Search Results

Search found 2788 results on 112 pages for 'symantec endpoint protect'.

Page 77/112 | < Previous Page | 73 74 75 76 77 78 79 80 81 82 83 84  | Next Page >

• Reason for monolithic data files

  - by Ali Lown

  Primarily this seems to be a technique used by games, where they have all the sounds in one file, textures in another etc. With these files commonly reaching the GB size. What is the reason behind doing this over maintaining it all in subdirectories as small files - one per texture which many small games use this, with the monolithic system being favoured by larger companies? Is there some file system overhead with lots of small files? Are they trying to protect their property - although most just seem to be a compressed file with a new extension?

  Read the article

• php Form to Email sanitizing

  - by Jacob

  Hi, im using the following to send a contact us type form, iv looked into security and only found that you need to protect the From: bit of the mail function, as ive hardcoded this does that mean the script is spamproof / un-hijackable $tenantname = $_POST['tenan']; $tenancyaddress = $_POST['tenancy']; $alternativename = $_POST['alternativ //and a few more //then striptags on each variable $to = "[email protected]"; $subject = "hardcoded subject here"; $message = "$tenantname etc rest of posted data"; $from = "[email protected]"; $headers = "From: $from"; mail($to,$subject,$message,$headers);

  Read the article

• Is it possible for a XSS attack to obtain HttpOnly cookies?

  - by Dan Herbert

  Reading this blog post about HttpOnly cookies made me start thinking, is it possible for an HttpOnly cookie to be obtained through any form of XSS? Jeff mentions that it "raises the bar considerably" but makes it sound like it doesn't completely protect against XSS. Aside from the fact that not all browser support this feature properly, how could a hacker obtain a user's cookies if they are HttpOnly? I can't think of any way to make an HttpOnly cookie send itself to another site or be read by script, so it seems like this is a safe security feature, but I'm always amazed at how easily some people can work around many security layers. In the environment I work in, we use IE exclusively so other browsers aren't a concern. I'm looking specifically for other ways that this could become an issue that don't rely on browser specific flaws.

  Read the article

• How to build a SQL statement when any combination of user input to the table is possible?

  - by Greg McNulty

  Example: the user fills in everything but the product name. I need to search on what is supplied, so in this case everything but productName= This example could be for any combination of input. Is there a way to do this? Thanks. $name = $_POST['n']; $cat = $_POST['c']; $price = $_POST['p']; if( !($name) ) { $name = some character to select all? } $sql = "SELECT * FROM products WHERE productCategory='$cat' and productName='$name' and productPrice='$price' "; EDIT Solution does not have to protect from attacks. Specifically looking at the dynamic part of it.

  Read the article

• Lucene .NET IndexWriter lock

  - by Pini Salim

  My question related to the next code snippet: static void Main(string[] args) { Lucene.Net.Store.Directory d = FSDirectory.Open(new DirectoryInfo(/*my index path*/)); IndexWriter writer = new IndexWriter(d, new WhitespaceAnalyzer()); //Exiting without closing the indexd writer... } In this test, I opened an IndexWriter without closing it - so even after the test exits, the write.lock file still exists in the index directory, so I expected that the next time I open an instance of IndexWriter to that index, a LockObatinFailedException will be thrown. Can someone please explain to me why am I wrong? I mean, does the meaning of the write.lock file is to protect creation of two IndexWriters in the same process only? that doesnt seems the right answer to me...

  Read the article

• saving appengine mail from spam filters

  - by Fh

  One of my clients uses Trend Micro InterScan Messaging Security to protect their internal mail services. Suddenly InterScan decided to filter out all messages coming from Google App Engine. Unfortunately they haven't been able to whitelist the sender address as each e-mail gets a different one. For example, *3ckihSOVMMHlZHSL.JSMMHlZHSL.JS*@apphosting.bounces.google.com, with everything before the @ being variable. Update I'm including this screenshot of how Interscan sees the incoming e-mail. Notice that all senders are different: If I look into the e-mail headers, the apphosting domain appears inside the Return-Path field: Return-Path: <36kSiSwYIBh0883XL3E7.5EH883XL3E7.5E@apphosting.bounces.google.com> The "From" field looks ok. It says what I set it to say, but the spam filter only looks at the Return-Path. My client sysadmin doesn't want to whitelist the whole apphosting domain, as it wouldn't be only whitelisting my application. How could I bypass this e-mail filters if I can't get an unique sender? Thanks,

  Read the article

• Backbone collection's URL depends on initialize function

  - by egidra

  I have a Backbone collection whose URL depends on the initialize function. When I create an instance of this Backbone collection, I pass in an ID to filter which instances of the model appear. Here is what the collection's code looks like: var GoalUpdateList = Backbone.Collection.extend({ // Reference the Goal Update model model: GoalUpdate, // Do HTTP requests on this endpoint url: "http://localhost:8000/api/v1/goal_update/?goal__id=" + this.goal_id + "&format=json", // Set the goal ID that the goal update list corresponds to initialize: function(goal_id) { this.goal_id = goal_id; console.log(this.goal_id); console.log(this.url); }, }); Of course, this doesn't work. this.goal_id is seen as being undefined. I guess because the URL is set before the initialization function is run.

