Search Results

Search found 3707 results on 149 pages for 'secure'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 102/149 | < Previous Page | 98 99 100 101 102 103 104 105 106 107 108 109  | Next Page >

  • Cyrillic characters from javascript cookie to php output via $_COOKIE

    - by Beck
    When i'm trying to put russian text in cookie via javascript and then output it via php it returns: %u043F%u0440%u043E%u0432%u0435%u0440%u043A%u0430 How to decode this to normal cyrillic characters? This is the function i'm using to pass to document.cookie: function setCookie(c_name,val,c_expiredays,c_path,c_domain,c_secure) { var exdate=new Date(); exdate.setDate(exdate.getDate()+c_expiredays); document.cookie=c_name+ "=" +escape(val)+ /* Additional settings */ ((c_path) ? "; path=" + c_path : "") + ((c_domain) ? "; domain=" + c_domain : "") + // used to allow using only on a certain domain ((c_secure) ? "; secure" : "") + // used for HTTPS (SSL) ((c_expiredays==null) ? "" : ";expires="+exdate.toGMTString()); } setCookie('name',$(this).val(),1); On server side, i'm outputting like that: (isset($_COOKIE['img_href_value']) ? $_COOKIE['img_href_value'] : '')

    Read the article

  • Magic quotes in PHP

    - by VirtuosiMedia
    According to the PHP manual, in order to make code more portable, they recommend using something like the following for escaping data: if (!get_magic_quotes_gpc()) { $lastname = addslashes($_POST['lastname']); } else { $lastname = $_POST['lastname']; } I have other validation checks that I will be performing, but how secure is the above strictly in terms of escaping data? I also saw that magic quotes will be deprecated in PHP 6. How will that affect the above code? I would prefer not to have to rely on a database-specific escaping function like mysql_real_escape_string().

    Read the article

  • SSL on Heroku / User Authentication Across Multiple Domains

    - by Euwyn
    Posted a previous question on this, but have a followup. I was trying to create a workaround to use SSL on the expensive custom domain. I'm willing to live with bumping a user to https://app.heroku.com from http://www.app.com for certain secure pages, and have monkey-patched SSL required to make this happen. However, now this issue is with making sure my User is logged in when I do so. As I understand, cookies aren't cross domain. Is there a way around this issue?

    Read the article

  • Is writing eSQL database agnostic?

    - by Robert Koritnik
    Using EF we can use LINQ to read data which is rather simple (especialy using fluent calls), but we have less control unless we write eSQL on our own. Is writing eSQL database actually data store independant code? So if we decide to change data store, can the same statements still be used? Is writing eSQL strings in your code pose any serious security threats similar to writing TSQL statements in plain strings? So we moved to SPs. Could we still mode eSQL scripts outside of code as well and use some other technique to make them a bit more secure?

    Read the article

  • How to use Windows login for single-sign-on and for Active Directory entries for Desktop Java applic

    - by Touko
    I'd like to have my desktop Java application to have single sign on related to Active Directory users. In two steps, I'd like to : Be sure that the particular user has logged in to Windows with some user entry. Check out some setup information for that user from the Active Directory With http://stackoverflow.com/questions/31394/java-programatic-way-to-determine-current-windows-user I can get the name of the current Windows user but can I rely to that? I think the System.getProperty("user.name") won't be secure enough? ("user.name" seems to be got from environment variables, so I can't rely on that, I think?) Question http://stackoverflow.com/questions/390150/authenticating-against-active-directory-with-java-on-linux provides me the authentication for given name+pass but I'd like to authenticate based on the Windows logon? For the Active Directory access, the LDAP would probably be the choise? I'm not totally sure if I'm asking the right questions but hopefully somebody has some ideas to forward me on.

    Read the article

  • VCS File Downloading Issue with IE

    - by Sachin Gaur
    I am working on a http based (NOT Secure) Web Application. In this, I have provided a provision to add some appointment to the Client's outlook calendar. I am creating the .vcs file dynamically when clicked on a hyperlink. The code of generating .VCS file is: string calendarFormat = GetVCSFormat(); Response.ContentType = "text/calendar"; Response.AppendHeader("content-disposition", "attachment; filename=MyCalendar.vcs"); Response.Write(calendarFormat); Response.End(); It is working fine in all browsers except IE. It is giving me following error: Internet Explorer cannot download GenerateAppointment.aspx from server. Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later. Can anyone focus some light on it?

