Search Results

Search found 3707 results on 149 pages for 'secure'.

Page 103/149 | < Previous Page | 99 100 101 102 103 104 105 106 107 108 109 110 | Next Page >

Thoughts on security model to store credit card details

- by Faisal Abid

Here is the model we are using to store the CC details how secure does this look? All our information is encrypted using public key encryption and the keypair is user dependent (its generated on the server and the private key is symmetric encrypted using the users password which is also Hashed on the database) So basically on first run the user sends in his password via a SSL connection and the password is used with the addition of salt to generate an MD5 hash, also the password is used to encrypt the private key and the private key is stored on the server. When the user wants to make a payment, he sends his password. The password decrypts the private key, and the private key decrypts the CC details and the CC details are charged.

Read the article
Add / remove a port number to/from a URL with REGEX in PHP

- by SuperDuck

Hello guys, I've searched but was unable to find an existing regex function. Has anybody done this before? I wish to add a port number, or remove a potantially existing one from a url in php. To use in some functions which translate a given url to the secure one, unsecure one, etc. Now I need a second SSL secured site on the server so I need to dynamically add a port number while converting http to https, and remove any port number while converting from https to http. Thanks, Duck

Read the article
The host 'smtp' could not be found.

- by SmartestVEGA

I am getting the following error while sending mail by click of a button in MS access form I am using sendObject to send mail using vba code. The host 'smtp' could not be found. Please verify that you have entered the server name correctly. Account: 'pop3', Server: 'smtp', Protocol: SMTP, Port: 25, Secure(SSL): No, Socket Error: 11001, Error Number: 0x800CCC0D Points to note: I am able to send and receive mails in my outlook; Problem is only when send mails through VBA access application.(Means it is not a outlook client configuration problem) When i copy paste the Vba application to another PC, i could successfully send emails without any error. (means this is not a vba access application problem) Please help.

Read the article
|Ideas for applications using face detection and recognition

- by Omry

Full disclosure: I work at face.com. Face.com just launched a free (up to an hourly limit) face detection and recognition REST API. We got a very handy API sandbox that developers can use to play the API and to see what it can and can't do. Besides the obvious point of letting you guys know about the API, I wanted to hear from you what kind of applications you think can be developed with it. Some pretty obvious ideas: Face based login (not entirely secure but still fun). Automatic face crop for sites that let users upload photos (dating sites etc) Some kind of integration into augmented reality games There is no right or wrong answers here, use your imagination :).

Read the article
Which open source social networking platform to use?

- by vrao

I want to build a highly secure social networking portal. Like other portals, subscriber users should be able to create a topic, discuss topic, share information about them, and have the ability for notifications/alerts. The added feature, I would like to have is to moderate users. Based on the topic of discussion, users will be asked automated questions and their responses will be processed to provide recommendations. I have no knowledge of social networking portal requirements. I will be coding alone and want to have something up and running in about six months. Which is the easiest open source platform that I should use to develop? I know some.net and sql, but I am open to use other platforms. Please give me your recommendations

Read the article
Avoid Internet Explorer Warning when embedding Youtube on HTTPS site?

- by pellepim

On a HTTPS site embedding youtube clips works great in all browser, except Internet Explorer where I get this famous little warning message: "Do you want to view only the webpage content that was delivered securely? This page contains content that will not be delivered using a secure HTTPS ... etc" I've tried to solve this in several ways. The most promising one was to use the ProxyPass functionality in Apache to map to YouTube. Like this: ProxyPass: /youtube/ http://www.youtube.com ProxyPassReverse: /youtube/ http://www.youtube.com This gets rid of the annoying warning. However, the youtube SWF fails to start streaming The SWF i manage to load into the browser simply states : "An error occurred, please try again later". Potential solutions are perhaps: Download youtube FLV:s and serve them out of own domain (gah) Use custom FLV-player and stream only FLV:s from youtube over a https proxy?

Read the article
On iPhone, how do I show a login screen to get username and password before giving access to iPhone

- by MikeN

On iPhone, how do I show a login screen to get username and password before giving access to iPhone app? Also, does the iPhone store a cookie to the secure website like a web browser? I was thinking of giving users to my website a long API key to store in the settings of their iPhone instead of asking them to login with a username/password (seems to be the Slicehost iPhone app approach.) Which is the best way to get a user to login securely? I have full control over the design of the iPhone app and website so have a lot of flexibility.

