Search Results

Search found 30932 results on 1238 pages for 'rogue security software'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 322/1238 | < Previous Page | 318 319 320 321 322 323 324 325 326 327 328 329  | Next Page >

  • Framework for adding users/groups/permissions functionality to an application (possibly integrating

    - by vfilby
    I am looking to see if there is a good library or framework that I can use to simplify adding user/group/permission management to a .Net application (4.0 VS2010). If the framework can work on it's own or integrate with Active Directory that would be a huge bonus. So far I have found Visual Guard, if you have any experience using Visual Guard to provide user/group/permission functionality I definitely want to hear your feedback on how you liked working with it, pitfalls and benefits

    Read the article

  • Reuse implemented business classes in a web applications

    - by Mohammad
    I have implemented my domain layer classes and i have used them in a java application. Now i want to use same classes in a java web application,but i dont know how can i do it? In the java aplication we make and run some objects in main(class and method) and use them while program is running. for example an object that hold a collection of data that will be needed for all user requests. My question is: How can i create and hold such objects and data that should be available for all users and clients.

    Read the article

  • Pros and Cons on where to place business logic: app level or DB

    - by Juri
    Hi, I always again encounter discussions about where to place the business logic: inside a business layer in the application code or down in the DB in terms of stored procedures. Personally I'd tend to the 1st approach, but I'd like to hear some opinions from your part first, without influencing you with my personal views. I know there doesn't exist a one-size-fits-all solution and it often depends on many factors, but we can discuss about that. Btw, we are in the context of web applications and our current approach is to have UI layer which accepts UI input and does a first, client-side validation Business layer with a number of service-classes which contains the business logic including validation for user input (server-side) Data Access Layer which calls stored procedures from the DB for doing persistency/read operations Many people however tend to move the business layer stuff (especially regarding the validation) down to the DB in terms of stored procedures. What do you think about it? I'd like to discuss.

    Read the article

  • Multiple login locations for an online app.

    - by Goro
    Hello, I am working on a browser based application that will have many users. The catch is that every user should have their own customized login page, but the actual application is the same for everyone, and needs to be in a central location. What is the most secure way of doing this? Would it make more sense to have a copy of the application for each user, and keep the database centralized? The projected number of users is not very high, probably around 20-80. Thank you,

    Read the article

  • How does XmlSiteMapProvider check user to be in specific role?

    - by abatishchev
    I roll my own SiteMapProvider inheriting System.Web.XmlSiteMapProvider. I want to override logic of checking user to be in a role specified in siteMapNode's property roles: <siteMapNode url="Add.aspx?type=user" title="Add user" roles="admin" /> How can I do that? Which class's member does XmlSiteMapProvider call to check that if securityTrimmingEnabled="true"?

    Read the article

  • What Are Basic Tools For A New Project?

    - by Morgan Cheng
    For a long time, I thought that to start a new project we only need 3 basic tools. 1) A Build System (e.g. Maven & CruiseControl) 2) A Version Control System (e.g. CVS & SVN & GIT) 3) A Bug Tracking System (e.g. Bugzilla) Yesterday, a senior guy told me that we need at least one thing more. That is KPI(Key Performance Index). Without KPI, it is impossible to measure whether the project is progressing well or not. KPI is kind of SOFT tool compared to Maven/SVN/Bugzilla. I believe since I missed SOFT tools, there must be some other kind of tools I missed. So, anybody get some ideas what other basic tools necessary for a new project?

    Read the article

  • Prevent Cross-site request forgery - Never Rely on The SessionID Sent to Your Server in The Cookie H

    - by Yan Cheng CHEOK
    I am reading the tutorial at http://code.google.com/p/google-web-toolkit-incubator/wiki/LoginSecurityFAQ It states Remember - you must never rely on the sessionID sent to your server in the cookie header ; look only at the sessionID that your GWT app sends explicitly in the payload of messages to your server. Is it use to prevent http://en.wikipedia.org/wiki/Cross-site_request_forgery#Example_and_characteristics With this mythology, is it sufficient enough to prevent to above attack?

    Read the article

  • Should I be worried about a ReDOS attack?