    Read the article

  • Best package for basic web-based file manager

    - by alchemical
    I'm looking for a basic web-based file management application. It must have an affordable price, and fairly easy installation would be a plus. ASP.Net / IIS based would be easiest for me to work with. Basically, I'd like it to create a secure web site where myself and a few people can exchange various types of files, etc. I'm looking for a package I can install on my own server rather than a web-based service, as I think I can get more space at a good price point this way. I could go custom coding, but I figure this is such a generic need, there must be something already mature out there at a decent price. What has worked best for you?

    Read the article

  • SSL Form Post in ASP.NET MVC 1.0

    - by goombaloon
    I'd like to use SSL for the post action on the login page of my MVC 1.0 app. I've seen some articles related to the [RequireSSL] attribute in ASP.NET MVC Futures. However, since this works using a redirect, I assume it's not an option (can't redirect a POST, correct?). Ultimately, my goal is to get the Html.BeginForm method to render "https://..." as the form's action so that I can secure the information being posted (login info). How have others handled this?

    Read the article

  • PageMethods security

    - by TenaciousImpy
    Hi, I'm trying to 'AJAX-ify' my site in order to improve the UI experience. In terms of performance, I'm also trying to get rid of the UpdatePanel. I've come across a great article over at Encosia showing a way of posting using PageMethods. My question is, how secure are page methods in a production environment? Being public, can anyone create a JSON script to POST directly to the server, or are there cross-domain checks taking place? My PageMethods would also write the data into the database (after filtering). I'm using Forms Authentication in my pages and, on page load, it redirects unauthenticated users to the login page. Would the Page Methods on this page also need to check authentication if the user POSTs directly to the method, or is that authentication inherited for the entire page? (Essentially, does the entire page cycle occur even if a user has managed to post only to the PageMethod)? Thanks

    Read the article

  • Does Google index HTTPS ASP.NET pages?

    - by ncakmak
    I have an online application that all of its pages use HTTPS. I have 3 questions: Does Google index HTTPS pages? I have a password protected single ASP.NET page (using HTTPS). Password protection is basically achieved by a Session object. When the correct password is entered, it hides the login panel and displays the same page which has a sensitive data. Is this page indexed by Google? I have a Secure folder that I implemented Forms Authentication. All pages in folder use HTTPS as well. Are the pages in this folder indexed by Google? Thank you for your help, Niyazi

    Read the article

  • Implementing Security on custom BCS/.net class?

    - by Michael Stum
    I'm implementing a custom BCS Model to get data from a backend system. As the backend uses it's own user management, I'm accessing it through a service account. All of this works well and allows me to pull data into SharePoint. However because it's channeled through the service account, everyone can access it, which is bad. Can anyone give me some tips which method to implement? The backend does not give me NT ACLs, but I wonder if I could just "fake" them somehow? (Essentially saying "This NT Group has Read Access" is good enough). I am aware of ISecurityTrimmer2 for Search Results, but ideally I want to cover security inside the BCS Model so that it applies to external lists as well. I want to avoid using Secure storage and mapping each individual user to the backend.

    Read the article

  • Let MySQL users create databases, but allow access to only their own databases

    - by eikes
    I want to have multiple a MySQL users to be able to issue commands like CREATE DATABASE dbTest; But I also want each of these users to be able to see and access only their own databases. All I could find was how to either create the databases by a DBA and grant the privileges on this database to the specific user: GRANT ALL PRIVILEGES ON dbTest.* TO 'user'; or grant privileges on all databases to a user: GRANT ALL PRIVILEGES ON *.* TO 'user'; But neither is what I want, because it needs to scale and be secure.

    Read the article

  • How to generate a client certificate using a third party CA-NOT Self Signed CA

    - by Bryan
    I am trying to trying to export a client certificate for use with a web browser. The goal is to restrict access using the <Location directive to the admin area. I have seen numerous tutorials on using self signed CAs. How would you do this using a third party? 1) Do I need to include the CA in the client pfx if it is a trusted root CA? I have seen both examples. Without CA: openssl pkcs12 -export -inkey KEYFILENAME -in CERTFILEFILENAME -out XXX.pfx With CA: openssl pkcs12 -export -in my.crt- inkey my.key -certfile my.bundle -out my.pfx 2) Do I need to still include SSLCACertificateFile for trusted CA in the httpd.conf setup? SSLVerifyClient none SSLCACertificateFile conf/ssl.crt/ca.crt <Location /secure/area> SSLVerifyClient require SSLVerifyDepth 1 </Location> http://www.modssl.org/docs/2.8/ssl_howto.html#ToC8

    Read the article

  • My website is infected with JS:ScriptIP-inf [Trj]

    - by Rizwan Aaqil
    I am using Network Solutions hosting. I was recently attacked with JS:Illredir-S [Trj], I asked my hosting providers to clean it and they cleaned it and updated all passwords, but now after a week my site got infected again with JS:ScriptIP-inf [Trj]. Can anyone please suggest me how to secure my website properly ? Should I change my hosting provider ? I am fed up of these viruses again and again on my websites. I can't even find this virus in my files. Please post informative answers. Thanks

    Read the article

  • What are the use cases for closures/callback functions in Javascript?

