Search Results

Search found 16163 results on 647 pages for 'advanced security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 183/647 | < Previous Page | 179 180 181 182 183 184 185 186 187 188 189 190  | Next Page >

  • Securing Coredata objects

    - by Abraham Durairaj
    I am working on an application which has got some sensitive information. I am aware that it would be difficult for a layman to hack into iphone to get the information. If I use SQLite directly I have something called SQLite Cipher to encrypt / encode the database. Is there anyway where I can have the same way of encrypting the coredata so it makes it hard for hackers to get into the data. Can someone shed some light on this? Thanks in Advance

    Read the article

  • Rookie file permissions question

    - by Camran
    What is the ending 'r' for and the leading 'd' for in file permissions on Linux? Example: drwxr-xr-x I know about the user, group, others part, and I know w=write, r=read, x=execute. But I don't know about the leading 'd' and the trailing 'r'. Care to explain? Thanks

    Read the article

  • Using installed identity certificate from within an app on iPhone

    - by Sabi Tinterov
    Hi, My question is: is there a way to use the installed identity certificates on the phone from within my app. For example similar case like with saffary: if certain site requires client certificate, the user has to install it on the phone and then when authenticating saffary uses the installed certificate to authenticate. I need to do the same: 1.User installs certificate on the phone. 2. The user starts the application and authenticates using the installed certificate. Thanks

    Read the article

  • Getting 403 error when using CSRF filter with tomcat 6.0.32

    - by sps
    This is my filer config in web.xml <filter> <filter-name>CSRFPreventionFilter</filter-name> <filter-class>org.apache.catalina.filters.CsrfPreventionFilter</filter-class> <init-param> <param-name>entryPoints</param-name> <param-value>/login<param-value> </init-param> </filter> <filter-mapping> <filter-name>CSRFPreventionFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> Am I missing something? Are any code-changes necessary to enable csrf protection in tomcat

    Read the article

  • Computer Invisible On Domain

    - by Giawa
    Good afternoon, I'm sorry that this isn't a programming question specifically, but stackoverflow has been great at answering questions in the past, so I thought I'd give it a shot. One of our Linux users attempted to install Cygwin on our Windows Server 2008 Domain Controller. Now it is no longer possible to browse the domain and see all of the computers. For example, \\my_domain_name will just bring up a username/password dialog box (that will not accept any username or password, even the domain administrator) and no computers will ever be listed. However, I can still connect to computers based on their name or IP address. So \\eridanus or \\192.168.1.85 still work to connect to the shared directories of computers on our network. Does anyone know where I can find these settings? and how I can fix this problem? Thanks, Giawa

    Read the article

  • OpenID PAM module

    - by Harvey Kwok
    I am looking for a PAM module that can use OpenID to do the authentication. My idea is that I want to logon my Linux box using my gmail account and password. I found there is a open source project in Google Code which seems to be doing the things I want but I don't see any code available for download. I saw there are so many examples or implementations but they are all about web apps. Is there any non-web based OpenID applications in the world? Is it technically possible to make a non-web based OpenID application? I naively think that it should be possible. I can emulate whatever packets the browser send out to the OpenID provider and get back the result. As long as my Linux box is connected to the Internet, I should be able to use my OpenID to login. Appreciate any comments, suggestions or pointers on how to make an OpenID PAM module. Thanks!

    Read the article

  • Deny http access to a directory, allow access from WordPress plugin

    - by luke
    Hey. I need to prevent direct access to http://www.site.com/wp-content/uploads/folder/something.pdf through the browser. However the Download Monitor plugin I am using, which allows logged in users to download the file, needs to be able to work. Trying Order Allow,Deny Deny from all Allow from all but the download links do not now work... even though (I think) they are links produced by the script e.g. http://www.site.com/wp-content/plugins/download-monitor/download.php?id=something.pdf Enter that in the address bar and you correctly get a WordPress message, 'You must be logged in to download this file.' However, if someone knows the URL where the file was uploaded http://www.site.com/wp-content/uploads/folder/something.pdf they can still access it directly. I don't know how (guesswork?) they would find the direct URL anyway, but the client wants it stopped! Thanks for any help.

