Search Results

Search found 30932 results on 1238 pages for 'rogue security software'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 313/1238 | < Previous Page | 309 310 311 312 313 314 315 316 317 318 319 320  | Next Page >

  • Create certificate for a client app in .NET

    - by galets
    I'm looking for a server app to be routinely generating certificates for client applications using self-signed root. Is there any streamlined process in .NET to programmatically generate those certificates? I can, of course, keep spawning makecert or openssl, but I was looking for more programmatic, in-memory method, when you just get X509Certificate on output. If someone got a code snippet, can you please share?

    Read the article

  • RSA public key exportation

    - by user308806
    Dear all, Here is my code KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); KeyPair myPair = kpg.generateKeyPair(); PrivateKey k = myPair.getPrivate(); System.out.print(k.serialVersionUID); Cipher c = Cipher.getInstance("RSA"); c.init(Cipher.ENCRYPT_MODE, myPair.getPublic()); String myMessage = new String("Testing the message"); byte[] bytes = c.doFinal(myMessage.getBytes()); String tt = new String(bytes); System.out.println(tt); Cipher d = Cipher.getInstance("RSA"); d.init(Cipher.DECRYPT_MODE, myPair.getPrivate()); byte[] temp = d.doFinal(bytes); String tst = new String(temp); System.out.println(tst); My question is how can i get the public key and stored elsewhere

    Read the article

  • log in as a proxy for a certain user

    - by Samuel
    We have a requirement, wherein the administrative user needs to proxy in as a certain user in an environment where several users (Role: User) are managed by an administrator (Role: Admin). e.g If we have the following users in the database (admin, user1, user2, user3), we would want the admin to proxy as 'user2' and use the system in certain scenarios. Authentication in our web application is based username / password credentials, what mechanisms are available for the admin to proxy as 'user2' when he doesn't have the password for 'user2'. How can the application track such access for audit purposes to mention that 'admin' had proxied for 'user2' and performed certain actions. I am looking for suggestions on supporting this in our j2ee (jboss seam) web application.

    Read the article

  • Am I under risk of CSRF attacks in a POST form that doesn't require the user to be logged in?

    - by Monika Sulik
    I'm probably being a total noob here, but I'm still uncertain about what a CSRF (Cross-Site Request Forgery) attack is exactly. So lets look at three situations... 1) I have a POST form that I use to edit data on my site. I want this data to be edited only by users that are logged in. 2) I have a site, which can be used by both users who are logged in as well as guests. Parts of the site are for logged in users only, but there are also POST forms that can be used by all users - anonymous and not (for example a standard contact form). Should the contact form be safeguarded against CSRF attacks? 3) I have a site which doesn't have an authentication system at all (well, perhaps that's unrealistic, so lets say it has an admin site which is separate from the rest of it and the admin part is properly safeguarded). The main part of the site is only used by anonymous users. Do the POST forms on it need to be safeguarded? In the case of 1) the answer is clearly yes. But in the case of 2 and 3 I don't know (and is the difference between 2 and 3 even significant?).

    Read the article

  • Who does actually use XACML?

    - by lajuette
    Who knows actively developed XACML Implemtations other than the Sun XACML Implementation and XEngine? Which vendors provide a PDP? I read something about a WebLogic XACML Privider. What other products support XACML?

    Read the article

  • How to make a secure game in javascript ?

    - by rnaud
    Hello, I'm working on games using javascript some html and css, and I was wondering if there was any way to secure the game so that the user can't just call game.php?result=victory to finish the game and earn some point. As of right now here are the solution I have. For a chance game, start the page with the result already in place, win or loose, then just do some animations to show it, but all the score and win/loose stuff is done server-side. For a battle game, just get the action from the javascript call, and do the damage calculation, reaction of the oponent on the server and just send back the data. but the last solution imply that I will have to send actions each time the user do anything. This might work for a turn by turn battle game, but I think it would be to slow for any other kind of game. So my question is, is there some kind of secure way I can prep my javascript to secure the infomation sent.

    Read the article

  • Do I only have to worry about XSS and Sql injection?