    - by Christopher Altman
    I was listening to Crockford's talk on Javascript closures and am convinced of the benefit of information hiding, but I do not have a firm understanding of when to use callback functions. It is mostly a true statement that a person could accomplish the same functionality with or without callbacks. As someone who is writing code, what heuristics or cues should I keep in mind when determining when to use callbacks/closures? I am not looking for the blanket statement 'Closures make more secure code', rather a list of practical examples or rules of thumb for when callbacks are the right idea. Crockford's Presentation: http://www.yuiblog.com/blog/2010/04/08/video-crockonjs-5/

    Read the article

  • Finding out what user Apache is running as?

    - by AP257
    I want to secure a file upload directory on my server as described beautifully here, but I have one problem before I can follow these instructions. I don't know what user Apache is running as. I've found a suggestion that you can look in httpd.conf and there will be a "User" line, but there is no such line in my httpd.conf file, so I guess Apache is running as the default user. I can't find out what that is, though. So, my question is (are): how do I find out what the default user is do I need to change the default user if the answer is yes and I change the default user by editing httpd.conf, is it likely to screw anything up? Thanks!

    Read the article

  • DotNetOpenAuth OpenIdTextBox For Google/Yahoo

    - by user300992
    If I want to integrate DotNetOpenAuth (primary for people to use their Google/Yahoo accounts to login, not act as provider) into my existing site, is this one line control good enough? <rp:OpenIdTextBox ID="OpenIdTextBox1" runat="server" /> Say, if a user wants to login as Google, I can simply set the textbox to "https://www.google.com/accounts/o8/id" and then they can login. I tried it with my Google account, it seems working and I can get the token from HttpContext.Current.User.Identity.Name. Is this "one line" solution secure enough for production? or is it a "must" that I have to use "OpenIdSelector" or "OpenIDLogin" control? I also opened the .net template and some samples, they are very complicated. There are PAPE policies, xrds.aspx (for discovery), ConsumerKey + ConsumerSecret...etc. As a newbie, I am very confused. Any tips on this will be really appreciated. Thanks

    Read the article

  • Advice on HTTPS connections using Ruby on Rails

    - by user502052
    Since I am developing a "secure" OAuth protocol for my RoR3 apps, I need to send protected information over the internet, so I need to use HTTPS connections (SSL/TSL). I read How to Cure Net::HTTP’s Risky Default HTTPS Behavior aticle that mentions the 'always_verify_ssl_certificates' gem, but, since I want to be more "pure" (it means: I do not want to install other gems, but I try to do everything with Ruby on Rails) as possible, I want to do that work without installing new gems. I read about 'open_uri' (it is also mentioned in the linked article: "open_uri is a common exception - it gets things right!") that is from the Ruby OOPL and I think it can do the same work. So, for my needs, is 'open_uri' the best choice (although it is more complicated of 'always_verify_ssl_certificates' gem)? If so, can someone help me using that (with an example, if possible) because I have not found good guides about?

    Read the article

  • Tools to test softwares against any attacks for programmers ?

    - by berkay
    in these days, i'm interested in software security. As i'm reading papers i see that there are many attacks and researchers are trying to invent new methods for softwares to get more secure systems. this question can be a general including all types of attacks.There are many experienced programmers in SO, i just want to learn what are using to check your code against these attacks ? Is there any tools you use or you don't care ? For example i heard about,static,dynamic code analysis, fuzz testing. SQL injection attacks Cross Site Scripting Bufferoverflow attacks Logic errors Any kind of Malwares Covert Channels ... ... thanks

    Read the article

  • Concurrency Problem in Java ...

    - by Tara Singh
    I am designing a client-server chat application in Java. This is a secure application where the messages are exchanged using cryptographic algorithms. I have one server and it can support many clients. My problem is that when one client logs on the server it works fine, but when another user logs into the system, the server starts giving me bad padding exceptions for the encrypted text. I am not able to figure out the problem, according to my logic, when new connection request to server is made, the server creates a thread for listening to the client. Is it possible that once the instance of thread class is created, it does all the processing correctly for the first client, but not for the second client because the variables in server listener thread class already have some previous value, and thus the encrypted text is not decrypted properly? Please advise how I can make this process more robust so that the number of clients does not affect how well the server functions.

