Search Results

Search found 15914 results on 637 pages for 'physical security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 187/637 | < Previous Page | 183 184 185 186 187 188 189 190 191 192 193 194  | Next Page >

  • Secure C# Assemblies from unauthorized Callers

    - by Creepy Gnome
    Is there any way to secure your assembly down to the class/property & class/method level to prevent the using/calling of them from another assembly that isn't signed by our company? I would like to do this without any requirements on strong naming (like using StrongNameIdentityPermission) and stick with how an assembly is signed. I really do not want to resort to using the InternalsVisibleTo attribute as that is not maintainable in a ever changing software ecosystem. For example: Scenario One Foo.dll is signed by my company and Bar.dll is not signed at all. Foo has Class A Bar has Class B Class A has public method GetSomething() Class B tries to call Foo.A.GetSomething() and is rejected Rejected can be an exception or being ignored in someway Scenario Two Foo.dll is signed by my company and Moo.dll is also signed by my company. Foo has Class A Moo has Class C Class A has public method GetSomething() Class C tries to call Foo.A.GetSomething() and is not rejected

    Read the article

  • Is there a way to test my nonce validation fails when it should?

    - by MrsLannister
    I'm using nonce validation in a wordpress plugin. When I submit the form from the admin menu it processes correctly, so I believe the nonce validation is working. What I'm not sure is if the validation will fail when it is supposed to and I don't know what the best way to test this is. I tried putting the url for the php file in directly, but all it does it take me to a wordpress not found page. Is there some recommended way to test this? Here is my code. Again, the test passes when it is supposed to, I just don't know if it fails when it is supposed to. if ( !wp_verify_nonce( $ecbs_post_data['_wpnonce'], 'ecbs-edit-templates' ) ) { wp_die( __( 'You do not have permission to update this page.' ) ); }

    Read the article

  • In Rails, what could cause a user to have another user's session?

    - by DavidNorth
    I have a Rails application using with an authentication system using Restful Authentication without any modification. Users have reported finding themselves logged in as the wrong user. In at least one case it was on their very first page view, never having logged in before. Is it possible their session ids are getting mixed up? Would switching to CookieStore make it impossible for this to happen since no session data is stored on the server this way? I suspect the problem is related to Passenger but I don't know where to start debugging this. Its only happened about 4 times in several months of being live so its virtually impossible to reproduce. Environment: ActiveRecord session storage Rails 2.2.2 Passenger 2.0.1 Apache 2 Ruby 1.8.6 Many thanks

    Read the article

  • Securing database keys for client-side processing

    - by danp
    I have a tree of information which is sent to the client in a JSON object. In that object, I don't want to have raw IDs which are coming from the database. I thought of making a hash of the id and a field in the object (title, for example) or a salt, but I'm worried that this might have a serious effect on processing overhead. SELECT * FROM `things` where md5(concat(id,'some salt')) = md5('1some salt'); Is there a standard practice for obscuring IDs in this kind of situation?

    Read the article

  • "slash before every quote" problem

    - by Camran
    I have a php page which contains a form. Sometimes this page is submitted to itself (like when pics are uploaded). I wouldn't want users to have to fill in every field again and again, so I use this as a value of a text-input inside the form: value="<?php echo htmlentities(@$_POST['annonsera_headline'],ENT_COMPAT,'UTF-8');?>"> This works, except it adds a "\" sign before every double-quote... For instance writing 19" wheels gives after page is submitted to itself: 19\" wheels And if I don't even use htmlentities then everything after the quotes dissappears. What is the problem here?

    Read the article

  • What reasons are there NOT to use OpenID?

    - by cletus
    You see a fair bit (in the Geek community anyway) about OpenID. It seems like a good idea. I'm developing a website that will be targeted at a somewhat less geeky audience (but not quite Mom and Pops either) so I have to wonder if OpenID is going to be "too hard" for some audiences. What do you think? That aside, are there any other technical or non-technical reasons NOT to use OpenID?