    - by PeeHaa
    Can the following code be use to ReDOS attack my site? Or will it just be ended when the max_execution_time is exceeded or is it a problem of the past? I use the following code to validate emailaddresses on my sites (by Douglas Lovell): function validate_email($email) { $isValid = true; $atIndex = strrpos($email, "@"); if (is_bool($atIndex) && !$atIndex) { $isValid = false; } else { $domain = substr($email, $atIndex+1); $local = substr($email, 0, $atIndex); $localLen = strlen($local); $domainLen = strlen($domain); if ($localLen < 1 || $localLen > 64) { // local part length exceeded $isValid = false; } else if ($domainLen < 1 || $domainLen > 255) { // domain part length exceeded $isValid = false; } else if ($local[0] == '.' || $local[$localLen-1] == '.') { // local part starts or ends with '.' $isValid = false; } else if (preg_match('/\\.\\./', $local)) { // local part has two consecutive dots $isValid = false; } else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain)) { // character not valid in domain part $isValid = false; } else if (preg_match('/\\.\\./', $domain)) { // domain part has two consecutive dots $isValid = false; } else if(!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/', str_replace("\\\\","",$local))) { // character not valid in local part unless // local part is quoted if (!preg_match('/^"(\\\\"|[^"])+"$/', str_replace("\\\\","",$local))) { $isValid = false; } } if ($isValid && !(checkdnsrr($domain,"MX") || checkdnsrr($domain,"A"))) { // domain not found in DNS $isValid = false; } } return $isValid; }

    Read the article

  • How to securely communicate with a database using a java applet

    - by WarmWaffles
    I have been writing web applications for quite sometime in PHP with MySQL. I always stored my database connection information into a configuration variable and connected to the database that way. A client wants a java applet for their website to communicate with their database. I'm very hesitant on this because the applet is going to be public and I am not sure how I would go about storing the database connection information. I'm paranoid that someone would decompile my application or find some way to extract my database connection information and use it maliciously. Any suggestions on how to do this securely?

    Read the article

  • How to process AJAX requests more securely in PHP?

    - by animuson
    Ok, so I want to send AJAX requests to my website from my Flash games to process data, but I don't want people downloading them, decompiling them, then sending fake requests to be processed, so I'm trying to figure out the most secure way to process in the PHP files. My first idea was to use Apache's built in Authorization module to require a username and password to access the pages on a separate subdomain of my website, but then you'd have to include that username and password in the AJAX request anyway so that seems kind of pointless to even try. My current option looks pretty promising but I want to make sure it will work. Basically it just checks the IP address being sent using REMOTE_ADDR to make sure it's the IP address that my server runs on. <? $allowed = new Array("64.120.211.89", "64.120.211.90"); if (!in_array($_SERVER['REMOTE_ADDR'], $allowed)) header("HTTP/1.1 403 Forbidden"); ?> Both of those IP addresses point to my server. Things I'm worried about: 1) If I send a request from Flash/ActionScript, will that affect the IP address in any way? 2) Is it possible for malicious users to change the IP address that is being sent with REMOTE_ADDR to one of my IP addresses? Any other ways you would suggest that might be more secure?

    Read the article

  • Running shell scripts with sudo through my web app

    - by nfm
    I have some functionality that interfaces with the server's OS in my web application. I've written a bash script and am able to run it from within my app. However, some functionality of the script requires superuser privileges. What is the most sane way to run this script securely? It is being passed arguments from a web form, but should only be able to be called by authenticated users that I trust not to haxxor it.

    Read the article

  • ASP.NET MVC Authorize by Group

    - by Jimmo
    I have what seems like a common issue with SaaS applications, but have not seen this question on here anywhere. I am using ASP.NET MVC with Forms Authentication. I have implemented a custom membership provider to handle logic, but have one issue (perhaps the issue is in my mental picture of the system). As with many SaaS apps, Customers create accounts and use the app in a way that looks like they are the only ones present (they only see their items, users, etc.) In reality, there are generic controllers and views presenting data depending on their account. When calling something like ValidateUser, I have access to their affiliation in the User object - what I don't have is the context of the request to which to compare it. As an example, One company called ABC goes to abc.mysite.com Another company called XYZ goes to xyz.mysite.com When an ABC user calls http://abc.mysite.com/product/edit/12 I have an [Authorize] attribute on the Edit method in the ProductController to make sure he is signed in and has sufficient permission to do so. If that same ABC user tried to access http://xyz.mysite.com/product/edit/12 I would not want to validate him in the context of that call. In the ValidateUser of the MembershipProvider, I have the information about the user, but not about the request. I can tell that the user is from ABC, but I cannot tell that the request is for XYZ at that point in the code. How should I resolve this?

    Read the article

  • how can I design a good architechture for a Transaction Processing System?

    - by ghedas
    I have a project that must design an architecture for it. This project is a something like a Transaction Processing system and I need to know something like this: when and where I must use synchronous and asynchronous relations between its components? If always I use synchronous relations, the amount of messages maybe become exceeded and makes problem for TP system, and on the other hand synchronous relations make lots of delay, I think a mixture of them is required! If other parameters required to considering please help me! the most nonfunctional requirements of this project are performance and availability of it. I need useful materials and suggestions for it.

    Read the article

  • Design Technique: How to design a complex system for processing orders, products and units.

