Search Results

Search found 30932 results on 1238 pages for 'rogue security software'.

Page 312/1238 | < Previous Page | 308 309 310 311 312 313 314 315 316 317 318 319 | Next Page >

How to secure access to SWF file using ASP.NET?

- by elsharpo

hi guys, We have a swf file that we want to secure and make available only to authorized users. I embedded the file in an aspx page and that works fine, since ASP.NET handles the aspx page, I can use ASP.NET authorization features and in the web.config restrict the access to roles="AllowedUsers" for example. However smart users could still get to the file by accessing directly for example www.mysite/flash.swf. We want to make that kind of access secure. Any help would be greatly appreciated! Thanks!

Read the article
How to obtain a working X509Certificate for my WCF Service hosting

- by Kobojunkie

I am in the process of hosting my WCF services in my asp.net hosting account and I want to use X509Certificate for authentication of communication. Where do I get a certificate in this instance? Make one and then Ftp it to my account? If yes, how do I reference this certificate for use. If No, how do I get one for use please? Do I need to purchase one or something?

Read the article
PHP password protection question?

- by PeAk

How do I use the sha512 function for PHP? Can I replace all my md5 funtions with the sha512 function? Do I have to download something if so what? Can any one provide examples? Thanks!

Read the article
ActiveXObject issue in javaScript

- by shan.swf

hi.. I wrote a javascript function in my html page to execute an .exe file. for this i used ActiveXObject. my function is: //~~~~~~~~~~~~~~~~~~~~~~~~~~~JavaScript~~~~~~~~~~~~~~~~ function openWin(url) { if (!document.all) { alert ("Available only with Internet Explorer."); return; } var ws = new ActiveXObject("WScript.Shell"); ws.Exec(url); } //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ It works fine but there is a alert "An ActiveX control might be unsafe to interact with other parts of the page. Do you want to allow this interaction?" comes up to confirm. If i say YES only it will get loaded. Pls anyone help me on this how to avoid this pop-up coming every time when i reload my html page.

Read the article
How can UNIX access control create compromise problems ?

- by Berkay

My system administrators advice me to be careful when setting access control to files and directories. He gave me an example and i got confused, here it is: a file with protection mode 644 (octal) contained in a directory with protection mode 730. so it means: File:101 100 100 (owner, group,other: r-x r-- r--) Directory:111 011 000 (owner, group,other: rwx -wx ---) How can file be compromised in this case ?

Read the article
Desktop Development Environment that Compiles to Linux, Mac OS, and Windows

- by infocyde

Hi, is there any development environments that allow you to have one code base that can compile to Linux, Mac OS, and Windows versions without much tweaking? I know this is like asking for where the Holy Grail is burred, but maybe such a thing exists. Thanks.

Read the article
SSL HandShakeException: No_Certificate. Using IBM's J9 JVM and Apache Tomcat

- by DaveJohnston

I am developing a mobile application that is to run on a Windows Mobile PDA. The application is written in Java and to run it we are using the J9 JVM from IBM. The application communicates with an Apache Tomcat server over HTTP and we are trying to set it up now to use SSL. I have generated public/private keys for both the client and the server, exported their self signed certificates and imported them into the respective keystores. Initially I tried to just get it working using only server side authentication and that was successful. But I am now trying to get mutual authentication by setting clientAuth="true" in the server.xml file in the apache conf directory. I have enabled the SSL logging on the server and when the client connects the server reports an SSLProtocolException: handshake alert: no_certificate. The client logs also show an exception: javax.net.ssl.SSLHandshakeException: unexpected_message at com.ibm.j9.jsse.SSLSocketImpl.completeHandshake(Unknown Source) at com.ibm.j9.jsse.SSLSocketImpl.startHandshake(Unknown Source) at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.openSocket(Unknown Source) at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.connect(Unknown Source) at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.sendRequest(Unknown Source) at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.doRequest(Unknown Source) at com.ibm.oti.net.www.protocol.https.HttpsURLConnection.getInputStream(Unknown Source) The client keystore and truststore is configured by setting the following System Properties: javax.net.ssl.trustStore javax.net.ssl.trustStorePassword javax.net.ssl.keyStore javax.net.ssl.keyStorePassword Does anyone have any ideas how I can set up client authentication on the J9 JVM?

Read the article
What are the best practices for avoid xss attacks in a PHP site

- by rikh

I have PHP configured so that magic quotes are on and register globals are off. I do my best to always call htmlentities() for anything I am outputing that is derived from user input. I also occasionally seach my database for common things used in xss attached such as... <script What else should I be doing and how can I make sure that the things I am trying to do are always done.

Read the article
Running shell scripts with sudo through my Rails app

- by nfm

In my Rails app, I have some functionality that interfaces with the server's OS. I've written a bash script, put it in my lib/ subdirectory, and can run it from my controller. However, some functionality of the script requires superuser privileges. What is the most sane way to run this script securely? It is being passed arguments from a web form, but should only be able to be called by authenticated (and trusted) users.