    - by Pranali Desai
    Hi All, I am writing an application and for this to make it safe I have decided to HtmlEncode and HtmlDecode the data to avoid Javascript Injection and Paramaterised queries to avoid Sql injection. But I want to know whether these are the best ways to avoid these attacks and what are the other ways to damage the application that I should take into consideration.

    Read the article

  • Storing secret keys on iPhone source and project resources

    - by hgpc
    Is storing secret keys (internal use passwords and such) on iPhone source code and project resources (such as plist files) secure? Obviously nothing is 100% secure, but can this information be extracted easily from an installed app? How do you recommend storing these keys to use them in the source code? Just in case, this question is not about storing user passwords.

    Read the article

  • Pros and cons of programmatically enforcing foreign key than in database

    - by Jeffrey
    It is causing so much trouble in terms of development just by letting database enforcing foreign key. Especially during unit test I can’t drop table due to foreign key constrains, I need to create table in such an order that foreign key constrain warning won’t get triggered. In reality I don’t see too much point of letting database enforcing the foreign key constrains. If the application has been properly designed there should not be any manual database manipulation other than select queries. I just want to make sure that I am not digging myself into a hole by not having foreign key constrains in database and leaving it solely to the application’s responsibility. Am I missing anything? P.S. my real unit tests (not those that use mocking) will drop existing tables if the structure of underlying domain object has been modified.

    Read the article

  • Can IIS admin change password of Windows Service account

    - by sweta Jha
    We have a service account defined for anonymous access which is used for several web sites hosted on the web server. This account has access to several network resources like report server, file servers and so on. While deploying a new web site, we used the same service account for anonymous access. IIS takes the username/password for the account and then a dialog opens for confirm password. Accidently, we gave a wrong password in both the text boxes, the new site with wrong password is working fine but all other previously hosted sites which were using the service account, started giving the unautorized access error. Is it possible that when we entered wrong password for the new web site, the password of the account got reset and all sites stopped functioning?

    Read the article

  • Best Open Source Project Hosting Site

    - by Cristian
    I want to start an open source project, but the rise in hosting sites leaves me a little paralyzed with choice. I know a little about several: I never really liked SourceForge's UI but it still feels like the site I think of when I think "open source project hosting". Google Code Project Hosting looks clean and useful but doesn't seem as feature complete as SourceForge. I've heard good things about Launchpad but don't know much about it nor do I know Bazaar (though I'd be interested in learning it). I know almost nothing about GitHub and, like Bazaar, I don't know Git. Does anyone have any experience with these sites or some other cool code host? Any recommendations? Recommended Sites: BitBucket Codeplex Assembla DevjaVu Savannah

    Read the article

  • How to secure connection between PHP and Android

    - by Elad Cohen
    I am developing an application for the Android that requires a connection with PHP pages in order to add sensitive data to a database that will affect the application. Since it's very easy to reverse engineer an android app, one can simply find the url where the data is sent to and manipulate it. I thought about creating a registration based on IMEI, but one can still able to manipulate it for his malicious purposes. I have also checked OAuth but I didn't really understand how it works and if it can help in my condition. What can I do to fully secure my application? Thanks in advance! EDIT: By the way, what I am mostly trying to achieve here is to make sure the requests are being sent from an Android and not from any other device.

    Read the article

  • Empty data problem - data layer or DAL?

    - by luckyluke
    I designing the new App now and giving the following question a lot of thought. I consume a lot of data from the warehouse, and the entities have a lot of dictionary based values (currency, country, tax-whatever data) - dimensions. I cannot be assured though that there won't be nulls. So I am thinking: create an empty value in each of teh dictionaries with special keyID - ie. -1 do the ETL (ssis) do the correct stuff and insert -1 where it needs to let the DAL know that -1 is special (Static const whatever thing) don't care in the code to check for nullness of dictionary entries because THEY will always have a value But maybe I should be thinking: import data AS IS let the DAL do the thinking using empty record Pattern still don't care in the code because business layer will have what it needs from DAL. I think is more of a approach thing but maybe i am missing something important here... What do You think? Am i clear? Please don't confuse it with empty record problem. I do use emptyCustomer think all the time and other defaults too.