    Read the article

  • Is it possible to password protect an SQL server database even from administrators of the server ?

    - by imanabidi
    I want to install an application (ASP.Net + SQL server 2005 express) in local network of some small company for demo but I also want nobody even sysadmin see anything direct from the database and any permission wants a secure pass . I need to spend more time on this article Database Encryption in SQL Server 2008 Enterprise Edition that i found from this answer is-it-possible-to-password-protect-an-sql-server-database but 1.I like to be sure and more clear on this because the other answer in this page says : Yes. you can protect it from everyone except the administrators of the server. 2.if this is possible, the db have to be enterprise edition ? 3.is there any other possible solutions and workaround for this? thanks in advance

    Read the article

  • What's the big deal with brute force on hashes like MD5

    - by Jan Kuboschek
    I just spent some time reading http://stackoverflow.com/questions/2768248/is-md5-really-that-bad (I highly recommend!). In it, it talks about hash collisions. Maybe I'm missing something here, but can't you just encrypt your password using, say, MD5 and then, say, SHA-1 (or any other, doesn't matter.) Wouldn't this increase the processing power required to brute-force the hash and reduce the possibility of collision?

    Read the article

  • Strongest cipher available to use with C/C++ ?

    - by George0x77
    I am just wondering if you are supposed to write a sort of really secure application with data being transmitted over insecure networks, what kind of encryption algorithm will you use it in order to make it safe ? I know several c++ libraries for encryption providing nice functions with different algorithms, but i'm not quite sure which cipher to use - AES, DES, RSA, Blowfish or maybe something more different ? Please provide your ideas and suggestions. Thank you.

    Read the article

  • Where should I place a function that I want to run before the cached page is served (Drupal)

    - by kidbrax
    We have a intranet site that runs on Drupal. If an employee hits the site from outside our network they are required to login first. If they are already in our network, they can browse around freely. So we have a function that checks where they are coming from and redirects them to a login page if they are from outside. If we enable caching, they are not redirected because the cached page is rendered without running our function. The code currently exists inside of the theme_preprocess function. Where can I put it so that it always runs before the cached pages are served?

    Read the article

  • How can I cut down on this spam, and what is the point of it anyway?

    - by Steven
    I run a small, niche personal ads site. People post ads and then other people reply to them, which sends an email to the original creator of the ad telling them that someone is interested and giving them contact information for that interested person. Lately there's been some weird spam. People are receiving nonsense replies to their ads. Here is an example of one: Name: xkauwvyr Reply: vRYmbI <a href="http://rypmoxdkfblf.com/">rypmoxdkfblf</a>, url=http://pnjlwvhizwbq.com/]pnjlwvhizwbq[/url], [link=http://hmenwoujxrfv.com/]hmenwoujxrfv[/link], http://ogsekuhoyeud.com/ They vary in length and composition but they all look roughly like that. The first idea I had was to simply throw out any reply that contained the string " Also, is this spam just some ass playing a trick on my website, or is it something more malicious?

    Read the article

  • Captcha Decoded

    - by Web Lover
    Hi, I have seen some captchas being decode using javascript, php, etc. How do they do it? For example, very popular megaupload site's captcha has also been decoded.

    Read the article

  • Block upload of executable images (PHP)

    - by James Simpson
    It has come to my attention that a user has been trying to create an exploit through avatar image uploads. This was discovered when a user reported to me that they were getting a notice from their Norton Anti-virus saying "HTTP Suspicious Executable Image Download." This warning was referencing the user's avatar image. I don't think they had actually achieved anything in the way of stealing information or anything like that, but I assume it could be possible if the hole is left open long enough. I use PHP to upload the image files, and I check if the file being uploaded is a png, jpg, or gif.

    Read the article

  • Is there any way to view PHP code (the actual code not the compiled result) from a client machine?