  Read the article

• How to create digital signature that can not be used to reproduce the message twice

  - by freediver

  I am creating a client-server application and I'd like to send data from server to client securely. Using public/private key algorithms makes sense and in PHP we can use openssl_sign and openssl_verify functions to check that the data came by someone who has the private key. Now imagine that one of the actions sent by server to client is destructive in nature. If somebody uses an HTTP sniffer to catch this command (which will be signed properly) how can I further protect the communication to ensure that only commands coming from our server get processed by the client? I was thinking about using current UTC time as part of the encrypted data but client time might be off. Is there a simple solution to the problem?

  Read the article

• What is the impact/limitation of oracle select with large number of bind variables?

  - by Igal Serban

  We had our oracle server chocking during processing a select statement with close to 3500(!!) bind variables. This select is, obviously, build dynamically by code that we can't change. During the execution of this select the db server went to 100% cpu usage and our system almost halted. We know how to reproduce this problem. So we can prevent this specific condition. But I am wondering if there is a way to protect the db ( by configuration) from this type of problems.

  Read the article

• How to change the assemblyIdentity of a program

  - by David

  I want to hide the tool I used to create an .exe file. I am not doing anything illegal, I just want to protect my intellectual property from being copied. If I open the exe file in a text editor I see the following section. <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="XXX.XX" processorArchitecture="X86" name="Microsoft.Windows.NameOfTheTool" type="win32" /> </assembly> I have attempted to change the name to: name="Microsoft.Windows.SomeOtherName" This resulted in the following message when I attempted to execute the file. "This application has failed to start because its side-by-side configuration is incorrect." How can I solve this?

  Read the article

• Zend - Deny access to CSS, JS, Image files

  - by Vincent

  All, I have the following Zend application structure: helloworld - application - configs - controllers - models - layouts - include - library - public - design -- css -- site.css -- js -- global.js -- images -- siteheader.gif -- sitefooter.gif - .htaccess - index.php My .htaccess file in public folder looks like this: Options -MultiViews RewriteEngine On RewriteCond %{REQUEST_FILENAME} -s [OR] RewriteCond %{REQUEST_FILENAME} -l [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^.*$ - [NC,L] RewriteRule ^.*$ index.php [NC,L] My document root points to the "public" folder. Currently, if the user visits a directory level URL, (Ex: http://localhost/design or localhost/css) , my .htaccess file above make sure to show him the "Access Forbidden" page. But if he visits the file level URL, (Ex: http://localhost/design/css/site.css), it shows him the CSS file or the js file or PHP file.. How can I make sure to lock file level access for the above file types, if accessed directly from the URL? Since my application is JS intensive, I want to protect it from users looking at it. Thanks

  Read the article

• JAXWS serves only 100 requests, how to configure JAXWS to change it to unlimited?

  - by cbz

  Hello, I'm using JAXWS for generating webservices and serving using EndPoint.publish() as well as deploying war file, but as soon as it has served 100 requests it wouldn't return 101st response. How to configure JAXWS to change this count to unlimited? EDIT: solution found, first of all it was not related to JAXWS and I'm sorry for posting it here, in my first impression I thought problem is with JAXWS but after deep exploring and debugging I found problem with my persistence layer (Hibernate) where max number of sessions allowed are 100 by default. Sorry again for making you guys to think which actually does not make sense.

  Read the article

• How to set the MaxReceivedMessageSize programatically when using a WCF Client?

  - by Pratt

  I want to set the MaxReceivedMessageSize property to some higher limit (Due to (400) Bad Request error) in my client programatically. This is the code I am using... WCFServiceTestClient wcfClient = new WCFServiceTestClient(new wsHttpBinding(), strServiceURL); My service url is dynamic and hence cannot use the web.config. //The following code doesnt seem to take effect ((WSHttpBinding)wcfClient.ChannelFactory.Endpoint.Binding) .MaxReceivedMessageSize = 2147483647; What am I doing wrong? Any help is appreciated. Thanks Pratt

  Read the article

• How do I download an attachment from an annotation using client-side JScript?

