Search Results

Search found 19179 results on 768 pages for 'ms security essentials'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 243/768 | < Previous Page | 239 240 241 242 243 244 245 246 247 248 249 250  | Next Page >

  • How can I create and use a web service in public but still restrict its use to only my app?

    - by Glenn
    I'm creating a web service with create/update/delete calls. But for now I'd like to restrict use of it on my own web app and no other clients. How can I have clear text javascript code that makes these calls but still be confident the credentials won't be used elsewhere? My idea is to use server side generated nonces for each request. But I am open to different ideas you guys may have. Thanks.

    Read the article

  • Should I convert overlong UTF-8 strings to their shortest normal form?

    - by Grant McLean
    I've just been reworking my Encoding::FixLatin Perl module to handle overlong UTF-8 byte sequences and convert them to the shortest normal form. My question is quite simply "is this a bad idea"? A number of sources (including this RFC) suggest that any over-long UTF-8 should be treated as an error and rejected. They caution against "naive implementations" and leave me with the impression that these things are inherently unsafe. Since the whole purpose of my module is to clean up messy data files with mixed encodings and convert them to nice clean utf8, this seems like just one more thing I can clean up so the application layer doesn't have to deal with it. My code does not concern itself with any semantic meaning the resulting characters might have, it simply converts them into a normalised form. Am I missing something. Is there a hidden danger I haven't considered?

    Read the article

  • CSRF protecting and cross site form access

    - by fl00r
    Hi. I aw working on cross site authentication (some domains have got common authentication). So I want to send authentication data (login, password) to main domain from others. How should I use protect_from_forgery and how can I check if data received from valid domain? What I am thinking now is to turn off protect_from_forgery for session controller and check domain name of received data. But maybe I can configure CSRF protection for not only one domain?

    Read the article

  • SimpleMembership updating the "isconfirmed" flag

    - by Vijay V
    My Users table (the one that I created) has the following columns: UserId,UserName,FirstName,LastName,DOB After I ran this command WebSecurity.InitializeDatabaseConnection("DefaultConnection", "Users", "UserId", "UserName", autoCreateTables: true); it created the required simple membership tables for me. How would I go about "UnConfirming" an user or setting the "IsConfirmed" flag to false in the webpages_Membership using the new SimpleMembership API? (Earlier, before going to simplemembership using the "Membership" class I could update an user using the api call : Membership.UpdateUser( user );)

    Read the article

  • What's the best, Escape then store Or store then escape the output?

    - by Axel
    Hi, After doing a long search on stackoverflow i didn't find any one talked about this even if it's a big choice, the Question is what's the best in order to prevent both of XSS and SQL injection, Escaping the data then store it in the DB or Store it as it is and escape when output it? Note: it is better if you give some examples of practics if possible. Thanks

    Read the article

  • Is it safe to read regular expressions from a file?

    - by Zilk
    Assuming a Perl script that allows users to specify several text filter expressions in a config file, is there a safe way to let them enter regular expressions as well, without the possibility of unintended side effects or code execution? Without actually parsing the regexes and checking them for problematic constructs, that is. There won't be any substitution, only matching. As an aside, is there a way to test if the specified regex is valid before actually using it? I'd like to issue warnings if something like /foo (bar/ was entered. Thanks, Z. EDIT: Thanks for the very interesting answers. I've since found out that the following dangerous constructs will only be evaluated in regexes if the use re 'eval' pragma is used: (?{code}) (??{code}) ${code} @{code} The default is no re 'eval'; so unless I'm missing something, it should be safe to read regular expressions from a file, with the only check being the eval/catch posted by Axeman. At least I haven't been able to hide anything evil in them in my tests. Thanks again. Z.

