Search Results

Search found 30932 results on 1238 pages for 'rogue security software'.

Page 298/1238 | < Previous Page | 294 295 296 297 298 299 300 301 302 303 304 305  | Next Page >

• How are CD Keys generated?

  - by The Rook

  CD Keys are the defacto-standard as an anti-piracy measure. To be honest this strikes me as Security Though Obscurity, although I really have no idea how CD Keys are generated. What is a good (secure) example of CD Key generation? What cryptographic primitive (if any) are they using? Is it a message digest? If so what data would they be hashing? What methods do developers employ to make it difficult for crackers to build their own key generators?

  Read the article

• Html encoding in MVC input

  - by fearofawhackplanet

  I'm working through NerdDinner and I'm a bit confused about the following section... First they've added a form for creating a new dinner, with a bunch of textboxes delcared like: <%= Html.TextArea("Description") %> They then show two ways of binding form input to the model: [AcceptVerbs(HttpVerbs.Post)] public ActionResult Create() { Dinner dinner = new Dinner(); UpdateModel(dinner); ... } or: [AcceptVerbs(HttpVerbs.Post)] public ActionResult Create(Dinner dinner) { ... } Ok, great, that all looks really easy so far. Then a bit later on they say: It is important to always be paranoid about security when accepting any user input, and this is also true when binding objects to form input. You should be careful to always HTML encode any user-entered values to avoid HTML and JavaScript injection attacks Huh? MVC is managing the data binding for us. Where/how are you supposed to do the HTML encoding?

  Read the article

• How to design Character,Game Background.,Which Software to use?

  - by TicTech

  Yesterday i Downloaded 4 GB of Videos & ZBrush for Character design but now i realize that i want to make 2D Character and background for my Android Game. so it was a waste for me i don't want to waste my other bandwidth and my Energy on some other Tut. So i am Here for a advice my Question is. 1.Which software to draw and color Character, making Background ? 2.Is there any Video Tut or Ebook for the software to draw Character .i know Basic of Photoshop i learned from Lynda Please help me i am experienced in Android SDK so that's not a prob. for me but in designing i don't know anything any Help will be Really Appreciated Thanks.

  Read the article

• Reason to use more cookies than just a session hash for authentication?

  - by dierre

  I usually hang out in a community using vBulletin as its bulletin board. I was looking at what this software saves as cookie in my browser. As you can see it saves 6 cookies. Amongst them, what I consider to be important for authentification are: ngivbsessionhash: hash of the current session ngivbpassword: hash of the password ngivbuserid: user's id Those are my assumptions of course. I don't know for sure if ngilastactivity and ngilastvisit are used for the same reason. My question is: why use all these cookie for authentication? My guess would be that maybe generating a session hash would be to easy so using the hashedpassword and userid adds security but what about cookie spoofing? I'm basically leaving on the client all fundamental informations. What do you think?

  Read the article

• The risk of granting to IUSR* NTFS permissions on a folder on the server

  - by vtortola

  I have two web applications that must share a file in the server file system. Both apps are inside of "Inetpub\wwwroot". The file cannot be accessed freely from outside, so it is in a folder out of "Inetpub". I have granted full NTFS permissions to the user "IUSR_whatever" (is the user that runs IIS in anonymous requests) in that folder. The folder has only that file, and has no other use. It works so far :) But, what is the risk? what should I be afraid of? As I see it, as long the folder is out of the "InetPub" cannot be accessed, and as long the apps don't have any security flaw like "path traversal" or server side code injection, it should be safe enough.... But I'm always keen to be wrong :) What do you think? May the file or even the server itself get compromised because of this? Thanks.

  Read the article

• What is a good time/task tracking software to use when consulting?

  - by NeoModulus

  I am looking for time tracking software to use as an individual consulting on multiple projects at once. The projects I work on are billable to different clients. Some clients are billed on an hourly basis while others are billed on a project basis. I also track personal projects that may never produce income. I need to be able to track the time down to the individual task level. I am looking for software that is easy to use, cost effective, easy to invoice out of and has data mining reports.

  Read the article

• Is there anything software-related I can do, to make ubuntu play high-quality mkv files smoothely?