  - by VVander

  I'm trying to provide a link to the attachment of a note through the client-side JScript. The standard MS-made Notes component does this through the following url: [serverurl]/[appname]/Activities/Attachment/download.aspx?AttachmentType=5&AttachmentId={blahblahblah}&IsNotesTabAttachment=1&CRMWRPCToken=blahblahblah&CRMWRPCTokenTimeStamp=blahblahblah The problem is that I don't know how to get the Token or TokenTimeStamp, so I'm receiving an Access Denied error ("form is no longer available, security precaution, etc"). The only other way I can think of doing this is through the OData endpoint, but that would at best get me a base64 string that I still would have translate into a filestream to give to the browser (all of which seems like it would take forever to implement/figure out). I've found a few other posts that describe the same thing, but no one has answered them: http://social.microsoft.com/Forums/en-US/crmdevelopment/thread/6eb9e0d4-0c0c-4769-ab36-345fbfc9754f/ http://social.microsoft.com/Forums/is/crm/thread/45dabb6e-1c6c-4cb4-85a4-261fa58c04da

  Read the article

• Storing API keys in Android, is obfustication enough?

  - by fredley

  I'm using the Dropbox API. In the sample app, it includes these lines: // Replace this with your consumer key and secret assigned by Dropbox. // Note that this is a really insecure way to do this, and you shouldn't // ship code which contains your key & secret in such an obvious way. // Obfuscation is good. final static private String CONSUMER_KEY = "PUT_YOUR_CONSUMER_KEY_HERE"; final static private String CONSUMER_SECRET = "PUT_YOUR_CONSUMER_SECRET_HERE"; I'm well aware of the mantra 'Secrecy is not Security', and obfuscation really only slightly increases the amount of effort required to extract the keys. I disagree with their statement 'Obfustication is good'. What should I do to protect the keys then? Is obfustication good enough, or should I consider something more elaborate?

  Read the article

• Set form action dynamically in https-area

  - by Beerweasle

  Hi, heres the problem explanation: Im on the domain https://www.example.com - theres an Order-Form with the Action https://www.example-otherdomain.com with an other SSL Certificate. On some conditions i set the form action to https://www.example.com so that it will be posted on our domain, but if the user uses a CreditCart it should get posted to https://www.example-otherdomain.com. So far so good. But in some rare conditions, users with CreditCards still posts their form to https://www.example.com. So my idea is: Is there some Same-Domain-Policy for Javascript/HTTPS to protect the user from phishing? It seems that to set the FormAction to the same domain works, but not to reset it to the external one (with JS). I cant reproduce this error, so im asking here if someone knows if theres such a problem. It doesnt matter which UserAgent the user has (there are post datas from FF, Chrome, Webkit, IE7/8) Thx!

  Read the article

• Java Security filter together with thickbox pop-ups

  - by user197127

  Hi, I have a java application that uses a security filter to protect certain resources. If there is no user logged on, it will keep in session the request path and redirect to a logon page. After a successful logon, user is redirected to the original requested page. I have now added some thickbox (ajax bases pop-up) popups to the application. Unfortunately, when I get now a popup that is "secure" the filter redirects to a logon page (which is not a popup) and makes the whole application messy. Anyone with ideas on how to solve this? Thanks

  Read the article

• Protecting websites from the attack of malicious scripts and viruses

  - by tibin mathew

  Hi friends, I'm developing a website using php, i want to know how can i protect my site from the attack of virus, like malicious scripts, hackers etc. which are the ways this will happen, and how can i avooid such situations. is there any protecting facilities in Curl or any technologies. I'm more concerned about this because one of my site is affected with virus for some reason and i'm using data from my database all the time. so please tell me about this virus protection. when i look into google i got this url but not sure what they are meant by that. http://blog.unitedheroes.net/curl/ can any one tell me about the protective measures.... Thanks

  Read the article

• Should HTTP POST be discouraged?

  - by Tomas Sedovic

  Quoting from the CouchDB documentation: It is recommended that you avoid POST when possible, because proxies and other network intermediaries will occasionally resend POST requests, which can result in duplicate document creation. To my understanding, this should not be happening on the protocol level (a confused user armed with a doubleclick is a completely different story). What is the best course of action, then? Should we really try to avoid POST requests and replace them by PUT? I don't like that as they convey a different meaning. Should we anticipate this and protect the requests by unique IDs where we want to avoid accidental duplication? I don't like that either: it complicates the code and prevents situations where multiple identical posts may be desired.

