Search Results

Search found 13059 results on 523 pages for 'security hole'.

Page 324/523 | < Previous Page | 320 321 322 323 324 325 326 327 328 329 330 331 | Next Page >

Handling multiple HTTP requests from one source (e.g.a hacker)

- by Haraldo

Hi there, I have a script to handle http requests. I'm trying to think of some of the security issues I might have with it. My biggest concern at the moment is how I can manage multiple requests from the same source over and over. For instance someone trying to shut down my system. Do I need to be concerned or will Apache handling this issue. If not what is the best approach to take using php? Thanks,

Read the article
ajax cross-domain requests

- by yoda

Hi, Since Ajax requests are limited for security reasons, there's not much to it, just follow the rules eh .. but I've crossed with this : https://developer.mozilla.org/en/Same_origin_policy_for_JavaScript It's written that you can "bypass" those rules, in case you're working with subdomains of the same domain, with the following javascript line : document.domain = "company.com"; I haven't tried it yet, since I don't know if this only works (perfectly works) with any other browser, or at least the major ones. Is it possible? Thanks.

Read the article
Download file is blocked using WatiN even after modifying registry settings

- by Mstechuser1

I'm doing an IE automation using WatiN. When a file to be downloaded is clicked, I get the following in the Internet Explorer Information bar: To help protect your security, Internet Explorer has blocked this site from downloading files to you computer. I added a registry key to, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ then a REG_DWORD value named "http" with value==2 as given in http://stackoverflow.com/questions/972345/programmatically-add-trusted-sites-to-internet-explorer but still facing same issues. Can some1 advice on this....

Read the article
Ruby core documentation quality

- by karatedog

I'm relatively new to Ruby and have limited time therefore I try out simple things. Recently I needed to create a file and because I'm lazy as hell, I run to Google. The result: File.open(local_filename, 'w') {|f| f.write(doc) } Shame on me, it is very straightforward, should have done it myself. Then I wanted to check what ruby magic the File class' methods offer or if there's any 'simplification' when invoking those methods, so I headed for the documentation here, and checked for the File class. 1.8.6 documentation presents me with "ftools.rb: Extra tools for the File class" under 'File' class, which is not what I'm looking for. 1.8.7 documentation seems OK for 'File' class, there are a plethora of methods. Except 'open'. 1.9 documentation finally shows me the 'open' method. And I had an almost same tour with Net::HTTP. Do I exaggerate when I think good old Turbo Pascal's 7.0 documentation was better organized than Ruby documentation is right now? Is there any other source for the uninitiated to collect knowledge? Or is it possible that I just tumbled into a documentation hole and the rest are super-brilliant-five-star organized? Thanks

Read the article
Rewarding iOS app beta testers with in app purchase?

- by Partridge

My iOS app is going to be free, but with additional functionality enabled via in app purchase. Currently beta testers are doing a great job finding bugs and I want to reward them for their hard work. I think the least I can do is give them a full version of the app so that they don't have to buy the functionality themselves. However, I'm not sure what the best way to do this is. There do not appear to be promo codes for in app purchase so I can't just email out promo codes. I have all the tester device UDIDs so when the app launches I could grab the device UDID and compare it to an internal list of 'approved' UDIDs. Is this what other developers do? My concerns: The in app purchase content would not be tied to their iTunes account, so if beta testers move to a new device they would not be able to enable the content unless I released a new build in the app store with their new UDID. So they may have to buy it eventually anyway. Having an internal list leaves a hole for hackers to modify the list and add themselves to it. What would you do?

Read the article
How might one cope with the ambiguous value produced by GetDllDirectory?

- by Integer Poet

GetDllDirectory produces an ambiguous value. When the string this call produces is empty, it means one of the following: nobody has called SetDllDirectory somebody passed NULL to SetDllDirectory somebody passed an empty string to SetDllDirectory The first two cases are equivalent for my purposes, but the third case is a problem. If I want to write save/restore code (call GetDllDirectory to save the "old" value, SetDllDirectory to set a "new" value temporarily, and later SetDllDirectory again to restore the "old" value), I run the risk of reversing some other programmer's intent. If the other programmer intended for the current working directory to be in the DLL search order (in other words, one of the first two bullets is true), and I pass an empty string to SetDllDirectory, I will be taking the current working directory out of the DLL search order, reversing the other programmer's intent. Can anyone suggest an approach to eliminate or work around this ambiguity? P.S. I know having the current working directory in the DLL search order could be interpreted as a security hole. Nevertheless, it is the default behavior, and my code is not in a position to undo that; my code needs to be compatible with the expectations of all potential callers, many of which are large and old and beyond my control.