Read the article
Troubles configuring SSL for an Apache host

- by Ryan

I configured it on Friday night and all worked well. Today for some reason it stopped working and I can't figure out why. When you goto the secure page it's acting like I have a self-signed certificate and I don't. I have the host configured like so ServerAdmin [email protected] DocumentRoot "/path/to/site" Servername www.mydomain.com ServerAlias mydomain.com DirectoryIndex index.cfm index.htm SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/path/to/mydomain.com.crt SSLCertificateKeyFile /etc/httpd/path/to/www.mydomain.com.key SSLCertificateChainFile /etc/httpd/path/to/gd_bundle.crt Apache starts with no errors and I can't seem to find anything meaningful in any of the logs. It's got to be something minor but I can't seem to see it. It's an updated Centos/Apache VM. I have worn Google out.

Read the article
Best practice? iphone: sync data

- by Andy Jacobs

So i'm working on a project where there is data visualization. My ultimate goal is that i have a set of data shipped with the download of the iphone app. But i want it connected to a backend, that if the iphone has a connection with the internet. it can sync the changes from the backend. The syncing is no problem or the connection between the backend & the iphone. But what should i use as data storage on my iphone? what is the best way. my data is purely text and doesn't have to be secure. But it's main feature should be updating certain parts of data ( adding and deleting are not so important ) so what is the easiest (read: least time consuming development ) or the best way? sqlite? plist? ..?

Read the article
How to encorporate encyption to FlexPaper

- by Jonathan

Is it possible to configure the FlexPaper reader to un-encrypt password-protected pdfs or swfs? Here is the use-case: User uploads a pdf My server would then convert the pdf to swf via pdf2swf Then somehow encrypt the swf with a password (not sure best way to do this) Then the FlexPaper would be able to un-encrypt the swf and display it What I am trying to avoid is the caching of readable swf in the browser's cache. Any ideas on the best way to achieve this? I know, even with this it will not be a fully secure solution, but certainly helps. Note: I am running this on Linux and OS X and using Rails. Thanks! Jonathan

Read the article
Database security / scaling question

- by orokusaki

Typically I use a database such as MySQL or PostGreSQL on the same machine as the application using it, which makes access easy and secure. I'm just now building the first site that will have a separate physical database server (later this year it will). I'm wondering 3 things: (security) What things should I look into for starters pertaining to security of accessing a separate machine's database? (scalability) Are their scalability issues that I should think about pertaining to this (technology agnostic)? (more ServerFaultish but related) If starting the DB out on the same physical server (using a separate VMWare VM) and later moving to a different physical server, are there implicit problems that I'll have to deal with? Isn't another VM still accessed via localhost? If these questions are completely ludicrous, I apologize to you DB experts.

Read the article
ShoutCast over SSL

- by Honus Wagner

So I've gone ahead and set up my ShoutCast server DNAS and set my DSP in Winamp on my host computer. The server listens on port 8000, so per some instructions I installed an output plugin for winamp (Shoutcast DSP) and used 8000 and the password to connect. Server accepts the connection. Now, what the heck do I do now? My host computer is SSL secured and the DNAS server is installed within the secure web directory (if that matters). My desired end result is that I want to listen to my ShoutCast setup at home (host computer) from any computer. I try browsing to my ip address and port 8000 (without using HTTPS) and it comes back with nothing. If I browse with HTTPS://my.server.com:8000, I get Error code: ssl_error_rx_record_too_long) Have I completely missed something, or am I just a total moron? Thanks.

Read the article
RSA encrypted Diffie-Hellman handshake

- by cmaduro

Would a RSA encrypted Diffie-Hellman handshake enable secure communication? I'm encrypting communication from a silverlight client to a php webservice. The silverlight client initiates they key agreement by sending the RSA public key encrypted DH parameters to the webservice. Only the webservice has the private key, so a MITM attack is not possible. The webservice sends plain text answer back to the client, and a key is agreed upon. This key is then used to encrypt communication between the webservice and silverlight client with AES, which is also encrypted with the RSA public key. Does anyone see a flaw?