  - by Roy

  I've noticed that beyond let's say..a 20 MB/s bitrate, a movie would lag, played on my laptop.. It results in me missing the highest bitrated scenes of a movie.. And sometimes having to compromise for watching the movie at a lesser quality.. I was wondering if there's anything I can do software-wise to play movies smoothley..? At the moment Ubuntu is installed with all the default settings on an 60GB SSD I use VLC ofcourse.. I also have 2 1TB HDD - maybe I can use them as pagefiles? I don't really know alot about this so maybe this is irrelevant.. I took the laptop battery out since it was dead..but I think this is also irrelevant.. would appriciate a response, even if there's nothing that can be done software-wise :)

  Read the article

• does it make sense to send password information during email communication from websites

  - by Samuel

  Most of the online sites on registration do send a link to activate the site and on any further correspondence with the end user they provide information about the site and also provide the login credentials with password in clear text (as given below) Username - [email protected] Password - mysecretpassword What would you do in such a case? From a usability perspective does it make sense to send the password information in clear text or should you just avoid sending this information. I was under the impression that most of the passwords are MD5 hashed before storing in the database and hence the service provider will not have any access to clear text passwords, is this a security violation?

  Read the article

• URIs vs Hidden Forms

  - by NateDogg

  I'm working in the Codeigniter framework, and want to send requests to my controller/model that have several variables involved. Is there a difference between passing those variables via a hidden form (i.e. using "post") as opposed to passing them through URIs (e.g. 'travel/$month/$day/')? What about security concerns? e.g. URIs: http://www.example.com/travel/$month/$day/ Hidden Form: form_hidden('month',$month); form_hidden('day',$day);

  Read the article

• Web Application - Authentication / Login Framework

  - by user456563

  This is a very simple, probably a most asked question and frequently developed as part of any web application. Say I'm planning to build a web application and some of the functional requirements include (apart from the usual hard hitting security reqs), - Need to have users sign up for a new account profile - Authenticate user using the native app authentication / Facebook or Google or Yahoo or OpenId login - Allow lost password retrieval - Session handling needs Is there an out of the box frameworks (Drupal, Liferay??) that I can use to wrap my application which can be a bunch of JSP's or HTML's with JS? I know I'm asking a very simple and maybe a naive question. But this is a topic every web developer guru will go thru. Any help, advise and pointers much appreciated.

  Read the article

• WYSIWYG-editor with "add custom html feature" and secure (validated) html output?

  - by Tom

  I've been looking into some of the WYSIWYG editors (TinyMCE, FCKEditor, etc.) and they all seem to offer a lot of options. However, one vital feature that seems to lack is a simple "add custom html" option which would allow the user to input any of these embed-snippets you find all around the web these days, for example a youtube video. This is different than a "edit html/source" feature as that requires actual knowledge of html and there is the risk of the user writing invalid code. Another issue that I couldn't find much about is the output html. How would I make sure that this output causes no security invulnerabilities? Even when the user has the ability to add his own html? So, basically, is there an open source WYSIWYG editor which covers these 2 features?

  Read the article

• Sending passwords over the web

  - by Falmarri

  So I'm working on a mobile platform application that I'd like to have users authenticate over the web. I was wondering the best way to do security. The user is sending a password for HTTP to a php server wich authenticates against a mysql database on the same server. Obviously I don't want to send the password in plain text over the internet, but I also don't want to do 2 SHA hashes. This is what the server looks like (in pseudocode) $pass = $_POST['pass']; if ((get PASSWORD where USERNAME = USERNAME) == SHA($pass)) return PASS; This is pretty standard and I don't think there's any other way to do this. But I was wondering how I should prepare the data before sending it over the internet.

  Read the article

• Is there a formal name for gradually initiating software changes?

  - by g .

  At times when we develop new features or functionality, we gradually "turn it on" to ensure a smooth transition and minimal impact for users. Instead of one big sudden change, we are able to control with the configuration aspects of the functionality that make it more or less intrusive to the user. This is all done in the same release/version of the software, so no software development changes are required (unless bugs turn up that need to be fixed). For example, initially we may only perform logging or analysis of data without acting upon it. Or we make something optional for a period of time before it becomes compulsory. The idea is that this reduces the potential for problems either on the technical side as well as unexpected changes by the user. The question is, is there a formal name for this approach?