    - by Columbo
    This may be a really stupid question...I started worrying last night that there might be someway to view PHP files on a server via a browser or someother means on a client machine. My worry is, I have an include file that contains the database username and password. If there were a way to put the address of this file in to a browser or some other system and see the code itself then it would be an issue for obvious reasons. Is this a legitimate concern? If so how do people go about preventing this?

    Read the article

  • SQL injection attempt on my server

    - by Jan Kuboschek
    I know a little about SQL injections and URL decode, but can someone who's more of an expert than me on this matter take a look at the following string and tell me what exactly it's trying to do? Some kid from Beijing a couple weeks ago tried a number of injections like the one below. %27%20and%20char(124)%2Buser%2Bchar(124)=0%20and%20%27%27=%27

    Read the article

  • securing a webservice for use from a custom iphone app only

    - by mme
    I want to create an iphone application which consists of two parts: The app itself and a server side component. On a users request, the app sends data to the server which is to be handled by human operators. To prevent abuse from an iphone app user, the id of the iphone is sent along with the request, and the operators can blacklist pranksters to deny their iphone access to the service. So far so good. Now the problem is: Someone could easily discover the address of the serverside component, and write a script to send bogus requests, using multiple IP addresses etc. So my question is: how can I defend myself against this? Captchas to protect against scripted attacks or requiring the user to register himself are not an option for this particular application. If I had control of the download, I would associate a unique ID with each downloaded app, but obviously this is not an option with the appstore. What would be your approach to make the server side part more secure?

    Read the article

  • Ways to restrict WCF Service so only our apps can access it.

    - by RP
    I have a public WCF Service. I have a WPF Desktop app & a silverlight app. My apps does not have any login requirements. I want to make it difficult for another developer / website to make use of my service. What's the best way to restrict access to my service? Use SSL and have the desktop / silverlight app store a token inside of it?

    Read the article

  • Email server; Is this method spam-safe?

    - by Camran
    I have a classifieds website, and on each classified there is a tip-form where users may tip a friend about the classified. The tip-forms' action is set to a php-page, which mails the email after sanitizing etc... I have to filter away spam etc so that my email-server don't get blacklisted or anything... I have my own server (VPS, Linux) and have thought about a solution... How does this sound to you: 1- Install a mail-server 2- Configure Firewall to ONLY allow connections to the mail-server from my website 3- Configure the mail-server so that a maximum of 'x' emails may be sent every 5 minutes or so 4- Create a php filter before sending the mail, which checks for 'bad' words. 5- If necessary, as last resort, ask the user a question (ex 5+5) before submitting form I would rather preferr if I didn't have to implement the 5th implementation above... What do you think? Also, another q I have that you may answer is: If an email-server gets blacklisted, is there any way to un-blacklist it? Or whats the solution if this happens? Thanks

    Read the article

  • Prevent Apache from answering invalid requests

    - by nickdnk
    I have an Apache web-server that acts as a web front-end for iPhone and iPad applications that communicate by POST and JSON only. Is there any way to prevent Apache from answering requests that are invalid? I can see my error log is filled with attempts to open files such as /admin.php /index.php etc - files that don't exist on my server. I believe this is possible with IIS, but can you do the same thing with Apache? Basically I want the request to appear timed out unless you post exactly the right content to the right file - or at least if you do not request an existing file. This would make the server appear non-existing to everyone but my iPhone users as all communication is SSL and directories are not really guess-able. I did disable the ServerTokens and all that, but I still get File not found etc. when I access the server requesting a random file, which is what these bots do constantly.

    Read the article

  • Authentication Sceme for RESTful API used by desktop app.

    - by user346087
    I'm providing a RESTful API. This API is used by a third party desktop application. The API is currently secured using Basic Authentication. That isn't very secure because the credentials have to be stored in the client application. The communication between the desktop and API can also easily be intercepter. The desktop application also communicates with a third party server (run by the publisher of the desktop application) I am unable to figure out how the secure the API in a good way. Ideas?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 183 184 185 186 187 188 189 190 191 192 193 194  | Next Page >