    Read the article

  • Multiuser login into winforms application

    - by schoetbi
    Hi there, i have a winforms app in C# that needs access control for certain forms. That means, the application is running under the same (default) user at system startup, but certain forms need to be secured, so that only certain windows users could have access to the additional functions after identifying themself with username and password. For that step windows authentication should be used. Now the tricky part. Although the application was started under a "normal" user I would like the superusers to "login" into the special form without restarting the entiere application. My question now is. Is this possible (i.e. create one thread with the credentials of an administrator). Or do I need to setup another appdomain for that? Please give me a hint wather the user of a running application could be changed somehow. Thank you. EDIT I replaced administrators by "certain users" since the privileged user could be just another ordinary user that is granted access to the special functionality by the configuration of the installation.

    Read the article

  • CSRF Protection in AJAX Requests using MVC2

    - by mnemosyn
    The page I'm building depends heavily on AJAX. Basically, there is just one "page" and every data transfer is handled via AJAX. Since overoptimistic caching on the browser side leads to strange problems (data not reloaded), I have to perform all requests (also reads) using POST - that forces a reload. Now I want to prevent the page against CSRF. With form submission, using Html.AntiForgeryToken() works neatly, but in AJAX-request, I guess I will have to append the token manually? Is there anything out-of-the box available? My current attempt looks like this: I'd love to reuse the existing magic. However, HtmlHelper.GetAntiForgeryTokenAndSetCookie is private and I don't want to hack around in MVC. The other option is to write an extension like public static string PlainAntiForgeryToken(this HtmlHelper helper) { // extract the actual field value from the hidden input return helper.AntiForgeryToken().DoSomeHackyStringActions(); } which is somewhat hacky and leaves the bigger problem unsolved: How to verify that token? The default verification implementation is internal and hard-coded against using form fields. I tried to write a slightly modified ValidateAntiForgeryTokenAttribute, but it uses an AntiForgeryDataSerializer which is private and I really didn't want to copy that, too. At this point it seems to be easier to come up with a homegrown solution, but that is really duplicate code. Any suggestions how to do this the smart way? Am I missing something completely obvious?

    Read the article

  • Comparison of SSL Certificates

    - by Walley
    My web application most definately needs an SSL certificate I was looking into godaddy's: http://www.godaddy.com/ssl/ssl-certificates.aspx The standard doesn't appear to have the lock in the URL bar, which a lot of users might not consider secure... How true is this? The Standard has https:// obviously in the bar, but is that enough to persuade users to want to enter in confidential information?? I'd appreciate any experience anyone has had with this. or any alterates they've dealt with. Is $100/year really the going rate for an SSL cert that has the lock in the url bar? Thanks SO!

    Read the article

  • Bundle a Python app as a single file to support add-ons or extensions?

    - by Brandon Craig Rhodes
    There are several utilities — all with different procedures, limitations, and target operating systems — for getting a Python package and all of its dependencies and turning them into a single binary program that is easy to ship to customers: http://wiki.python.org/moin/Freeze http://www.pyinstaller.org/ http://www.py2exe.org/ http://svn.pythonmac.org/py2app/py2app/trunk/doc/index.html My situation goes one step further: third-party developers will be wanting to write plug-ins, extensions, or add-ons for my application. It is, of course, a daunting question how users on platforms like Windows would most easily install plugins or addons in such a way that my app can easily discover that they have been installed. But beyond that basic question is another: how can a third-party developer bundle their extension with whatever libraries the extension itself needs (which might be binary modules, like lxml) in such a way that the plugin's dependencies become available for import at the same time that the plugin becomes available. How can this be approached? Will my application need its own plug-in area on disk and its own plug-in registry to make this tractable? Or are there general mechanisms, that I could avoid writing myself, that would allow an app that is distributed as a single executable to look around and find plugins that are also installed as single files?

