Search Results

Search found 27912 results on 1117 pages for 'computer security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 68/1117 | < Previous Page | 64 65 66 67 68 69 70 71 72 73 74 75  | Next Page >

  • Is man-in-the-middle attack a security threat during SSH authentication using keys?

    - by JP19
    Hi, I am no expert in network security, so pardon if this question is not very smart :). I am automating logins to some machines using ssh. I am currently avoiding host-key warnings using StrictHostKeyChecking no. I naively understand that someone can impersonate as the server and I risk losing my password to him if that were the case. However, if I am using only public/private Key based authentication ( using PasswordAuthentication no ), can the intruder still cause harm? So basically, with ssh -o "StrictHostKeyChecking no" -o "PasswordAuthentication no" : 1) Can the intruder decipher my private key? 2) Are there any other security threats? regards, JP

    Read the article

  • Important Security Issue: Is it possible to put binary image data into html markup code and then get

    - by Joern Akkermann
    Hi, it's an important security issue and I'm sure this should be possible. A simple example: You run a community portal. Users are registered and upload their pictures. Your application gives security rules wenever a picture is allowed to be displayed. For example users must be friends on each sides by the system, in order that you can view someone elses uploaded pictures. Here comes the problem: it is possible that someone crawls the image directories of your server. But you want to protect your users from such attacks. If it's possible to put the binary data of an image directly into the html markup, you can restrict the user access of your image dirs the user and group your web application runs of and pass the image data to your apache user and group directly in the html. The only possible weakness then is the password of the user that your web app runs as. Is there already a possibility? Yours, Joern.

    Read the article

  • In search of a packaged .Net security solution for web-forms.

    - by Chuck Conway
    We are looking for a security solution for asp.net that has security down to the control level. This is not a necessity but, it would be nice. At the very least it needs to extend-able to allow for control level permissions. The solution should have an administration panel of some sort. It also needs to support roles, groups, and individual permissions. We haven't seen anything like this in the marketplace -- we are in the process of rolling our own solution. We'd rather use an off the shelf solution.

    Read the article

  • Make a connection to a HTTPS server from Java and ignore the validity of the security certificate

    - by justinhj
    I've been testing some that works with a bunch of https servers with different keys, some of which are invalid and all of them are not in the local key store for my JVM. I am really only testing things out, so I don't care about the security at this stage. Is there a good way to make POST calls to the server and tell Java not to worry about the security certificates? My google searches for this have brought up some code examples that make a class to do the validation, that always works, but I cannot get it to connect to any of the servers.

    Read the article

  • How to handle security constraints using GWT 2.1's RequestFactory?

    - by Marc
    I am currently developing a GWT 2.1 application that is to be deployed on Google App Engine. I would like to realise the server communication using the new RequestFactory. Now my question is how to handle fine-grained security issues in this context? Some server actions (of those declared in the RequestContext stubs) shall be restricted to certain users (possibly depending on the parameters of the remote call). If a call is unauthorised, I would like the client to show a login page (so that one may log in as a different user, for example). From the Expenses example, I know how to implement an automatic redirection to a login page, but in this example, the security model is quite simple: A client is allowed to access the servlet if and only if a user is logged in. Shall I raise a custom UnAuthorizedException in my server-side service? Where should I intercept this exception? (Can I do this in a servlet filter like the GaeAuthFilter of the Expenses example?)

    Read the article

  • Where can I learn about security and online privacy?

    - by user278457
    I'd really like to start including shopping cart functionality in my projects. At first im content relying on paypal links, but I really want to be learning about specific security threats and how to combat them. Eventually I want to feel comfortable receiving and sending customer credit card details for ecommerce. Obviously this is a common thing on the net but most tutorials and resources are content to say "it's every web developers responsibility to consider security, but we're not going to cover that here/today/ever." so, my question is, where is a good place to learn? And once I've learned, how do I stay abreast of new vulnerabilities as the web evolves?

    Read the article

  • How to implement User base security not role base in asp.net?