Read the article
Best practices for implementing an Access (2007) application

- by waanders

Hello, Where can I find an overview (website) of best practices for implementing an Access (2007) application (with a FE/BE architecture) regarding to security, performance and maintainability? I know about designing tables, queries, forms and so on and I'm a reasonable programmer, but I'm wondering what's the "best" and most efficient way to implement my "application". Thanks in advance for your help.

Read the article
project hierarchy

- by Noona

Is there a difference between a package and a folder in eclipse? for example, if I have this hierarchy requirement: java –classpath C:\ChatCompany\BackendChatServer\ -Djava.security.policy=c:\HW2\permissions.policy hw2.chat.backend.main.ChatBackendServer when the package's name is: "hw2.chat.backend.main" and "ChatCompany\BackendChatServer\" is the folder name, then how can I make this separation between a package and a folder in eclipse, so that I can write "package hw2.chat.backend.main" and not "package ChatCompany.BackendChatServer.hw2.chat.backend.main"? thanks

Read the article
User Control as container

- by Luca

I'm designing a simple expander control. I've derived from UserControl, drawn inner controls, built, run; all ok. Since an inner Control is a Panel, I'd like to use it as container at design time. Indeed I've used the attributes: [Designer(typeof(ExpanderControlDesigner))] [Designer("System.Windows.Forms.Design.ParentControlDesigner, System.Design", typeof(IDesigner))] Great I say. But it isn't... The result is that I can use it as container at design time but: The added controls go back the inner controls already embedded in the user control Even if I push to top a control added at design time, at runtime it is back again on controls embedded to the user control I cannot restrict the container area at design time into a Panel area What am I missing? Here is the code for completeness... why this snippet of code is not working? [Designer(typeof(ExpanderControlDesigner))] [Designer("System.Windows.Forms.Design.ParentControlDesigner, System.Design", typeof(IDesigner))] public partial class ExpanderControl : UserControl { public ExpanderControl() { InitializeComponent(); .... [System.Security.Permissions.PermissionSet(System.Security.Permissions.SecurityAction.Demand, Name = "FullTrust")] internal class ExpanderControlDesigner : ControlDesigner { private ExpanderControl MyControl; public override void Initialize(IComponent component) { base.Initialize(component); MyControl = (ExpanderControl)component; // Hook up events ISelectionService s = (ISelectionService)GetService(typeof(ISelectionService)); IComponentChangeService c = (IComponentChangeService)GetService(typeof(IComponentChangeService)); s.SelectionChanged += new EventHandler(OnSelectionChanged); c.ComponentRemoving += new ComponentEventHandler(OnComponentRemoving); } private void OnSelectionChanged(object sender, System.EventArgs e) { } private void OnComponentRemoving(object sender, ComponentEventArgs e) { } protected override void Dispose(bool disposing) { ISelectionService s = (ISelectionService)GetService(typeof(ISelectionService)); IComponentChangeService c = (IComponentChangeService)GetService(typeof(IComponentChangeService)); // Unhook events s.SelectionChanged -= new EventHandler(OnSelectionChanged); c.ComponentRemoving -= new ComponentEventHandler(OnComponentRemoving); base.Dispose(disposing); } public override System.ComponentModel.Design.DesignerVerbCollection Verbs { get { DesignerVerbCollection v = new DesignerVerbCollection(); v.Add(new DesignerVerb("&asd", new EventHandler(null))); return v; } } } I've found many resources (Interaction, designed, limited area), but nothing was usefull for being operative...

Read the article
How to access a web service behind a NAT?

