are no real limits..

  Read the article

• Can a programme assign the memory directly?

  - by Tattat

  Is there any really low level programming language that can get access the memory variable directly? For example, if I have a programme have a variable i. Can anyone access the memory to change my programme variable i to another value?

  Read the article

• SQL Server db_owner

  - by andrew007

  Hi, in my SQL2008 I have a user which is in the "db_datareader", "db_datawriter" and "db_ddladmin" DB roles, however when he tries to modify a table with SSMS he receives a message saying: You are not logged in as the database owner or system administrator. You might not be able to save changes to tables that you do not own. Of course, I would like to avoid such message, but until now I did find the way... Therefore, I try to modify the user by adding him to the "db_owner" role, and of course I do not have the message above. My question is: Is it possible to keep the user in the "db_owner" role, but deny some actions like alter user or ? I try "alter any user" securable on DB level, but it does not work... THANKS!

  Read the article

• How to protect access to a url?

  - by ibiza

  I would need to create a php file that will do some work on my webserver and that will be called from a program on another server over the internet. Suppose the php file that will do the work is located at www.example.com/work.php What is the best way to protect unsollicited calls to the www.example.com/work.php? What I need is some mechanism so that when the intended program accesses the url (with some query string parameters), the work gets done, but if somebody type www.example.com/work.php in their browser, access will be denied and no work will be done. The way I've thought is to add some 'token' in the querystring that would be constructed by some algorithm from the calling program, a sample result could be to append to the url : ?key=randomKeyAtEachCall&token=SomeHexadecimalResultCalculatedFromTheKey and the key and token would be validated with a reverse algorithm on the php side. Is that safe, Are there any better idea?

  Read the article

• compare password hashes between c# and coldfusion

  - by czuroski

  Hello, I have a password hash that is stored in a table and is put there by the following coldfusion script- #Hash(EnCrypt(UCase(GetPass.username),EnCode))# I am trying to add some outside functionality within a c# application. I would like to be able to take advantage of the data that already exists so that I can authenticate users. Does anyone know how I can replicate the above coldfusion code in c#? Thanks for any thoughts.

  Read the article

< Previous Page | 177 178 179 180 181 182 183 184 185 186 187 188  | Next Page >