    - by Gaurav
    Hi, I have to implement User base security in my Web project using .Net3.5. Followings are some we need: Roles can be Admin, Manage, Editor, Member etc User can have multiple roles Every roles has its own dynamic menus and restrictions/resources All menus and interface will populate dynamically from Database I heard some where this kind of i.e user base security can be implemented using HashTable but I dont know how is it? Today I came to know that for this kind of work Java people use Interceptor Design patterns. So, how could I do the same in asp.net C#?

    Read the article

  • (Fluent) NHibernate Security Exception - ReflectionPermission

    - by PeterEysermans
    I've upgraded an ASP.Net Web application to the latest build of Fluent NHibernate (1.0.0.636) and the newest version of NHibernate (v2.1.2.4000). I've checked a couple of times that the application is running in Full trust. But I keep getting the following error: Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [SecurityException: Request for the permission of type 'System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.] System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0 System.Security.CodeAccessPermission.Demand() +54 System.Reflection.Emit.DynamicMethod.PerformSecurityCheck(Type owner, StackCrawlMark& stackMark, Boolean skipVisibility) +269 System.Reflection.Emit.DynamicMethod..ctor(String name, Type returnType, Type[] parameterTypes, Type owner, Boolean skipVisibility) +81 NHibernate.Bytecode.Lightweight.ReflectionOptimizer.CreateDynamicMethod(Type returnType, Type[] argumentTypes) +165 NHibernate.Bytecode.Lightweight.ReflectionOptimizer.GenerateGetPropertyValuesMethod(IGetter[] getters) +383 NHibernate.Bytecode.Lightweight.ReflectionOptimizer..ctor(Type mappedType, IGetter[] getters, ISetter[] setters) +108 NHibernate.Bytecode.Lightweight.BytecodeProviderImpl.GetReflectionOptimizer(Type mappedClass, IGetter[] getters, ISetter[] setters) +52 NHibernate.Tuple.Component.PocoComponentTuplizer..ctor(Component component) +231 NHibernate.Tuple.Component.ComponentEntityModeToTuplizerMapping..ctor(Component component) +420 NHibernate.Tuple.Component.ComponentMetamodel..ctor(Component component) +402 NHibernate.Mapping.Component.BuildType() +38 NHibernate.Mapping.Component.get_Type() +32 NHibernate.Mapping.SimpleValue.IsValid(IMapping mapping) +39 NHibernate.Mapping.RootClass.Validate(IMapping mapping) +61 NHibernate.Cfg.Configuration.ValidateEntities() +220 NHibernate.Cfg.Configuration.Validate() +16 NHibernate.Cfg.Configuration.BuildSessionFactory() +39 FluentNHibernate.Cfg.FluentConfiguration.BuildSessionFactory() in d:\Builds\FluentNH\src\FluentNHibernate\Cfg\FluentConfiguration.cs:93 Anyone had a similar error? I've seach the web / stackoverflow / NHibernate forums but only found people who had a problem when running in medium trust mode, not full trust. I've been developing for several months on this application on this machine with previous versions of Fluent NHibernate and NHibernate. The machine I'm running this on is 64-bit, you never know that this is relevant.

    Read the article

  • Mirror using apt-mirror and exclud certain sections/categories

    - by Onitlikesonic
    I'm currently using apt-mirror to create a local mirror of the debian repositories. As the mirrored repositories will be used only by machines destined to be headless servers and as an effort to reduce the current mirroring size (around 75GB), categories like games and possibly others will never be needed. How can I go about specifying (on the mirror.list perhaps?) what sections/categories I want to be excluded from the mirroring? Maybe a bit subjective, but apart from games what other sections/categories could be "safely" ignored from the mirroring for my environment purposes? My mirror.list looks as below since all the machines are using precise. # MAIN deb-amd64 http://archive.ubuntu.com/ubuntu precise main restricted universe multiverse deb-i386 http://archive.ubuntu.com/ubuntu precise main restricted universe multiverse # SECURITY deb-amd64 http://archive.ubuntu.com/ubuntu precise-security main restricted universe multiverse deb-i386 http://archive.ubuntu.com/ubuntu precise-security main restricted universe multiverse Also, what others would you recommend adding to the list to be mirrored for a relatively stable environment? Again I understand this is subjective, just looking for some pointers. Much appreciated in advance