  Read the article

• MD5 password twice

  - by NoviceCoding

  I know MD5's safety is under question lately and this is the reason a lot of people are using salt (I dont understand this at all btw) but I was wondering if you wanted to easily implement a safe system in php can you just md5 something twice? like test 098f6bcd4621d373cade4e832627b4f6 fb469d7ef430b0baf0cab6c436e70375 So basically: $val = 'test'; $val = md5($val); $val = md5($val); Would that solve the whole rainbow security stuff? Is there an easy/noob proof way of making secure database passwords in php?

  Read the article

• I'm trying to implement 2 factor authentication on the cheap. How would I do that?

  - by Biff MaGriff

  Ok so I need 2 of the 3. Something the user knows. Something the user has. Something the user is. I have a system that is exposed to the internet and we need clients to connect in a secure manner to satisfy our security standards. I'm thinking when a user registers to use our system we send them an application that they install on their home system. The application generates a key based on a timed randomness algorithm. Our application server has the same algorithm so when the user submits their credentials with the key we know that they are a legitimate user. Is this a valid method of 2 factor authentication? What is another way of doing this? Are there any pitfalls that I should be aware of? Thanks for your help!

  Read the article

• Is there a way to develop desktop software using PHP?

  - by user1492018

  I have to develop a real estate marketing CRM software for my client - where the application is installed on desktop but can also be accessed from web. 2 reasons why they want the application to run from desktop : So that it can work with/without internet connection They don't want their complete data to be online They want to access few of the data like property listing & inquiries (managed from desktop application) from their website through secure login & password. The data that is entered in desktop application should be automatically synchronized with the website application. I was wondering if there is a way to develop this kind of software using PHP & MySQL. If yes, it will be great if anyone can provide me the referral link.Else please suggest, which language should I use.

  Read the article

• Where to find current information on quality of released games as software products?

  - by Tom

  As a gamer, one thing I have learned I need to be savvy about is knowing whether SomeBigGame is actually unstable or otherwise problematic as a piece of software (riddled with invasive DRM products, only runs well on a particular video driver version, crashes on non-English-language systems, etc.). I know that game news media can sometimes be relied upon to report on some problems, but I doubt they bother to cover smaller or indie titles. An example: I've started playing Transformice on Kongregate, and I'm considering installing the downloadable client (it is an online multiplayer game). The part of me that cares about data privacy and maintaining a clean-and-healthy PC wants to know whether there is a place I can check to find out more about a title-as-software than "it is not a literal virus." Put another way: where would you not want to see your game receive lots of attention?

  Read the article

• Sql server execute permission; failure to apply permissions

  - by WestDiscGolf

  I've just migrated from SQL2000 to SQL2008 and I have started getting an execute permission issue on a stored proc which uses sp_OACreate. The rest of the system works fine with the db login which has been setup and added to the database. I've tried: USE master GO GRANT EXEC ON sp_OACreate TO [dbuser] GO But this fails with the following error: Msg 15151, Level 16, State 1, Line 1 Cannot find the user 'dbuser', because it does not exist or you do not have permission. I'm logged into the server as sa with full permissions. I can execute a similar sql statement and apply the permissions to a server role, however not a login/user. How do I apply the changes to the specific user/login? I can apply the permissions to the public role and it resolves my issue; however this seems to be a security issue to me which I don't really want to apply to the live server.

  Read the article

• REGISTER NOW! ORACLE HARDWARE SALES TRAINING: HARDWARE AND SOFTWARE - ENGINEERED TO BE SOLD TOGETHER!

  - by mseika

  REGISTER NOW!ORACLE HARDWARE SALES TRAINING: HARDWARE AND SOFTWARE - ENGINEERED TO BE SOLD TOGETHER! Dear partner You can now register for Oracle's EMEA Hardware Sales Training Roadshow: "Hardware and Software - Engineered to be sold together!"The objective of this one-day, face-to-face, free of charge training session is to share with you and your Oracle peers the latest information on Oracle's products and solutions and to ensure that you are fully equipped to position and sell Oracle's integrated stack. Please find the agenda, schedule details and registration information here.The seats are limited and available on a first-come-first-serve basis. We recommend you to register yourself as early as possible and reserve your seat.Register Now We hope you will take the maximum advantage of these great learning and networking opportunities and look forward to welcoming you to your nearest event! Best regards, Giuseppe FacchettiPartner Business Development Manager,Servers, Oracle EMEA Sasan MoaveniStorage Partner Sales ManagerOracle EMEA

  Read the article

• What do Embedded Software Developers do on a day to day basis?