    Read the article

  • How to secure phpMyAdmin

    - by Andrei
    Hi, I have noticed that there are strange requests to my website trying to find phpmyadmin, like /phpmyadmin/ /pma/ etc. Now I have installed PMA on Ubuntu via apt and would like to access it via webaddress different from /phpmyadmin/. What can I do to change it? Thanks

    Read the article

  • is it safe to call "plink.exe" in an application

    - by EBAGHAKI
    i want to use "plink.exe -u username -pw securepassword" on my windows visual c++ program. will username and password remain safe while calling this command? I mean can a hacker steal or sniff the username and password? (consider hacker can't get to the password directly from the exe file)

    Read the article

  • Too much data for RSA block fail. What is PKCS#7?

    - by Tom Brito
    Talking about javax.crypto.Cipher; I was trying to encrypt data using Cipher.getInstance("RSA/None/NoPadding", "BC"); but I got the exception: ArrayIndexOutOfBoundsException: too much data for RSA block Looks like is something related to the "NoPadding", so, reading about padding, looks like CBC is the best approach to use here. I found at google something about "RSA/CBC/PKCS#7", what is this "PKCS#7"? And why its not listed on sun's standard algorithm names?

    Read the article

  • Should I Use Anchor, Button Or Form Submit For "Follow" Feature In Rails

    - by James
    I am developing an application in Rails 3 using a nosql database. I am trying to add a "Follow" feature similar to twitter or github. In terms of markup, I have determined that there are three ways to do this. 1) Use a regular anchor. (Github Uses This Method) <a href="/users/follow?target=Joe">Follow</a> 2) Use a button. (Twitter Uses This Method) <button href="/friendships/create/">Follow</button> 3) Use a form with a submit button. (Has some advantages for me, but I haven't see anyone do it yet.) <form method="post" id="connection_new" class="connection_new" action="/users/follow"> <input type="hidden" value="60d7b563355243796dd8496e17d36329" name="target" id="target"> <input type="submit" value="Follow" name="commit" id="connection_submit"> </form> Since I want to store the user_id in the database and not the username, options 1 and 2 will force me to do a database query to get the actual user_id, whereas option 3 will allow me to store the user_id in a hidden form field so that I don't have to do any database lookups. I can just get the id from the params hash on form submission. I have successfully got each of these methods working, but I would like to know what is the best way to do this. Which way is more semantic, secure, better for spiders, etc...? Is there a reason both twitter and github don't use forms to do this? Any guidance would be appreciated. I am leaning towards using the form method since then I don't have to query the db to get the id of the user, but I am worried that there must be a reason the big guys are just using anchors or buttons for this. I am a newb so go easy on me if I am totally missing something. Thanks!

    Read the article

  • Javascript CS-PRNG - 64-bit random

    - by Jack
    Hi, I need to generate a cryptographically secure 64-bit unsigned random integer in Javascript. The first problem is that Javascript only allows 64-bit signed integers, so 9223372036854775808 is the biggest supported integer without going into floating point use I think? To fix this I can use a big number library, no problem. My Method: var randNum = SHA256( randBigInt(128, 0) ) % 2^64; Where SHA256() is a secure hash function and randBigInt() is defined below as a non-crypto PRNG, im giving it a 128bit seed so brute force shouldn't be a problem. randBigInt(n,s) //return an n-bit random BigInt (n>=1). If s=1, then the most significant of those n bits is set to 1. Is this a secure method to generate a cryptographically secure 64-bit random int? And importantly does taking the 2^64 mod guarantee 100% I have a 64-bit number? An abstract example, say this number is prime (it isn't i know), I will use it in the Galois Field [2^p], where p must be 64bits so that every possible 1-63bit number is a field element. In this query, my random int must be larger than any 63-bit number. And Im not sure im correct in taking the 2^64 mod of a 256bit hash output. Thanks (hope that makes sense)

    Read the article

  • Prevent strings stored in memory from being read by other programs

    - by Roy
    Some programs like ProcessExplorer are able to read strings in memory (for example, my error message written in the code could be displayed easily, even though it is compiled already). Imagine if I have a password string "123456" allocated sequentially in memory. What if hackers are able to get hold of the password typed by the user? Is there anyway to prevent strings from being seen so clearly? Oh yes, also, if I hash the password and sent it from client to server to compare the stored database hash value, won't the hacker be able to store the same hash and replay it to gain access to the user account? Is there anyway to prevent replaying? Thank You!