    Read the article

  • IIS Not Accepting Active Directory Login Credentials

    - by Dale Jay
    I have an ASP.NET web form using Microsoft's boilerplate Active Directory login page, set up exactly as suggested. Windows Authentication is activated on the "Default Website" and "MyWebsite" levels, and Domain\This.User is given "Allow" access to the site. After entering the valid credentials for This.User on the web form, a popup window appears asking me to enter my credentials yet again. Despite entering valid credentials for This.User (after attempting Domain\This.User and This.User formats), it rejects the credentials and returns an unauthorized security headers page (error 401.2). Active Directory user This.User is valid, the IP address of the AD server has been verified and SPN's have been set up for the server. Error Code: 0x80070005 Default Web Site security config: <system.web> <identity impersonate="true" /> <authentication mode="Windows" /> <customErrors mode="Off" /> <compilation debug="true" /> </system.web> Sub web site security <authentication mode="Windows"> <forms loginUrl="~/logon.aspx" timeout="2880" /> </authentication> <authorization> <deny users="?" /> <allow users="*" /> </authorization>

    Read the article

  • Cost effective way to provide static media content

    - by james
    I'd like to be able to deliver around 50MB of static content, either in about 30 individual files up to 10MB or grouped into 3 compressed files, around 5k to 20k times a day. Ideally I'd like to put some sort of very basic security around providing the data to ensure that a request is from the expected source, but if tossing the security for a big reduction in price is possible then it's an option. Does anyone have any suggestions other than what I've found: Google AppEngine is $0.12/GB & I believe has a file size limit of 10MB so I'd have to break the data up a bit. So a rough calculation would seem to be that this would cost me about $30 to $120 a day. Or I've seen something like what seems to be just public static content delivery with no type of logic capabilities like Usenet.nl at what I think calculates to about $0.025/GB which would cost me about $6 to $25 a day. Any idea if I'm going about these calculations right & if there might be a better option for just static content on a decently high volume delivery? Again some basic security would be great but if cost is greatly reduced without it then I'm up for that.

    Read the article

  • IE8 HTTPs Download Issue

    - by Jon Egerton
    I have a problem with a system I develop related to IE8 downloading over SSL (ie on sites using https://...) and is described on this MS kb article: http://support.microsoft.com/kb/323308 We use the HTTPCacheability.NoCache option as the data being downloaded is sensitive, and is downloaded from a secured site. I don't want that data to be cached on any of the proxies etc that the response passes through back to the client. The article describing the issue details a fix to the client side registry changing a BypassSSLNoCacheCheck setting. I don't want to loosen the system security just for IE8, as the system works fine on anything more upto date. Getting all the clients to apply the hotfix is difficult at best, and impossible at worst. We need to support IE8 in the system, at least for now. So: 1: Does the detailed hotfix have any implications for the security at the browser end in IE8 - does it mean the file will be cached? (in a place other than where the user saves the file). 2: Is there some way I can get these files downloadable with a change at the server end that doesn't break the security side of things?

    Read the article

  • Choosing a CMS to use with backend modules involving haskell and python [on hold]

    - by Butterflycode
    Hi I am trying to decide on a CMS to use for a new project. Security is the most important element of the CMS. I am looking to use a PHP based CMS such as Joomla or Drupal however, PHP has many security flaws which worries me. The data which needs to be secure will be inside a database and relate to account information. I am wondering what is the best way to do this? What I am wanting is a frontend which is made in php/js(joomla) and then I have a backend api which is written in Haskell to handle money transfers ensuring nothing goes wrong. In between the two I want a controller written in perhaps Python or C. I never want the php to touch the database. I want it to relay messages to the controller that's written in python or C and then it inputs to the database, sanitising data etc Am I perhaps thinking too deeply about this? Just wondering if anyone has any ideas on what I should do.... I can't quite explain what the project is as I don't want the idea to be stolen, but it has a lot money transactions involved so security is essential.