    Read the article

  • Web site aggregation with twitter widget SSL issue

    - by AB
    Hello! I'm seeking for solution how to isolate widget included by partial to main site. Issue appear when user access site with https. Ie 6,7 shows security confirmation dialog (part of website resources are not in secure zone). First of all I download twitter widget on our side, also I download all CSS and pictures. Then I patched widget JS to point onto downloaded resources. But still has not luck with security warning :( I guess the reason of this issue is AJAX request to twitter, but there is no idea how to sole it. (Just to create some kind of proxy on our side). Thank you for attention.

    Read the article

  • CSS for https urls

    - by Vincent
    Hello, looking for some help with images referenced within the stylesheet. I have no problems with these from non secure locations within the site but only from https. The stylesheet loads fine and displays everything correctly except for the images. example: body { margin: 0; padding: 0; background: url(/img/background_tile.gif) top left repeat-x; text-align: center; background-color: #fff; } All my css files and other image paths inside the code use relative urls to images. How can I make sure they all work fine without hard coding my image paths with https or http? I want the code to work fine with http and https. Thanks

    Read the article

  • How to use Custom AuthorizeAttribute for controller utilizing parameter value?

    - by RSolberg
    I am trying to secure a controller action to prevent a user from accessing an Entity that they do not have access to. I am able to do this with the following code. public ActionResult Entity(string entityCode) { if (CurrentUser.VerifyEntityPermission(entityCode)) { //populate viewModel... return View(viewModel); } return RedirectToAction("NoAccessToEntity", "Error"); } I would like to be able to add an attribute to the controller action itself. In order to validate the access to the entity, I need to see what value has been passed to the controller and what entities the user has access to. Is this possible? [EntityAuthRequired] public ActionResult Entity(string entityCode) { //populate viewModel... return View(viewModel); }

    Read the article

  • How to configure Multi-tenant plugin as single-tenant with Spring security plugin as resolver?

    - by Fabien Barbier
    I can create a secure, multi-tenant web app with Grails by : setup spring security plugin, setup Multi-tenant plugin (via multi-tenant install and multi-tenant-spring-security) update config.groovy : tenant { mode = "multiTenant" resolver.type = "springSecurity" } add : Integer userTenntId in User domain add a domain class for tenant Organization associate the tenants with Organization Edit BootStrap.groovy. Everything works fine in multi-tenant mode, but how to use mode = "singleTenant" ? This configuration sound not working : tenant { mode = "singleTenant" resolver.type = "springSecurity" } Edit : I try this config : tenant { mode = "singleTenant" resolver.type = "springSecurity" datasourceResolver.type = "config" dataSourceTenantMap { t1 = "jdbc:hsqldb:file:custFoo" t2 = "jdbc:hsqldb:file:custBar" } } But I get : ERROR errors.GrailsExceptionResolver - Executing action [list] of controller [org.example.TicketController] caused exception: java.lang.StackOverflowError and : Caused by: java.lang.StackOverflowError at org.grails.multitenant.springsecurity.SpringSecurityCurrentTenant.getTenantIdFromSpringSecurity(SpringSecurityCurrentTenant.groovy:50) at org.grails.multitenant.springsecurity.SpringSecurityCurrentTenant.this$2$getTenantIdFromSpringSecurity(SpringSecurityCurrentTenant.groovy) at org.grails.multitenant.springsecurity.SpringSecurityCurrentTenant$this$2$getTenantIdFromSpringSecurity.callCurrent(Unknown Source) at org.grails.multitenant.springsecurity.SpringSecurityCurrentTenant.get(SpringSecurityCurrentTenant.groovy:41) at com.infusion.tenant.spring.TenantBeanContainer.getBean(TenantBeanContainer.java:53) at com.infusion.tenant.spring.TenantMethodInterceptor.invoke(TenantMethodInterceptor.java:32) at $Proxy14.getConnection(Unknown Source)

    Read the article

  • Use absolute path for easier modify include path in future?

    - by i need help
    config.php put at the root level, this file will be included in any pages. Then at config.php <?php define( 'ROOT_DIR', dirname(__FILE__) ); ?> So at all other pages from different sub/a.php , sub/sub/b.php directories, when I want to include a specific file in specific location, I just need to include( ROOT_DIR.'/include/functions.php' ); In windows server, the ROOT_DIR bring the value to C:/inetpub/vhosts/domain.com Is this a good/secure way? It seems like via this way, when I move the b.php to other upper level folder, I don't need to do any changes to the include file path, which is good for maintenance. Any cons? Like SEO wise, or any other reason... What you guys think.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 98 99 100 101 102 103 104 105 106 107 108 109  | Next Page >