    Read the article

  • Securing Files over Web: Fine Grained Authorization Based File Access

    - by Nishant
    I have a system where employees can upload files. There are three ways Upload to my account in public, private or protected mode Upload to department account in public, private or protected mode Upload to organization account in public, private or protected mode where public is visible to anyone, private to the group or person only and protected to anyone in the organization. All the files for an organization are stored in a directory say, /files/<organizationId>/, on file server like files +-- 234809 | +img1.jpg | +doc1.pdf +-- 808234 | +doc2.pdf I am storing file-path and privacy level in DB. So, I can control whether to show link to a file URL to an user -- on a given page. The problem is, I do not have any control over file's URL... so, if some one types the URL to img1.jpg in his browser's address bar, there is no way to know whether a logged in user is eligible to see img1.jpg. Any suggestion? Thanks Nishant

    Read the article

  • CDI SessionScoped Bean instance remains unchanged when login with different user

    - by Jason Yang
    I've been looking for the workaround of this problem for rather plenty of time and no result, so I ask question here. Simply speaking, I'm using a CDI SessionScoped Bean User in my project to manage user information and display them on jsf pages. Also container-managed j_security_check is used to resolve authentication issue. Everything is fine if first logout with session.invalidate() and then login in the same browser tab with a different user. But when I tried to directly login (through login.jsf) with a new user without logout beforehand, I found the user information remaining unchanged. I debugged and found the User bean, as well as the HttpSession instance, always remaining the same if login with different users in the same browser, as long as session.invalidate() not invoked. But oddly, the session id did modified, and I've both checked in Java code and Firebug. org.apache.catalina.session.StandardSessionFacade@5d7b4092 StandardSession[c69a71d19f369d08b5dddbea2ef0] attrName = org.jboss.weld.context.conversation.ConversationIdGenerator : attrValue=org.jboss.weld.context.conversation.ConversationIdGenerator@583c9dd8 attrName = org.jboss.weld.context.ConversationContext.conversations : attrValue = {} attrName = org.jboss.weld.context.http.HttpSessionContext#org.jboss.weld.bean-Discipline-ManagedBean-class com.netease.qa.discipline.profile.User : attrValue = Bean: Managed Bean [class com.netease.qa.discipline.profile.User] with qualifiers [@Any @Default @Named]; Instance: com.netease.qa.discipline.profile.User@c497c7c; CreationalContext: org.jboss.weld.context.CreationalContextImpl@739efd29 attrName = javax.faces.request.charset : attrValue = UTF-8 org.apache.catalina.session.StandardSessionFacade@5d7b4092 StandardSession[c6ab4b0c51ee0a649ef696faef75] attrName = org.jboss.weld.context.conversation.ConversationIdGenerator : attrValue = org.jboss.weld.context.conversation.ConversationIdGenerator@583c9dd8 attrName = com.sun.faces.renderkit.ServerSideStateHelper.LogicalViewMap : attrValue = {-4968076393130137442={-7694826198761889564=[Ljava.lang.Object;@43ff5d6c}} attrName = org.jboss.weld.context.ConversationContext.conversations : attrValue = {} attrName = org.jboss.weld.context.http.HttpSessionContext#org.jboss.weld.bean-Discipline-ManagedBean-class com.netease.qa.discipline.profile.User : attrValue = Bean: Managed Bean [class com.netease.qa.discipline.profile.User] with qualifiers [@Any @Default @Named]; Instance: com.netease.qa.discipline.profile.User@c497c7c; CreationalContext: org.jboss.weld.context.CreationalContextImpl@739efd29 attrName = javax.faces.request.charset : attrValue = UTF-8 Above block contains two successive logins and their Session info. We can see that the instance(1st row) the same while session id(2nd row) different. Seems that session object is reused to contain different session id and CDI framework manages session bean life cycle in accordance with the session object only(?). I'm wondering whether there could be only one server-side session object within the same browser unless invalidated? Since I'm adopting j_security_check I fancy intercepting it and invalidating old session is not so easy. So is it possible to accomplish the goal without altering the CDI+JSF+j_security_check design that one can relogin with different account in the same or different tab within the same browser? Really look forward for your response. More info: Glassfish v3.1 is my appserver.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 309 310 311 312 313 314 315 316 317 318 319 320  | Next Page >