    Read the article

  • Ghost Records, Backups, and Database Compression…With a Pinch of Security Considerations

    - by Argenis
      Today Jeffrey Langdon (@jlangdon) posed on #SQLHelp the following questions: So I set to answer his question, and I said to myself: “Hey, I haven’t blogged in a while, how about I blog about this particular topic?”. Thus, this post was born. (If you have never heard of Ghost Records and/or the Ghost Cleanup Task, go see this blog post by Paul Randal) 1) Do ghost records get copied over in a backup? If you guessed yes, you guessed right. The backup process in SQL Server takes all data as it is on disk – it doesn’t crack the pages open to selectively pick which slots have actual data and which ones do not. The whole page is backed up, regardless of its contents. Even if ghost cleanup has run and processed the ghost records, the slots are not overwritten immediately, but rather until another DML operation comes along and uses them. As a matter of fact, all of the allocated space for a database will be included in a full backup. So, this poses a bit of a security/compliance problem for some of you DBA folk: if you want to take a full backup of a database after you’ve purged sensitive data, you should rebuild all of your indexes (with FILLFACTOR set to 100%). But the empty space on your data file(s) might still contain sensitive data! A SHRINKFILE might help get rid of that (not so) empty space, but that might not be the end of your troubles. You might _STILL_ have (not so) empty space on your files! One approach that you can follow is to export all of the data on your database to another SQL Server instance that does NOT have Instant File Initialization enabled. This can be a tedious and time-consuming process, though. So you have to weigh in your options and see what makes sense for you. Snapshot Replication is another idea that comes to mind. 2) Does Compression get rid of ghost records (2008)? The answer to this is no. The Ghost Records/Ghost Cleanup Task mechanism is alive and well on compressed tables and indexes. You can prove this running a simple script: CREATE DATABASE GhostRecordsTest GO USE GhostRecordsTest GO CREATE TABLE myTable (myPrimaryKey int IDENTITY(1,1) PRIMARY KEY CLUSTERED,                       myWideColumn varchar(1000) NOT NULL DEFAULT 'Default string value')                         ALTER TABLE myTable REBUILD PARTITION = ALL WITH (DATA_COMPRESSION = PAGE) GO INSERT INTO myTable DEFAULT VALUES GO 10 DELETE myTable WHERE myPrimaryKey % 2 = 0 DBCC TRACEON(2514) DBCC CHECKTABLE(myTable) TraceFlag 2514 will make DBCC CHECKTABLE give you an extra tidbit of information on its output. For the above script: “Ghost Record count = 5” Until next time,   -Argenis

    Read the article

  • Ghost Records, Backups, and Database Compression…With a Pinch of Security Considerations

    - by Argenis
      Today Jeffrey Langdon (@jlangdon) posed on #SQLHelp the following questions: So I set to answer his question, and I said to myself: “Hey, I haven’t blogged in a while, how about I blog about this particular topic?”. Thus, this post was born. (If you have never heard of Ghost Records and/or the Ghost Cleanup Task, go see this blog post by Paul Randal) 1) Do ghost records get copied over in a backup? If you guessed yes, you guessed right. The backup process in SQL Server takes all data as it is on disk – it doesn’t crack the pages open to selectively pick which slots have actual data and which ones do not. The whole page is backed up, regardless of its contents. Even if ghost cleanup has run and processed the ghost records, the slots are not overwritten immediately, but rather until another DML operation comes along and uses them. As a matter of fact, all of the allocated space for a database will be included in a full backup. So, this poses a bit of a security/compliance problem for some of you DBA folk: if you want to take a full backup of a database after you’ve purged sensitive data, you should rebuild all of your indexes (with FILLFACTOR set to 100%). But the empty space on your data file(s) might still contain sensitive data! A SHRINKFILE might help get rid of that (not so) empty space, but that might not be the end of your troubles. You might _STILL_ have (not so) empty space on your files! One approach that you can follow is to export all of the data on your database to another SQL Server instance that does NOT have Instant File Initialization enabled. This can be a tedious and time-consuming process, though. So you have to weigh in your options and see what makes sense for you. Snapshot Replication is another idea that comes to mind. 2) Does Compression get rid of ghost records (2008)? The answer to this is no. The Ghost Records/Ghost Cleanup Task mechanism is alive and well on compressed tables and indexes. You can prove this running a simple script: CREATE DATABASE GhostRecordsTest GO USE GhostRecordsTest GO CREATE TABLE myTable (myPrimaryKey int IDENTITY(1,1) PRIMARY KEY CLUSTERED,                       myWideColumn varchar(1000) NOT NULL DEFAULT 'Default string value')                         ALTER TABLE myTable REBUILD PARTITION = ALL WITH (DATA_COMPRESSION = PAGE) GO INSERT INTO myTable DEFAULT VALUES GO 10 DELETE myTable WHERE myPrimaryKey % 2 = 0 DBCC TRACEON(2514) DBCC CHECKTABLE(myTable) TraceFlag 2514 will make DBCC CHECKTABLE give you an extra tidbit of information on its output. For the above script: “Ghost Record count = 5” Until next time,   -Argenis