Read the article
Is writing eSQL database independent or not?

- by Robert Koritnik

Using EF we can use LINQ to read data which is rather simple (especially using fluent calls), but we have less control unless we write eSQL on our own. Is writing eSQL actually data store independent code? So if we decide to change data store, can the same statements still be used? Does writing eSQL strings in your code pose any serious security threats similar to writing TSQL statements as plain strings in C# code? That's why SPs are recommended. Could we still move eSQL scripts outside of code and use some other technique to make them a bit more secure?

Read the article
how to create an function using jquery live?

- by Mahmoud

Hey all i am trying to create a function that well keep the user in lightbox images while he adds to cart, for a demo you can visit secure.sabayafrah.com username: mahmud password: mahmud when you click at any image it well enlarge using lightbox v2, so when the user clicks at the image add, it well refresh the page, when i asked about it at jcart support form they informed me to use jquery live, but i dont know how to do it but as far as i tried this code which i used but still nothing is happening jQuery(function($) { $('#button') .livequery(eventType, function(event) { alert('clicked'); // to check if it works or not return false; }); });

Read the article
ASIHTTPRequest on www.blau.de?

- by rdesign

Hey guys, I need to login here. I've tried the ASIHTTPRequest and ASIFormDataRequest. None of them works as expected. I only got the data from the loginpage in the response string, not the data from the secure area. What am I doing wrong here? ASIFormDataRequest *request = [ASIFormDataRequest requestWithURL:[NSURL URLWithString:@"https://www.blau.de/"]]; [request setPostValue:@"USERNAME" forKey:@"quickLoginNumber"]; [request setPostValue:@"PASSWORD" forKey:@"quickLoginPassword"]; [request startAsynchronous];

Read the article
Client side page permissions - Javascript / jquery / cookies / other?

- by Ozaki

TLDR Using plain HTML / Javascript. Want to block access to some pages (doesn't have to be super secure just to stop some peeking eyes). I thought of simply doing this by setting a cookie for each page they are allowed to visit with a value of true but thats a bit messy. Although it would work. Is there a way to set an array of values to a cookie so I can read the cookie and if a name of a page is in there then allow access with an IF statement or so on each of my pages. If they dont have the cookie just to replace my #content (entirepage) to "sorry no" etc. For example: $.cookie("Access","page1, page2, page3",{ expires: 1 }); Am already using JQuery, Jquery cookie. etc. I am up for anyway of doing this cookie idea is just an example So what do you think would be the best / most efficient way of managing this?

Read the article
socket.setdefaulttimeout interacting with M2Crypto connection

- by Becky

Hello - I'm making a secure SSL connection to a server using python and M2Crypto. See code below. from M2Crypto import SSL, m2,x509 from M2Crypto.m2xmlrpclib import Server, SSL_Tranport ctx = SSL.Context() m2.ssl_ctx_use_pkey_privkey(ctx.ctx,myKey.pkey) m2.ssl_ctx_use_x509(ctx.ctx,myCert.x509) server = Server(serverUrl, SSL_Transport(ctx)) server.ping() The above works fine. If I try to change the default socket timeout by adding the following two lines at the beginning of the code, I get a protocol error. import socket socket.setdefaulttimeout(40) This is the error I receive: File "/usr/local/lib/python2.4/xmlrpclib.py", line 1096, in call return self._send(self._name, args) File "/usr/local/lib/python2.4/xmlrpclib.py", line 1383, in _request verbose=self._verbose File "/usr/local/lib/python2.4/site-packages/M2Crypto/m2xmlrpclib.py", line 68, in request headers xmlrpclib.ProtocolError: Why is the default socket timeout causing problems?