Read the article
autehntication on gui application written on perl

- by oren

Its not specific perl question I am building a perl gui/wxperl application that connect to DB . I want my application to be a password protected i.e first the user should enter the user and password and then use the appication . what is the best secure method to store the password could someone provide an idea what is the best method to how should i store the user and the password and how should i retrieve them for authentication ? if possible could someone provide some perl code how to do this ?

Read the article
Securely store a password in program code?

- by Nick

My application makes use of the RijndaelManaged class to encrypt data. As a part of this encryption, I use a SecureString object loaded with a password which get's get converted to a byte array and loaded into the RajindaelManaged object's Key at runtime. The question I have is the storage of this SecureString. A user entered password can be entered at run-time, and that can be "securely" loaded into a SecureString object, but if no user entered password is given, then I need to default to something. So ultimately the quesiton comes down to: If I have to have some known string or byte array to load into a SecureString object each time my application runs, how do I do that? The "encrypted" data ultimately gets decrypted by another application, so even if no user entered password is specified, I still need the data to be encrypted while it goes from one app to another. This means I can't have the default password be random, because the other app wouldn't be able to properly decrypt it. One possible solution I'm thinking is to create a dll which only spits out a single passphrase, then I use that passphrase and run it through a couple of different hashing/reorganizing functions at runtime before I ultimately feed it into the secureString object. Would this be secure enough?

Read the article
Execute remote Lua Script

- by Bruno Lee

Hi, I want to make an application that executes a remote script. The user can create a script (probabily a LUA script) then stores it in the server. Then he can uses an API for execute the script. I was thinking that API could be a webservice. So my questions are: I need high performance to execute the script. So my first choice was LUA script. Someone has another sugestion? Cause I need high perfomance, I was thinking if the webservice is the best solution. Maybe I could create a TCP/IP Windows Service that hold the users request. It is important to say that I will have many user executing scripts at the same time. So I will have a concurrency problem. My scripts will query in a database. I will use Tokyo Cabinet or Tokio Tyrant. I think Tokio Tyrant is the only solution cause I will have many requests. For perfomance, Do I need to make a connection pooling? Is there anyway to share variables between webservices requests? To make the webservice or the Windows service i was thinking to use C++. Can someone help with these questions? thanks

Read the article
Generate an LTPA token?

- by Shadowman

We have a need to integrate a server with our WebSphere environment that does not support LTPA. I found the blog post here and corresponding code to decode the information in an LTPA token. However, there's no code explaining the digital signature and how that's generated/validated. Does anyone have any information on how to generate an LTPA token in custom code?

Read the article
Ruby on Rails protect_from_forgery best practice

- by randombits

I'm currently working on building a RESTful web api with ruby on rails. I haven't bothered putting a proper authentication scheme into the API yet as I'm ensuring that tests and the basic behavior of the API is working all locally first. Upon testing non-HTTP GET type requests such as HTTP POST/DELETE/PUT, stuff chokes because protect_from_forgery is on by default. How does this work when I'm working in practice since essentially the idea is in a RESTful API that there is no state. The client does not have a session or a cookie associated with the server. Each request is an atomic, self-executed request. The user will supply some credentials to ensure they are who they say they are, but other than that, does protect_from_forgery make sense at this point? Should it remain enabled?

Read the article
Are there any applications written in the Io programming language? (Or, distributing Io applications

- by Rayne

I've recently become interested in prototype-based OOP, and I've been playing with Io and Ioke. Distributing an application with Ioke is simple. It's on the JVM. Need I say more? However, I'm absolutely stumped as to how one would distribute an Io application, especially on Windows. It's not like you can have end-users compile Io to run your application. I was actually shocked the Io has gone for 8 years without forming some sort of standards for things like distribution. Ruby has gems, Java has jars, and so on. The worse thing about it is, I can't find a single application written in Io to maybe steal ideas on distribution from. Maybe I suck at google searching (Io is a horrible search name, by the way ;P). Is there any sort of canonical way to distribute Io applications? Are there even any Io applications in existence, or am I just missing the point? I'm not sure if this should be community wiki or not. If you think it should, comment and let me know.

Read the article
Ask a DNS server what sites it hosts - and how to possibly prevent misuse

- by Exit

I've got a server which I host my company website as well as some of my clients. I noticed a domain which I created, but never used, was being attacked by a poke and hope hacker. I imagine that the hacker collected the domain from either hitting my DNS server and requesting what domains are hosted. So, in the interest of prevention and better server management, how would I ask my own DNS server (Linux CentOS 4) what sites are being hosted on it? Also, is there a way to prevent these types of attacks by hiding this information? I would assume that DNS servers would need to keep some information public, but I'm not sure if there is something that most hosts do to help prevent these bandwidth wasting poke and hope attacks. Thanks in advance.