    Read the article

  • Nervous about the "real" world

    - by Randy
    I am currently majoring in Computer Science and minoring in mathematics (the minor is embedded in the major). The program has a strong C++ curriculum. We have done some UNIX and assembly language (not fun) and there is C and Java on the way in future classes that I must take. The program I am in did not use the STL, but rather a STL-ish design that was created from the ground up for the program. From what I have read on, the STL and what I have taken are very similar but what I used seemed more user friendly. Some of the programs that I had to write in C++ for assignments include: a password server that utilized hashing of the passwords for security purposes, a router simulator that used a hash table and maps, a maze solver that used depth first search, a tree traveler program that traversed a tree using levelorder, postorder, inorder, selection sort, insertion sort, bit sort, radix sort, merge sort, heap sort, quick sort, topological sort, stacks, queues, priority queues, and my least favorite, red-black trees. All of this was done in three semesters which was just enough time to code them up and turn them in. That being said, if I was told to use a stack to convert an equation to infix notation or something, I would be lost for a few hours. My main concern in writing this is when I graduate and land an interview, what are some of the questions posed to assess my skills? What are some of the most important areas of computer science that are prevalent in the field? I am currently trying to get some ideas of programs I can write in C++ that interest and challenge me to keep learning the language. A sodoku solver came to mind but am lost as to where to start. I apologize for the rant, but I'm just a wee bit nervous about the future. Any tips are appreciated.

    Read the article

  • How to learn the math behind the code?

    - by Solomon Wise
    I am a 12 year old who has recently gotten into programming. (Although I know that the number of books you have read does not determine your programming competency or ability, just to paint a "map" of where I am in terms of the content I know...) I've finished the books: Python 3 For Absolute Beginners Pro Python Python Standard Library by Example Beautiful Code Agile Web Development With Rails and am about halfway into Programming Ruby. I have written many small programs (One that finds which files have been updated and deleted in a directory, one that compares multiple players' fantasy baseball value, and some text based games, and many more). Obviously, as I'm not some sort of child prodigy, I can't take a formal Computer Science course until high school. I really want to learn computer science to increase my knowledge about the code, and the how the code runs. I've really become interested in the math part after reading the source code for Python's random module. Is there a place where I can learn CS, or programming math online for free, at a level that would be at least partially understandable to a person my age?