  - by afree100

  Edit: I am not asking how to program embedded systems. I am asking how it is done in a practical business setting. I have searched for hours for information on what software developers actually do. More specifically, what coding challenges would one experience daily (e.g. code examples (although obviously not too large), specifics)? I am interested in Linux based embedded systems mainly, but any software development would be helpful (in the C/C++/Assembly areas). Also, regarding this, a distinction between junior, intermediate and senior developers would be helpful. Also, what is the best place to prepare for such things before getting a job for the first time?

  Read the article

• Securing an ajax request

  - by asdasdsa

  i have a website that uses session cookies for security. it works fine and all, but any ajax requests right now are not secure. example being lets say a user is on a page. they can only get to this page if they are logged in with a session - so far so good. but now the ajax request they ask for is ajaxpages/somepage.php?somevar=something&anothervar=something if any other user decides to just go to that link themselves (without a session) they still get the same ajax output that was meant for logged in people. so obviously im going to have to pass session data across when i send an ajax request. anyone have any tips for the best way of doing this? ive never done this before and would rather use trusted methods than make up my own.

  Read the article

• Les décideurs IT s'occupent-ils assez de la sécurité des appareils nomades ? Absolute Software sort un classement des vols les plus insolites

  Absolute Software sort un classement des vols d'ordinateurs les plus insolites Les décideurs IT s'occupent-ils assez de la sécurité des terminaux nomades ? Absolute Software, spécialiste canadien des solutions anti-vols des ordinateurs portables, vient de publier une bien curieuse rétrospective de l'année 2010. L'entreprise dresse en effet le top 5 des histoires de vol les plus insolites de l'année, des histoires qui finissent bien, et ce, bien entendu, grâce à ses solutions anti-vols. L'histoire sacrée la plus insolite est celle d'un acheteur malchanceux qui acquière un ordinateur portable d'occasion ? volé. L'acheteur se rend chez un ami policier afin d'utiliser s...

  Read the article

• Established javascript solution for secure registration & authentication without SSL

  - by Tomas

  Is there any solution for secure user registration and authentication without SSL? With "secure" I mean safe from passive eavesdropping, not from man-in-the-middle (I'm aware that only SSL with signed certificate will reach this degree of security). The registration (password setup, i.e. exchanging of pre-shared keys) must be also secured without SSL (this will be the hardest part I guess). I prefer established and well tested solution. If possible, I don't want to reinvent the wheel and make up my own cryptographic protocols. Thanks in advance.

  Read the article

• REGISTER NOW! ORACLE HARDWARE SALES TRAINING: HARDWARE AND SOFTWARE - ENGINEERED TO BE SOLD TOGETHER!

  - by mseika

  REGISTER NOW!ORACLE HARDWARE SALES TRAINING: HARDWARE AND SOFTWARE - ENGINEERED TO BE SOLD TOGETHER! Dear partner You can now register for Oracle's EMEA Hardware Sales Training Roadshow: "Hardware and Software - Engineered to be sold together!"The objective of this one-day, face-to-face, free of charge training session is to share with you and your Oracle peers the latest information on Oracle's products and solutions and to ensure that you are fully equipped to position and sell Oracle's integrated stack. Please find the agenda, schedule details and registration information here.The seats are limited and available on a first-come-first-serve basis. We recommend you to register yourself as early as possible and reserve your seat.Register Now We hope you will take the maximum advantage of these great learning and networking opportunities and look forward to welcoming you to your nearest event! Best regards, Giuseppe FacchettiPartner Business Development Manager,Servers, Oracle EMEA Sasan MoaveniStorage Partner Sales ManagerOracle EMEA

  Read the article

• Can Spring access-denied-handler refer to popup?

  - by Rens Groenveld

  I am working with Spring Security 3.1.x and have implemented method annotation securities. As I want, when I perform a certain action while being logged in as a used that doesn't have the rights, I get a 403 acces is denied in my console! Perfect! Now I would like to catch this 403, and give the user a popup with a custom message. I don't want to redirect users to a page saying that they have no rights. Is there any way the access-denied-handler of Spring can take care of a popup? Or can it only redirect to another page? Maybe there are other options for me? Thanks in advance!

  Read the article

< Previous Page | 294 295 296 297 298 299 300 301 302 303 304 305  | Next Page >