- by jr

We have a product we are deploying to some small businesses. It is basically a RESTful API over SSL using Tomcat. This is installed on the server in the small business and is accessed via an iPhone or other device portable device. So, the devices connecting to the server could come from any number of IP addresses. The problem comes with the installation. When we install this service, it seems to always become a problem when doing port forwarding so the outside world can gain access to tomcat. It seems most time the owner doesn't know router password, etc, etc. I am trying to research other ways we can accomplish this. I've come up with the following and would like to hear other thoughts on the topic. Setup a SSH tunnel from each client office to a central server. Basically the remote devices would connect to that central server on a port and that traffic would be tunneled back to Tomcat in the office. Seems kind of redundant to have SSH and then SSL, but really no other way to accomplish it since end-to-end I need SSL (from device to office). Not sure of performance implications here, but I know it would work. Would need to monitor the tunnel and bring it back up if it goes done, would need to handle SSH key exchanges, etc. Setup uPNP to try and configure the hole for me. Would likely work most of the time, but uPNP isn't guaranteed to be turned on. May be a good next step. Come up with some type of NAT transversal scheme. I'm just not familiar with these and uncertain of how they exactly work. We have access to a centralized server which is required for the authentication if that makes it any easier. What else should I be looking at to get this accomplished?

Read the article
Can I view a list of public variables of some Adobe Air app or web flash file from another app?

- by Parris

I was thinking about creating making AIM pluggin that checks pandora one (desktop) or pandora website periodically to see what is currently playing and update a user's status. I suppose the main question is there a clever way to access a "public" variable from some open Adobe Air process? I KNOW this sounds like some crazy security flaw, but it may also be a feature. I am pretty sure javascript can potentially handle it. Thanks!

Read the article
ASP.NET MVC jQuery: Shoud we be concerned about a lot of jQuery/javascript on a View?

- by Mark Redman

We are moving from WebForms to MVC and and using a lot of jQuery. I appears we have a lot of jQuery/JavaScript in our Views, is this common and are there any concerns about security. The obvious step is to refactor into plugins and more generic UserControls etc, but this jQuery would still be "visible" by looking at js files etc. We are validating everything on the server-side anyway but should we be concerned?

Read the article
What is the best credit card processing service?

- by JerSchneid

We're looking to add credit card payments to our system (and it needs to be fairly custom, handling variable "per use" charges each month). We would like the integration to be simple and secure (i.e. no storing of credit card data on our system). What, in your opinion, is the best credit card processing provider to offer this kind of security and flexibility. List only one provider per answer to let the voting system do it's thing.

Read the article
one or more Entity models for one database for entity framework?

- by KentZhou

When use entity framework for DAL tier, VS 2010 can create edmx for each database. Question: If I have a database with many tables, should I create only one edmx for all tables or mutiple edmx files? for example, maybe all security tables for one edmx file, other tables for another edmx file. If there is more than one, then in other tiers, there will have more then on ObjectContext in code for business logic. Which one it the best solution for this case?

Read the article
Any Sercurity issues in ajax dll

- by lokendra singh

Hi Friends I am using ajax dll in my application for smooth working but i have some doubt in my mind ? is there any security problem in server when we are using ajax dll in my application. means any one can missuse the application because we are using public memthods in ajax dll. Any one suggest me, thanks in advance Lokendra

Read the article
Connect to MySQL via PHP script tunnel

- by Neo

Here's the question, I need to connect to a remote MySQL database from my C# Application, problem is the MySQL instance will block all access to all IP's apart from localhost, this can not be changed as its too much of a security issue. The question is, is it possible to connect via a tunnel instead to a php script hosted on the server, this would then act as the mysql connection. Any ideas and suggestions?

Read the article
protect form hijacking hack

- by Karem

Yes hello today I discovered a hack for my site. When you write a msg on a users wall (in my communitysite) it runs a ajax call, to insert the msg to the db and will then on success slide down and show it. Works fine with no problem. So I was rethinking alittle, I am using POST methods for this and if it was GET method you could easily do ?msg=haxmsg&usr=12345679. But what could you do to come around the POST method? I made a new html document, made a form and on action i set "site.com/insertwall.php" (the file that normally are being used in ajax), i made some input fields with names exactly like i am doing with the ajaxcall (msg, uID (userid), BuID (by userid) ) and made a submit button. I know I have a page_protect() function on which requires you to login and if you arent you will be header to index.php. So i logged in (started session on my site.com) and then I pressed on this submit button. And then wops I saw on my site that it has made a new message. I was like wow, was it so easy to hijack POST method i thought maybe it was little more secure or something. I would like to know what could I do to prevent this hijacking? As i wouldnt even want to know what real hackers could do with this "hole". The page_protect secures that the sessions are from the same http user agent and so, and this works fine (tried to run the form without logging in, and it just headers me to startpage) but yea wouldnt take long time to figure out to log in first and then run it. Any advices are appreciated alot. I would like to keep my ajax calls most secure as possible and all of them are running on the POST method. What could I do to the insertwall.php, to check that it comes from the server or something.. Thank you

Read the article
hash password in mssql (asp.net)

- by ile

Is this how hashed password stored in mssql should look like? This is function I use to hash password (I found it in some tutorial) public string EncryptPassword(string password) { //we use codepage 1252 because that is what sql server uses byte[] pwdBytes = Encoding.GetEncoding(1252).GetBytes(password); byte[] hashBytes = System.Security.Cryptography.MD5.Create().ComputeHash(pwdBytes); return Encoding.GetEncoding(1252).GetString(hashBytes); } Thanks, Ile

Read the article
How do you use stl's functions like for_each?