    Read the article

  • PHP hashing function not working properly

    - by Jordan Foreman
    So I read a quick PHP login system securing article, and was trying to sort of duplicate their hashing method, and during testing, am not getting the proper output. Here is my code: function decryptPassword($pw, $salt){ $hash = hash('sha256', $salt . hash('sha256', $pw)); return $hash; } function encryptPassword($pw){ $hash = hash('sha256', $pw); $salt = substr(md5(uniqid(rand(), true)), 0, 3); $hash = hash('sha265', $salt . $hash); return array( 'salt' => $salt, 'hash' => $hash ); } And here is my testing code: $pw = $_GET['pw']; $enc = encryptPassword($pw); $hash = $enc['hash']; $salt = $enc['salt']; echo 'Pass: ' . $pw . '<br />'; echo 'Hash: ' . $hash . '<br />'; echo 'Salt: ' . $salt . '<br />'; echo 'Decrypt: ' . decryptPassword($hash, $salt); Now, the output of this should be pretty obvious, but unfortunately, the $hash variable always comes out empty! I'm trying to figure out what the problem could be, and my only guess would be the second $hash assignment line in the encryptPassword(..) function. After a little testing, I've determined that the first assignment works smoothly, but the second does not. Any suggestions? Thanks SO!

    Read the article

  • C# hash password create salt question

    - by 5YrsLaterDBA
    If I create salt by using something like this: public class User { private const int Hash_Salt_Length = 8; private byte[] saltBytes = new byte[Hash_Salt_Length]; public User() { RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); rng.GetNonZeroBytes(saltBytes); } .... } The saltBytes bytes array will be different for each session (restart the application). How can I check password to allow user login our application?

    Read the article

  • How to implement Administrator rights in Java Application?

    - by Yatendra Goel
    I am developing a Data Modeling Software that is implemented in Java. This application converts the textual data (stored in a database) to graphical form so that users can interpret the data in a more efficient form. Now, this application will be accessed by 3 kinds of persons: 1. Managers (who can fill the database with data and they can also view the visual form of the data after entering the data into the database) 2. Viewers (who can only view the visual form of data that has been filled by managers) 3. Administrators (who can create and manage other administrators, managers and viewers) Now, how to implement 3 diff. views of the same application. Note: Managers, Viewers and Administrators can be located in any part of the world and should access the application through internet. One idea that came in my mind is as follows: Step1: Code all the business logic in EJBs so that it can be used in distributed environment (means which can be accessed by several users through internet) Step2: Code 3 Swing GUI Clients: One for administrators, one for managers and one for viewers. These 3 GUI clients can access business logic written in EJBs. Step3: Distribute the clients corresponding to their users. For instance, manager client to managers. =================================QUESTIONS======================================= Q1. Is the above approach is correct? Q2. This is very common functionality that various softwares have. So, Do they implement this kind of functionality through this way or any other way? Q3. If any other approach would be more better, then what is that approach?

    Read the article

  • Determining when or when not to escape output

    - by Ygam
    I have a page, where I have approximately 90 items I need to output. Most of them are object properties (I am using ORM so these objects map to my database tables). But the question is, do I have to escape each of those 90 outputs by applying functions to each (in my case, the htmlspecialchars)? Wouldn't that add a bit of an overhead (calling a single function 90 times)?

    Read the article

  • Can I use encrypt web.config with a custom protection provider who's assembly is not in the GAC?

    - by James
    I have written a custom protected configuration provider for my web.config. When I try to encrypt my web.config with it I get the following error from aspnet_iisreg aspnet_regiis.exe -pef appSettings . -prov CustomProvider (This is running in my MSBuild) Could not load file or assembly 'MyCustomProviderNamespace' or one of its dependencies. The system cannot find the file specified. After checking with the Fusion log, I confirm it is checking both the GAC, and 'C:/WINNT/Microsoft.NET/Framework/v2.0.50727/' (the location of aspnet_iisreg). But it cannot find the provider. I do not want to move my component into the GAC, I want to leave the custom assembly in my ApplicationBase to copy around to various servers without having to pull/push from the GAC. Here is my provider configuration in the web.config. <configProtectedData> <providers> <add name="CustomProvider" type="MyCustomProviderNamespace.MyCustomProviderClass, MyCustomProviderNamespace" /> </providers> </configProtectedData> Has anyone got any ideas?