    Read the article

  • I need advice on laptop purchase for university [closed]

    - by Systemic33
    I'm currently in University studying Computer Science/IT/Information Technology. And this first year i've managed to do with the laptop I had; an ASUS Eee PC 1000H with a 10.1" screen. But this is getting way too underpowered and small for programming more than just quick programming introduction excercises. So I'm looking to buy a more suitable laptop. It's not supposed to be a desktop replacement though, since I've got a pretty good desktop already with a 24" monitor. So the kinda laptop I want to buy is one suited for university. If this bears any significance, I'm working in Java atm, but I will likely work with lots of other things incl. web development. I'm looking to spend about $1700 plus/minus. And it should be powerful/big enough for working on programming projects as well as the usual university stuff like MATLAB, Maple, etc out "in the field", and sometimes for maybe a week when visiting my parents. What I'm looking at right now is the ASUS Zenbook UX31A with the 1920 x 1080 resolution on 13.3" IPS display. But I'm kinda nervous that this will be too petite for programming. In essence i'm looking for a powerfull computer, that has good enough battery, and looks good. I would love suggestions or any type of feedback, either with maybe a better choice, or input on how its like programming on 13" laptops. Very much thanks in advance for anyone who even went through all that! PS. I don't want a mac, or my inner karma would commit Seppuku xD But experiences from working on the 13" Macbook Air would kinda be equivalent to the Zenbook i'm considering, so I would love to hear that. tl;dr The quick brown fox jumps over the lazy dog ;)

    Read the article

  • "This file came from another computer..." - how can I unblock all the files in a folder without having to unblock them individually?

    - by Schnapple
    Windows XP SP2 and Windows Vista have this deal where zone information is preserved in downloaded files to NTFS partitions, such that it blocks certain files in certain applications until you "unblock" the files. So for example if you download a zip file of source code to try something out, every file will display this in the security settings of the file properties "This file came from another computer and might be blocked to help protect this computer" Along with an "Unblock" button. Some programs don't care, but Visual Studio will refuse to load projects in solutions until they've been unblocked. While it's not terribly difficult to go to every project file and unblock it individually, it's a pain. And it does not appear you can unblock multiple selected files simultaneously. Is there any way to unblock all files in a directory without having to go to them all individually? I know you can turn this off globally for all new files but let's say I don't want to do that

    Read the article

  • I need some career/education advice regarding computer science [on hold]

    - by user2521987
    So I'm a senior mathematics major this fall and I have only taken three CS classes (Java I, Java II, and C++). This summer, I am participating in a mathematics REU (Research Experience for Undergraduates), and I program in C++ about 8 hours a day...and I find that I absolutely love it. I love using programming to solve math problems in my research. I think I want to pursue a career in programming. I have a few options Stay at my university an extra 1-1.5 years (beyond the 4) and do a double major in Math/CS. This will put me in up to around 7-10k in debt (currently I have no debt and am scheduled to graduate debt free). Then apply to a masters in CS. Apply directly to a masters in CS from a math undergraduate degree. I don't like this idea because I likely won't get into a good program or funded with such little background. Go to graduate school, funded, in applied mathematics and try to further my knowledge in computer science while there. Then apply to a masters in CS. I'm not sure if 1 or 3 would be better. My end goal would be to go to a top 20-30 CS graduate program and to get a cool, good job. What would you recommend?

    Read the article

  • The Most Ridiculous Computer Cameos of All Time

    - by Jason Fitzpatrick
    For the last half century computers have played all sorts of major and minor roles in movies; check out this collection to see some of the more quirky and out-of-place appearances. Wired magazine rounds up some of the more oddball appearances of computers in film. Like, for example, the scene shown above from Soylent Green: Spoiler alert: Soylent Green is people! But that’s not the only thing we’re gonna spoil. Soylent Green is set in 2022, and at one point, you’ll notice that a government facility is still using a remote calculator that plugs into the CDC 6600, a machine that was state-of-the-art in 1971. Come to think of it, we should scratch this from the list. This is pretty close to completely accurate. Hit up the link below to check out the full gallery, including a really interesting bit about how the U.S. Government’s largest computer project–once decommissioned and sold as surplus–ended up on the sets of dozens of movies and television shows. The Most Wonderfully Ridiculous Movie Computers of All Time [Wired] Why Enabling “Do Not Track” Doesn’t Stop You From Being Tracked HTG Explains: What is the Windows Page File and Should You Disable It? How To Get a Better Wireless Signal and Reduce Wireless Network Interference

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 64 65 66 67 68 69 70 71 72 73 74 75  | Next Page >