  Read the article

• Client / Server security from mobile to website

  - by Amir Latif

  Hey. Am new to the world of web programming and learning a bunch of fairly simple new pieces of tech, trying to piece them all together. So, we have a simple client (currently iPhone, to move to J2ME soon) that's pulling down lists of data via PHP, which is talking to a MySQL db. I have a rudimentary user/login system so that data is only served to someone who matches a known user etc, either on the website or on the client. All the php scripts on the website that query the DB check to make sure an active session is in place, otherwise dumping the user back to the login screen. I've read a little about SSL and want to know if that is sufficient to protect the website AND the data passing between the server and the client?

  Read the article

• Setting a preferred item of a many-to-one in Django

  - by Mike DeSimone

  I'm trying to create a Django model that handles the following: An Item can have several Names. One of the Names for an Item is its primary Name, i.e. the Name displayed given an Item. (The model names were changed to protect the innocent.) The models.py I've got looks like: class Item(models.Model): primaryName = models.OneToOneField("Name", verbose_name="Primary Name", related_name="_unused") def __unicode__(self): return self.primaryName.name class Name(models.Model): item = models.ForeignKey(Item) name = models.CharField(max_length=32, unique=True) def __unicode__(self): return self.name class Meta: ordering = [ 'name' ] The admin.py looks like: class NameInline(admin.TabularInline): model = Name class ItemAdmin(admin.ModelAdmin): inlines = [ NameInline ] admin.site.register(Item, ItemAdmin) It looks like the database schema is working fine, but I'm having trouble with the admin, so I'm not sure of anything at this point. My main questions are: How do I explain to the admin that primaryName needs to be one of the Names of the item being edited? Is there a way to automatically set primaryName to the first Name found, if primaryName is not set, since I'm using inline admin for the names?

  Read the article

• Does XAML design mode support more color than code view?

  - by Rahul Soni

  While working with SilverLight using Visual Studio 10, I found that in design mode XAML allows a wide plethora of colors. For ex. Lime is a valid color in XAML. <LinearGradientBrush EndPoint="1,0.5" StartPoint="0,0.5"> <GradientStop Color="Yellow" Offset="0" /> <GradientStop Color="Lime" Offset="1" /> While working with code though, I found that Lime and many other colors are missing... GradientStop blueGS = new GradientStop(); blueGS.Color = Colors.Lime; What am I missing? Both of these colors belong to System.Windows.Media.Colors.

  Read the article

• Understanding CGI and SQL security from the ground up

  - by Steve

  This question is for learning purposes. Suppose I am writing a simple SQL admin console using CGI and Python. At http://something.com/admin, this admin console should allow me to modify a SQL database (i.e., create and modify tables, and create and modify records) using an ordinary form. In the least secure case, anybody can access http://something.com/admin and modify the database. You can password protect http://something.com/admin. But once you start using the admin console, information is still transmitted in plain text. So then you use HTTPS to secure the transmitted data. Questions: To describe to a learner, how would you incrementally add security to the least secure environment in order to make it most secure? How would you modify/augment my three (possibly erroneous) steps above? What basic tools in Python make your steps possible? Optional: Now that I understand the process, how do sophisticated libraries and frameworks inherently achieve this level of security?

  Read the article

• WCF SERVICE gives us faulted response

  - by malik

  My service is hosted on IIS7, windows 2008 server with sql server2008 express. I am getting following error when the process takes more than 2 minutes i got this response, i m unable to find out either it is due to sql server time out or wcf time out. my sql server process is also took long. An error occurred while receiving the HTTP response to http://REMOTE/SynchronizationService_test/SyncService.svc. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details.

  Read the article

• Writing secure java code with RMI

  - by jtnire

  Hi Everyone, This may seem like a very broad question, but any help is appreciated. I have a client/server solution written in java which uses the Cajo project (which uses RMI). I just want to try and make my solution as secure as possible, given the sensitive data that will be transferred between server and client. So far, my ideas are to make all my classes "final" as well as throw a "non-serializable" exception for all my classes in the server (except for the object bound in the RMI registry, and any objects that actually do need to be transferred of course). Can anyone think of any other ideas? I know that someone could write a malicious client - this isn't hard to do as you can find out the remote object's API using reflection. However is there anything I can do to protect a malicious client access classes/objects within the server that they are not supposed to access? Many Thanks

  Read the article

< Previous Page | 73 74 75 76 77 78 79 80 81 82 83 84  | Next Page >