Read the article
Ensure exclusive access to webservice

- by Henrik P. Hessel

Just to be on the safe side, what's the best practice to ensure that only my application has access to my webservice, which is hosted on a public server? Should I implement I shared key or something? My webservice is hosted on Googles App Engine and my Application runs on iPhones and iPads. If you need further information, just ask. Thanks, Henrik

Read the article
Salt question - using a "random salt"

- by barfoon

Hey everyone, Further to my question here, I have another question regarding salts. When someone says "use a random salt" to pre/append to a password, does this mean: Creating a static a 1 time randomly generated string of characters, or Creating a string of characters that changes at random every time a password is created? If the salt is random for every user and stored along with the hashed password, how is the original salt ever retrieved back for verification? Thanks!

Read the article
Programmatic authentication in JEE 6

- by Kevin

Hello, is it possible to authenticate programmatically a user in J2ee 6? Let me explain with some more details: I've got an existing Java SE project with Servlets and hibernate; where I manage manually all the authentication and access control: class Authenticator { int Id string username } Authenticator login(string username, string password) ; void doListData(Authenticator auth) { if (isLoggedIn(auth)) listData(); else doListError } void doUpdateData (Authenticator auth) { if (isLoggedAsAdmin(auth)) updateData() ; else doListError(); } void doListError () { listError() ; } And Im integrating J2ee/jpa/servlet 3/... (Glassfish 3) in this project. I've seen anotations like : @RolesAllowed ("viewer") void doListdata (...) { istData() ; } @RolesAllowed("admin") void doUpdateData (...) { updateData() ; } @PermotAll void dolisterror () { listerror() ; } but how can I manually state, in login(), that my user is in the admin and/or viewer role?

Read the article
What are the best measures to protect content from being crawled?

- by Moak

I've been crawling a lot of websites for content recently and am surprised how no site so far was able to put up much resistance. Ideally the site I'm working on should not be able to be harvested so easily. So I was wondering what are the best methods to stop bots from harvesting your web content. Obvious solutions: Robots.txt (yea right) IP blacklists What can be done to catch bot activity? What can be done to make data extraction difficult? What can be done to give them crap data? Just looking for ideas, no right/wrong answer

Read the article
Is it worthwhile to implement observer pattern in PHP?

- by Extrakun

I have been meaning to make use of design pattern in PHP, such as the observer pattern, but that I have to recreate the observers' relationship each time the page is loaded pains me. As references are saved as a new concrete objects in session, there is no way to preserve relationships between subscribers and their observers unless you use a GUID or some other properties to form a lookup, and store that property instead. With the cost of recreating the relationships each time a page is loaded, is it worthwhile to use design patterns such as observers in PHP, compared to having a clean design? Any real-world experience to share?

Read the article
How to use Custom AuthorizeAttribute for controller utilizing parameter value?

- by RSolberg

I am trying to secure a controller action to prevent a user from accessing an Entity that they do not have access to. I am able to do this with the following code. public ActionResult Entity(string entityCode) { if (CurrentUser.VerifyEntityPermission(entityCode)) { //populate viewModel... return View(viewModel); } return RedirectToAction("NoAccessToEntity", "Error"); } I would like to be able to add an attribute to the controller action itself. In order to validate the access to the entity, I need to see what value has been passed to the controller and what entities the user has access to. Is this possible? [EntityAuthRequired] public ActionResult Entity(string entityCode) { //populate viewModel... return View(viewModel); }

Read the article
Protect Apache server

- by Mike Arnold

My server is attacked like this 188.165.198.65 ./../../../../../../../../../etc/passwd%00 HTTP/1.1" 200 28114 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1" How can I defend it with .htaccess file?

Read the article
prevent bots to query my database several times

- by Alain

Hi all, I'm building an application that is a kind of registry. Think about the dictionary: you lookup for a word and it return something if the word is founded. Now, that registry is going to store valuable informations about companies, and some could be tempted to get the complete listing. My application use EJB 3.0 that replies to WS. So I was thinking about permits a maximum of 10 query per IP address per day. Storing the IP address and a counter on a table that would be empty by a script every night. Is it a good idea/practice to do so? If yes, how can I get the IP address on the EJB side? Is there a better way to prevent something to get all the data from my database? I've also though about CAPTCHA but I think it's a pain for the user, and sometime, they are difficult to read even for real human. Hope it's all clear since I'm not english... Thanks Alain

Read the article
Securing a .NET Application [closed]

- by beakersoft

Duplicate: Protecting .NET Code from Reverse Engineering We've recently released a small application and this weekend I found a cracked version of it on Piratebay that had the registration checking removed, so the app ran as if it was a registered version. Apart from using a code obfuscation tool (which doesn't seem to be that hard to get around), are there any standard things we should be doing to make our .NET applications more difficult to crack?

Read the article

< Previous Page | 308 309 310 311 312 313 314 315 316 317 318 319 | Next Page >