- by thomas-gies

I started using stl containers because they came in very handy when I needed functionality of a list, set and map and had nothing else available in my programming environment. I did not care much about the ideas behind it. STL documentations were only interesting up to the point where it came to functions, etc. Then I skipped reading and just used the containers. But yesterday, still being relaxed from my holidays, I just gave it a try and wanted to go a bit more the stl way. So I used the transform function (can I have a little bit of applause for me, thank you). From an academic point of view it really looked interesting and it worked. But the thing that boroughs me is that if you intensify the use of those functions, you need 10ks of helper classes for mostly everything you want to do in your code. The hole logic of the program is sliced in tiny pieces. This slicing is not the result of god coding habits. It's just a technical need. Something, that makes my life probably harder not easier. And I learned the hard way, that you should always choose the simplest approach that solves the problem at hand. And I can't see what, for example, the for_each function is doing for me that justifies the use of a helper class over several simple lines of code that sit inside a normal loop so that everybody can see what is going on. I would like to know, what you are thinking about my concerns? Did you see it like I do when you started working this way and have changed your mind when you got used to it? Are there benefits that I overlooked? Or do you just ignore this stuff as I did (and will go an doing it, probably). Thanks. PS: I know that there is a real for_each loop in boost. But I ignore it here since it is just a convenient way for my usual loops with iterators I guess.

Read the article
Default MVC Web Application Database

- by wows

When setting up a new ASP.NET MVC Web Application, the default connection string inside Web.Config is something like this: connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true" I'm just wanting to play around with logging in and registering, etc but when I run the app it obviously can't find a SQL database. What database with what tables do I need to setup to do this? I have SQL Server 2005 Standard installed on my system, is that enough? Thanks.

Read the article
Are there any alternatives to shell_exec and proc_open in PHP?

- by George Edison

It seems like I can't use shell_exec or proc_open on my shared server. The message I get when I try to use it is: Warning: shell_exec() has been disabled for security reasons in /home/georgee/public_html/admin/email.php on line 4 Are there any alternatives to these functions?

Read the article
Websphere 5.1 add SSL certificate

- by Mikhail

Hi All. I have the following instruction: Import ++++ certificate (in order to allow SSL connections) – it is done in Administrative Console for the corresponding WAS profile (Security-SSL certificate and key management-Key stores and certificates-NodeDefaultTrustStore-Signer certificates). Here you can simply add the attached trkd_cert.cer (“Add” button) or get it from port (“Retrieve from port” button, host: ++++.com, port 443) But this is valid for Websphere 6.1. Do somebody know how this can be done in WebSphere 5.1?

Read the article
looking for hosted vcs for visual studio

- by darrix

I travel a bit and I'm looking for a hosted vcs with good support for Visual Studio. My projects aren't open source so I need security as well. Any recommendations or suggestions? Thanks

Read the article
How to compress/decompress a long query string in PHP?

- by jodeci

I doubt if this is encryption but I can't find a better phrase. I need to pass a long query string like this: http://test.com/test.php?key=[some_very_loooooooooooooooooooooooong_query_string] The query string contains NO sensitive information so I'm not really concerned about security in this case. It's just...well, too long and ugly. Is there a library function that can let me encode/encrypt/compress the query string into something similar to the result of a md5() (similar as in, always a 32 character string), but decode/decrypt/decompress-able?

Read the article
Where can I find a C# implementation of SHA-1 not using the built in libraries?

- by Peter

I am trying to rewrite the sha-1 algorithm for parallelization in a personal project of mine. Just wondering if anyone knows where I can find a C# implementation of the actual mathematical operations to perform the hash, not just the System.Security.Cryptography function.

Read the article

< Previous Page | 320 321 322 323 324 325 326 327 328 329 330 331 | Next Page >