    - by Shyam
    Hi, Programming is fun: I learned that by trying out simple challenges, reading up some books and following some tutorials. I am able to grasp the concepts of writing with OO (I do so in Ruby), and write a bit of code myself. What bugs me though is that I feel re-inventing the wheel: I haven't followed an education or found a book (a free one that is) that explains me the why's instead of the how's, and I've learned from the A-team that it is the plan that makes it come together. So, armed with my nuby Ruby skills, I decided I wanted to program a virtual store. I figured out the following: My virtual Store will have: Products and Services Inventories Orders and Shipping Customers Now this isn't complex at all. With the help of some cool tools (CMapTools), I drew out some concepts, but quickly enough (thanks to my inferior experience in designing), my design started to bite me. My very first product-line were virtual "laptops". So, I created a class (Ruby): class Product attr_accessor :name, :price def initialize(name, price) @name = name @price = price end end which can be instantiated by doing (IRb) x = Product.new("Banana Pro", 250) Since I want my virtual customers to be able to purchase more than one product, or various types, I figured out I needed some kind of "Order" mechanism. class Order def initialize(order_no) @order_no = order_no @line_items = [] end def add_product(myproduct) @line_items << myproduct end def show_order() puts @order_no @line_items.each do |x| puts x.name.to_s + "\t" + x.price.to_s end end end that can be instantiated by doing (IRb) z = Order.new(1234) z.add_product(x) z.show_order Splendid, I have now a very simple ordering system that allows me to add products to an order. But, here comes my real question. What if I have three models of my product (economy, business, showoff)? Or have my products be composed out of separate units (bigger screen, nicer keyboard, different OS)? Surely I could make them three separate products, or add complexity to my product class, but I am looking for are best practices to design a flexible product object that can be used in the real world, to facilitate a complex system. My apologies if my grammar and my spelling are with error, as english is not my first language and I took the time to check as far I could understand and translate properly! Thank you for your answers, comments and feedback!

    Read the article

  • is there evidence that offshoring is causing developer salaries to go down? [closed]

    - by jcollum
    I realize this is a controversial and political topic. I'm trying to decide if offshoring is something that is effecting our industry in any substantial way or if it's just some bugaboo. I've read various posts on SO about it, but none addressed the idea of evidence for offshoring. Studies, papers, opinions of people who know about such things etc. I hear a lot about offshoring and its effect on our job market. However it all seems to be hearsay and conjecture. It does seem like some people are genuinely worried about it. This offshoring thing has been going on for quite some time, should be enough time for some real data to come out. If I had to pick a number I'd say it started during the dotcom boom -- a time when the need for developers far outweighed the local talent pool. We're now in a time when the talent pool is expensive and corporate wallets are tight, seems like an ideal time to find a good cheap developer in some other country. But is that actually happening? From reading some posts here on SO, I've concluded that offshoring is a really tough thing to do right. There are a lot of companies who think (or say) they can do it right, but some small percentage of them are actually able to pull it off. Is offshoring affecting the job market in any measurable way? Is offshoring measurable at all? Do we need to stop worrying about this?

    Read the article

  • C#: Check if administrator has write access to a file

    - by Bilal Aslam
    The Problem: I need to check if a user (local user or domain user, either one is possible) has write access to a file (if you're curious, %windir%\system32\inetsrv\applicationHost.config. This file is protected by Windows and you need to be an administrator to write to it.) My Solution: The general construct is: using (Impersonator impersonator = new Impersonator(domain, username, password)) { try { using (FileStream fs = File.OpenWrite(appHostConfigPath)) { return true; } catch { return false; } } As you can imagine, the Impersonator class is an IDisposible which uses native interop to call LogonUser. Nothing too creative, and it works. Where I am stuck: On Windows OSs with UAC enabled, this function always return false even if the user specified by username is an administrator. Even though my program is running elevated as an administrator, I suspect what's happening is that the impersonated code is running as a limited administrator. Hence, the method is returning false. I don't have any creative solutions to this. Can anyone help?

    Read the article

  • How can one make a web-site accessible only when someone has a dongle?

    - by Brian M. Hunt
    Suppose you want to add an extra layer of credentials on top of a SSL-encrypted login/password, but you don't want to increase complexity to the user. Is there a way to add the requirement of the possession of a dongle to web-server authentication schemes with existing cross-platform browser capabilities? In other words, to get access to the web-site, you would need a username, password, and a USB dongle that has been plugged into the client computer. The dongle would presumably do some sort of challenge/response. It'd be ideal if this dongle solution worked with Firefox automatically or with the simple addition of a plugin. Thoughts and suggestions are appreciated.

    Read the article

  • What information should I log if I detect that my site is under attack?

    - by Abe Miessler
    In the code below if I get into the if statement I can safely say my site is under attack. What information is it a good idea to log? Any recommendations on actions that can be taken to minimize the damage at this point? protected void btn_Search_Click(object sender, EventArgs e) { if(tb_SearchBox.Text.Length > tb_SearchBox.MaxLength) { //What should i log? //What actions should I take? } //Otherwise search }

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 318 319 320 321 322 323 324 325 326 327 328 329  | Next Page >