    Read the article

  • c# Sending emails with authentication. standard approach not working

    - by Ready Cent
    I am trying to send an email using the following very standard code. However, I get the error that follow... MailMessage message = new MailMessage(); message.Sender = new MailAddress("[email protected]"); message.To.Add("[email protected]"); message.Subject = "test subject"; message.Body = "test body"; SmtpClient client = new SmtpClient(); client.Host = "mail.myhost.com"; //client.Port = 587; NetworkCredential cred = new NetworkCredential(); cred.UserName = "[email protected]"; cred.Password = "correct password"; cred.Domain = "mail.myhost.com"; client.Credentials = cred; client.UseDefaultCredentials = false; client.Send(message); Mailbox unavailable. The server response was: No such user here. This recipient email address definitely works. To make this account work I had to do some special steps in outlook. Specifically, I had to do change account settings - more settings - outgoing server - my outgoing server requires authentication & use same settings. I am wondering if there is some other strategy. I think the key here is that my host is Server Intellect and I know that some people on here use them so hopefully someone else has been able to get through this. I did talk to support but they said with coding issues I am on my own :o

    Read the article

  • mysqli_stmt_bind_param SQL Injection

    - by profitphp
    Is there still an injection risk when using prepared statements and mysqli_stmt_bind_param? For example: $malicious_input = 'bob"; drop table users'; mysqli_stmt_bind_param($stmt, 's', $malicious_input); Behind the scenes does mysqli_stmt_bind_param pass this query string to mysql: SET @username = "bob"; drop table users"; Or does it perform the SET command through the API, or use some type of protection to keep this from happening?

    Read the article

  • Attack from anonymous proxy

    - by mmgn
    We got attacked by some very-bored teenagers registering in our forums and posting very explicit material using anonymous proxy websites, like http://proxify.com/ Is there a way to check the registration IP against a black list database? Has anyone experienced this and had success?

    Read the article

  • Self-signed ceritificates for many users/browsers/sites

    - by Demiurg
    Here is my problem - I have a lot of users using different browsers accessing many internal web sites using https. I can create my own Certificate Authority, than create a certificate for each server and after that have all the users import it. Obviously, it cannot work in reality - there are too many users and too many sites, and some sites will be added in the future. I'm looking for a way to automate this. Is there a way to create a certificate so that all major browsers (IE, FF, Opera, Chrome and Safari) would trust it for all servers ? If so, what is the best way to install it automatically in all major browsers ?

    Read the article

  • Read/Write versus Create/Read/Update/Delete permissions difference

    - by archmeta
    From a practical standpoint, is there any real-world difference between Read/Write permissions and Create/Read/Update/Delete permissions? It would seem that if a user had the ability to 'create', he should always have the ability to 'update' or 'delete'? If this is correct, then read/write should always be sufficient, and there is no need to store separate Create/Read/Update/Delete permissions? Are there any real-world use cases in which a user should be given permissions to create but not update, or update but not delete, etc...?

    Read the article

  • Facebook javascript in address bar, possible to replicate?

    - by DoMx
    This is my first experience with stackoverflow and I'm afraid my question asks of a lot for a first. I was looking at this thread: http://stackoverflow.com/questions/2634159/javascrypt-in-the-adress-bar-is-this-malicious and as you will see SLaks has very kindly deobfuscated the javascript and left us with what appears as the Javascript behind the automatic facebook invite code. As I'm fairly new to javascript, I was wondering, what other components were needed to get this code to work? You of course have the functions there and they are called by the obfuscated javascript but how exactly? Would it be possible to replicate this on a page of my own using the information available or is there more to this script I am missing? I am willing to financially assist somebody who could compile a solution for me. Thank you in advance.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 239 240 241 242 243 244 245 246 247 248 249 250  | Next Page >