Search Results

Search found 30932 results on 1238 pages for 'rogue security software'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 326/1238 | < Previous Page | 322 323 324 325 326 327 328 329 330 331 332 333  | Next Page >

  • Feature Driven Development Model (SDLC)

    - by j-t-s
    Hi All I've been searching all over the internet for days. Does anybody have, or know of, and can share sample Feature Driven Development documents? I keep coming across gazillions of "samples" with absolutely no useful information whatsoever. Thank you jt

    Read the article

  • Is a class that is hard to unit test badly designed?

    - by Extrakun
    I am now doing unit testing on an application which was written over the year, before I started to do unit-testing diligently. I realized that the classes I wrote are hard to unit test, for the following reasons: Relies on loading data from database. Which means I have to setup a row in the table just to run the unit test (and I am not testing database capabilities). Requires a lot of other external classes just to get the class I am testing to its initial state. On the whole, there don't seem to be anything wrong with the design except that it is too tightly coupled (which by itself is a bad thing). I figure that if I have written automated test cases with each of the class, hence ensuring that I don't heap extra dependencies or coupling for the class to work, the class might be better designed. Does this reason holds water? What are your experiences?

    Read the article

  • How to securely transfer

    - by michaeltk
    I have two servers -- a backend server, and a frontend server. Every night, the backend server generates static .html files, which are then compressed into .tar format. I need to write a script that resides on the backend server that will transfer the .tar file to the frontend server, and then decompress that .tar file into to the public web directory of the frontend server. What is the standard, secure way to do this? Thanks in advance.

    Read the article

  • Is it safe to put reference to current user in User model in Rails?

    - by Art Shayderov
    You know, I think I have to check current user in the model callbacks (like before_update). Rather than rely solely on adding where ('something.user_id = ?', 'current_user.id') in the controllers. I need something like Thread.CurrentPrincipal in .NET Is it safe to put reference to current user in User model? I'm sorry I don't really understand how it works under the hood yet. Or how you do it The Rails way? Sorry if this a silly question.

    Read the article

  • How can I securely check if a username is already taken?

    - by Geo
    I have a form where someone can create a new user. I'd like to add some AJAX to check if a username is taken, as soon as the input field loses focus. I'm not really sure how to go about this, as this could pave the way to bruteforce attack, since you could check for any username and see whether or not it exists. Any suggestions?

    Read the article

  • Do you take the pain of learning it or use an out of the box solution?

    - by Mantorok
    Hi all What I'm getting at here is being presented with a control or framework that does 95% of what you want but has its shortcomings when opposed to learning how to do it yourself. To give a good example (ASP.Net) UpdatePanel vs DIY JS/JSON. The UpdatePanel gives you AJAX instantly without doing anything additional, however I've come to learn that its shortcomings are mainly that it's a bit of a hack and performs badly on busy pages and I've found myself having to scrap UpdatePanels in favour of rolling my own JS, and I've now made it a habit to fully investigate any shortcomings in out-of-the-box solutions, as I've been stung by this experience. So I guess what I'm asking is: Is it better to find out how to DIY or is it considered a better approach to try the available solution and risk going a full circle? Obviously I've only targetted a single control, but it is a very attractive control to people learning AJAX - I'm sure there are others out there. Sorry if dupliate. Thanks

    Read the article

  • How should I protect against hard link attacks?

    - by Thomas
    I want to append data to a file in /tmp. If the file doesn't exist I want to create it I don't care if someone else owns the file. The data is not secret. I do not want someone to be able to race-condition this into writing somewhere else, or to another file. What is the best way to do this? Here's my thought: fd = open("/tmp/some-benchmark-data.txt", O_APPEND | O_CREAT | O_NOFOLLOW | O_WRONLY, 0644); fstat(fd, &st); if (st.st_nlink != 1) { HARD LINK ATTACK! } What's the right way? Besides not using a world-writable directory.

    Read the article

  • Smart Client App: How to give Different Settings for Different Users

    - by Daniel
    Hi! I have a smart client application being deployed with a CickOnce webpage. here's the current scenario. User runs the application, and the application shows a login form. User enters ID/Password in the login form, and the application sends that information to the server. The server authenticates the user and sends configuration and data to the application. Different users have different configuration and data for their application. I was concerned that anyone can download the application from the webpage if they know the URL. So I'm trying to change the authentication scheme, so that users can login at the webpage to download the application. I want to send the authentication info from the webpage(Program running at the server) to the smart client app, so that application can download the configuration information from the server, without prompting users to make a login again. How can the webpage send the ID/Passoword to the application securely?