Read the article
Language in a Sandbox in Rails

- by Jon Romero

I've found that there WAS a sandbox gem (created by the guys that made try ruby in your browser but it was compatible only with Ruby 1.8. Another problem is that I cannot find it anymore (it seems they stop serving the gem from the servers...). So, is there any secure way of running ruby in a sandbox (so you can run it from your browser)? Or an easy way to run (for example lua/python) in a sandbox (no filesystem access, no creation of objects etc) and be called from Ruby (Rails 2.2)? I want to make an application like try_ruby even without having a ruby underneath. But it has to be an easy language (I saw there was a prolog in ruby, even a lisp but I don't think they are easy to learn languages...). So, do you have any suggestions or tips? Or should I just start creating my own DSL in Ruby (if there is a solution in creating a somewhat safe system)? Thx

Read the article
c++ smtp connection state - starttls

- by Jackell

Hi all! I am using openssl to build secure smtp connections to gmail.com:25. So I can successfully connect to the server and sends a command STARTTLS (I receive 220 2.0.0 Ready to start TLS). Then execute the following code without disconnecting: SSL_METHOD* method = NULL; SSL_library_init(); SSL_load_error_strings(); method = SSLv23_client_method(); ctx = SSL_CTX_new(method); if (ctx == NULL) { ERR_print_errors_fp(stderr); } SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); ssl = SSL_new(ctx); if (!SSL_set_fd(ssl, socket)) { ERR_print_errors_fp(stderr); return; } if (ssl) { if (SSL_connect((SSL*)ssl) < 1) { ERR_print_errors_fp(stderr); } // then i think i need to send EHLO } But after calling SSL_connect I get an error: 24953:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:601: Why? What I do wrong?

Read the article
Why is there no music streaming API service?

- by Chad Johnson

Apple has decided to kill lala.com. I loved that site. Now, everyone has to go back to paying $0.89+ for songs from Amazon, iTunes, etc. Lame. Rhapsody would be great, except there are no clients for Mac or Linux. They do have a web interface, buy it is nothing compared to lala's web 2.0y interface. What I just don't understand is, why is there no music API streaming service out there? Basically, developers could hook the service into any desktop or web app, and then users of the app could pay $x a month (like with Rhapsody) and play any amount of music, so long as their subscription is active. Why not? Lala streamed music to web browsers, so surely it could be as secure as lala is (was), preventing music theft.

Read the article
Zend Framework - no public folder

- by poru

Hello, I'm going to host an app on a shared host and there I couldn't create virtual host or change something at apache. Often apps with ZF looks like that: root public index.php .htaccess application library I have sth. like that: root application index.php .htaccess All my code is in the application folder. But there are also some .ini and .xml files with sensitive information e.g. login names and passwords and so on... If I add a .htaccess in the application folder with deny from all is the information secure inside the folder?

Read the article
Schemas and tables versus user-ids in a single table using PostgreSQL

- by gvkv

I'm developing a web app and I've come to a fork in the road with respect to database structure and I don't know which direction to take. I have a database with user information that I can structure one of two ways. The first is to create a schema and a set of tables for each user (duplicating the structure for each user) and the second is to create a single set of tables and query information based on user-id. Suppose 100000 users. Here are my questions: Considering security, performance, scalability and administration where does each choice lie? Would the answers change for 1000000 or 10000? Is there a set of best practices that lead to one choice or the other? It seems to me that multiple schemas are more secure since it's trivial to restrict user privileges but what about performance and scalability? Administration seems like a wash since dumping (and restoring) lots of schemas isn't any more difficult than dumping a few.

Read the article
Flash, parameters, security

- by Quandary

Hi, I have a question: In Flash, I have the ability to save certain info onto the server. Now the problem is the user needs to be authenticated as admin in order to do so. I can't use sessions, since if you work longer than 20 minutes in the Flash application, the session is gone. The way I see it, I have 2 possibilities: 1. passing a parameter (bIsAdmin) to Flash from the Website. 2. Launch a http-get request, to get this value (bIsAdmin) from an ashx handler on application startup, when the session has not yet exired. In my opinion, both possibilities are not really secure... So, Which one is safer, 1 or 2? Or does anybody have a better idea ? In my opinion, 1 is safer, because with 2, you can just switch a packet tamperer in between, and bang, you're admin, with permission to save (or overwrite, =delete) anything.

Read the article
Security problem

- by Mehmet Kaleli

Hi All. I have a security problem in my website. A script code was added into my all pages like "<script src="Ip address/viewpic.asp"></script>" . It is between </head> and <body> tag. Now Google says "this site may be hartful for your pc!" about my site. How can i secure my website? I use C# and Visual Studio 2008.

Read the article

< Previous Page | 99 100 101 102 103 104 105 106 107 108 109 110 | Next Page >