    Read the article

  • Is it immoral to put a captcha on a login form?

    - by azkotoki
    In a recent project I put a captcha test on a login form, in order to stop possible brute force attacks. The immediate reaction of other coworkers was a request to remove it, saying that it was inapropiate for that purpose, and that it was quite exotic to see a captcha in that place. I've seen captcha images on signup, contact, password recovery forms, etc. So I personally don't see inapropiate to put a captcha also on a place like that. Well, it obviously burns down usability a little bit, but it's a matter of time and getting used to it. With the lack of a captcha test, one would have to put some sort of blacklist / account locking mechanism, which also has some drawbacks. Is it a good choice for you? Am I getting somewhat captcha-aholic and need some sort of group therapy? Thanks in advance.

    Read the article

  • How to remove dangerous characters(ie script tags)?

    - by chobo2
    I am wondering is there any sort of C# class or 3rd party library that removes dangerous characters such as script tags? I know you can use regex but I also know people can write their script tags so many ways that you can fool the regex into thinking it is OK. I also heard that HTML Agility Pack is good so I am wondering is there any script removal class made for it?

    Read the article

  • Automatic User Authentication Framework for Controllers in ASP.NET MVC?

    - by Austin
    In rails I could do something like this to make sure a user is authenticated before accessing an action in the controller: before_filter :checked_logged_in, :only => [:edit, :update] I was wondering if ASP.NET MVC had something similar or if there was a framework out there that could essentially do something like the following: For certain methods with actions that take a certain parameter, I want to point the action to a method, check to see if the user owns that object, and if so, proceed to the controller action. If not, I want to redirect him to another action where I can show him he has invalid credentials. So basically I am looking for a sort of "before_filter." Anyone know of anything out there that can do this? Thanks!

    Read the article

  • MS Access: Permission problems with views

    - by Keith Williams
    "I'll use an Access ADP" I said, "it's only a tiny project and I've got better things to do", I said, "I can build an interface really quickly in Access" I said. </sarcasm> Sorry for the rant, but it's Friday, I have a date in just under two hours, and I'm here late because this just isn't working - so, in despair, I turn to SO for help. Access ADP front-end, linked to a SQL Server 2008 database Using a SQL Server account to log into the database (for testing); this account is a member of the role, "Api"; this role has SELECT, EXECUTE, INSERT, UPDATE, DELETE access to the "Api" schema The "Api" schema is owned by "dbo" All tables have a corresponding view in the Api schema: e.g. dbo.Customer -- Api.Customers The rationale is that users don't have direct table access, but can deal with views as if they were tables I can log into SQL using my test login, and it works fine: no access to the tables, but I can select, insert, update and delete from the Api views. In Access, I see the views, I can open them, but whenever I try to insert or update, I get the following error: The SELECT permission was denied on the object '[Table name which the view is using]', database '[database name]', schema 'dbo' Crazy as it sounds, Access seems to be trying to access the underlying table rather than the view. Any ideas?

    Read the article

  • Can a proxy server cache SSL GETs? If not, would response body encryption suffice?

    - by Damian Hickey
    Can a (||any) proxy server cache content that is requested by a client over https? As the proxy server can't see the querystring, or the http headers, I reckon they can't. I'm considering a desktop application, run by a number of people behind their companies proxy. This application may access services across the internet and I'd like to take advantage of the in-built internet caching infrastructure for 'reads'. If the caching proxy servers can't cache SSL delivered content, would simply encrypting the content of a response be a viable option? I am considering all GET requests that we wish to be cachable be requested over http with the body encrypted using asymmetric encryption, where each client has the decryption key. Anytime we wish to perform a GET that is not cachable, or a POST operation, it will be performed over SSL.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 179 180 181 182 183 184 185 186 187 188 189 190  | Next Page >