    Read the article

  • How to make a secure login using UDID or device token?

    - by Erik B
    So I'm making an app where I want the users to be able add, edit and rate content, but I do not want to force them to register. Instead I was planning on just using their device id or device token to identify them. I'm planning on making both an iPhone and Android version, so I'm looking for a general solution, but the iPhone version has higher priority, so an iPhone specific solution would also be welcome. The problem is that I don't want just anyone to be able to use my web service by sending a phony device id or someone else's device id. How would the client prove to the server that it is providing the correct device id?

    Read the article

  • Should methods that are required to be executed in a specific order be private?

    - by TooFat
    I have a Class that retrieves some data and images does some stuff to them and them uploads them to a third party app using web services. The object needs to perform some specific steps in order. My question is should I be explicitly exposing each method publicly like so. myObject obj = new myObject(); obj.RetrieveImages(); obj.RetrieveAssociatedData(); obj.LogIntoThirdPartyWebService(); obj.UploadStuffToWebService(); or should all of these methods be private and encapsulated in a single public method like so. public class myObject() { private void RetrieveImages(){}; private void RetrieveAssociatedData(){}; private void LogIntoThirdPartyWebService(){}; private void UploadStuffToWebService(){}; public void DoStuff() { this.RetrieveImages(); this.RetrieveAssociatedData(); this.LogIntoThirdPartyWebService(); this.UploadStuffToWebService(); } } which is called like so. myObject obj = new myObject(); obj.DoStuff();

    Read the article

  • How important is it to use SSL on every page of your website?

    - by Mark
    Recently I installed a certificate on the website I'm working on. I've made as much of the site as possible work with HTTP, but after you log in, it has to remain in HTTPS to prevent session hi-jacking, doesn't it? Unfortunately, this causes some problems with Google Maps; I get warnings in IE saying "this page contains insecure content". I don't think we can afford Google Maps Premier right now to get their secure service. It's sort of an auction site so it's fairly important that people don't get charged for things they didn't purchase because some hacker got into their account. All payments are done through PayPal though, so I'm not saving any sort of credit card info, but I am keeping personal contact information. Fraudulent charges could be reversed fairly easily if it ever came to that. What do you guys suggest I do? Should I take the bulk of the site off HTTPS and just secure certain pages like where ever you enter your password, and that's it? That's what our competition seems to do.

    Read the article

  • Self signed Certificate Based Authentication

    - by Tadi Vijay Kumar
    Hi All.. I have started a project based on Client server communication in java. What i'm doing is client and server have their own self signed certificates. In initial communication both client and server will exchange their certificates. Server has to verify clients certificate and should grant authentication. Where i struck was on what topic server can validate or invalidate a particular client..? I am unable to proceed from here. So please any of you can give brief explanation about it? if possible some Pseudocode in java..?

    Read the article

  • PHP Frontpage/Page controller

    - by atno
    I using the following as Frontpage/Page Controller(s) and it's working ok so far, except two problems I'm facing which as you can see are the $pages array and the switch, which are actually much much longer as the one I've pasted here. Everytime there is a need for a new page controller I have to add it to $pages array and to switch which makes that list very long. How would you overcome this problem and do you see any other improvement on this code? loadLogic() in page controllers it is used to get functions under pages/controllername/logic/function.php. Frontpage Controller - index.php: include 'common/common.php'; if(!isset($_GET['p']) OR $_GET['p'] == ''){ $_GET['p'] = 'home'; header('Location: index.php?p=home'); } $pages = array('home','register','login','logout','page1','page2','page3'); $_GET['p'] = trim($_GET['p']); if(isset($_GET['p'])){ if(in_array($_GET['p'], $pages)){ switch ($_GET['p']) { case 'home': include 'home.php'; break; case 'register': include 'register.php'; break; case 'login': include 'login.php'; break; case 'logout': include 'logout.php'; break; case 'page1': include 'page1.php'; break; case 'page2': include 'page2.php'; break; case 'page3': include 'page3.php'; break; } }else{ echo '404!'; } } Page Controller - {home,register,login,logout,page1,page2,page3}.php: include 'tpl/common/header.php'; contentStart(); if(isset($_SESSION['logged'])){ loadLogic('dashboard'); }else{ loadLogic('nologin'); } //Display login form in logic page instead links // if(!isset($_SESSION['logged'])){ contentEnd(); loadLogic('nologinForm'); }else{ contentEnd(); include'tpl/common/rcol.php'; } include 'tpl/common/footer.php'; function loadLogic(): function loadLogic($logic) { $path = dirname(__DIR__) . '/pages'; $controller = preg_split('/&/',$_SERVER['QUERY_STRING']); $controller = trim($controller[0],"p="); $logicPath = 'logic'; $logic = $logic . '.php'; $err = 0; $logicFullPath = $path.'/'.$controller.'/'.$logicPath.'/'.$logic; if($err == '0'){ include "$logicFullPath"; } } Folder Structure: projectName | ---> common | ---> pages | | | --->home | | | --->register | | | --->login | | | --->logout | | | --->page1 | | | --->page2 | | | --->page3 | ---> tpl | | | ---> common | --> home.php | --> register.php | --> login.php | --> logout.php | --> page1.php | --> page2.php | --> page3.php

    Read the article

  • How can I ensure that a Java object (containing cryptographic material) is zeroized?

    - by Jeremy Powell
    My concern is that cryptographic keys and secrets that are managed by the garbage collector may be copied and moved around in memory without zeroization. As a possible solution, is it enough to: public class Key { private char[] key; // ... protected void finalize() throws Throwable { try { for(int k = 0; k < key.length; k++) { key[k] = '\0'; } } catch (Exception e) { //... } finally { super.finalize(); } } // ... }

    Read the article

  • what is file verification system for php project or licence checking the configuration files

    - by Jayapal Chandran
    Hi, My colleague asked me a question like "license check to config file". when i searched i got this http://www.google.com/search?q=file+verification+system&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a and in the result i got this http://integrit.sourceforge.net/texinfo/integrit.html but could not grasp much of its idea. Here is my thoughts... Our project is written in codeigniter. The project owner is providing it to their customer. The owner is a business partner with that concept. Besides, the owner needs control of the project code so that the customer will not break rules with him like changing the code or moving it go another server or validity. So the owner needs a system to enable disable the site. Let me give an example... owner.com will have an admin panel where he can either disable or enable the client.com. when he disables the client.com should display a custom message instead of loading the files. client.com is written i a way that i will process requests from owner.com and also the other way round. so, here i want a list of the concepts with which we can implement the ownership and control over client.com any suggestions, links, references, answers will be helpful. If i am missing something in my question i will update my question according to your comments if any so that the users can give in their idea without confusing of what i had asked. THX

    Read the article

  • Documents/links on preventing HTML form fiddling?

    - by larryq
    Hi everyone, I'm using ASP.Net but my question is a little more general than that. I'm interested in reading about strategies to prevent users from fooling with their HTML form values and links in an attempt to update records that don't belong to them. For instance, if my application dealt with used cars and had links to add/remove inventory, which included as part of the URL the userid, what can I do to intercept attempts to munge the link and put someone else's ID in there? In this limited instance I can always run a check at the server to ensure that userid XYZ actually has rights to car ABC, but I was curious what other strategies are out there to keep the clever at bay. (Doing a checksum of the page, perhaps? Not sure.) Thanks for your input.

    Read the article

  • Use Apache authentication in Django without popup

    - by chernevik
    I am using Apache to authenticate users for Django, but I would like to do so without the popup form that Apache uses in its basic configuration. How do I embed the login form within a page while still using Apache for authentication? That is, I'd like a page that says "Please login" and provides a form asking for username and password, and passes this information on to Apache for authentication. (I'd do this over an SSL connection, of course.)

    Read the article

  • How to secure phpMyAdmin

    - by Andrei
    Hi, I have noticed that there are strange requests to my website trying to find phpmyadmin, like /phpmyadmin/ /pma/ etc. Now I have installed PMA on Ubuntu via apt and would like to access it via webaddress different from /phpmyadmin/. What can I do to change it? Thanks

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 322 323 324 325 326 327 328 329 330 331 332 333  | Next Page >