Search Results

Search found 19074 results on 763 pages for 'secure government government cloud security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 108/763 | < Previous Page | 104 105 106 107 108 109 110 111 112 113 114 115  | Next Page >

  • What kind of security issues will I have if I provide my web app write access?

    - by iama
    I would like to give my web application write access to a particular folder on my web server. My web app can create files on this folder and can write data to those files. However, the web app does not provide any interface to the users nor does it publicize the fact that it can create files or write to files. Am I susceptible to any security vulnerabilities? If so, what are they?

    Read the article

  • Convert ASP.NET membership system to secure password storage

    - by wrburgess
    I have a potential client that set up their website and membership system in ASP.NET 3.5. When their developer set up the system, it seems he turned off the security/hashing aspect of password storage and everything is stored in the clear. Is there a process to reinstall/change the secure password storage of ASP.NET membership without changing all of the passwords in the database? The client is worried that they'll lose their customers if they all have to go through a massive password change. I've always installed with security on by default, thus I don't know the effect of a switchover. Is there a way to convert the entire system to a secure password system without major effects on the users?

    Read the article

  • Is using os.path.abspath to validate an untrusted filename's location secure?

    - by mcmt
    I don't think I'm missing anything. Then again I'm kind of a newbie. def GET(self, filename): name = urllib.unquote(filename) full = path.abspath(path.join(STATIC_PATH, filename)) #Make sure request is not tricksy and tries to get out of #the directory, e.g. filename = "../.ssh/id_rsa". GET OUTTA HERE assert full[:len(STATIC_PATH)] == STATIC_PATH, "bad path" return open(full).read() Edit: I realize this will return the wrong HTTP error code if the file doesn't exist (at least under web.py). I will fix this.

    Read the article

  • Portable and Secure Document Repository

    - by Sivakanesh
    I'm trying to find a document manager/repository (WinXP) that can be used from a USB disk. I would like a tool that will allow you to add all documents into a single repository (or a secure file system). Ideally you would login to this portable application to add or retrieve a document and document shouldn't be accessible outside of the application. I have found an application called Benubird Pro (app is portable) that allows you to add files to a single repository, but downsides are that it is not secure and the repository is always stored on the PC and not on the USB disk. Are you able to recommend any other applications? Thanks

    Read the article

  • How to test for secure SMTP mail service on a mail server

    - by Vinay S Shenoy
    I'm working on a project to auto-configure a user's email server settings in Java. I am extracting the mail server from his email address and looking up the MX records of that mail server using the DirContext class with com.sun.jndi.dns.DnsContextFactory. Then I'm opening a Socket to each server and testing them using a HELO command and checking the responses. My problem is that this works only when I test it with the unsecure SMTP port 25. How can I use it with the secure port 465? I tried using Secure Sockets by using SSLSocketFactory sslsocketfactory = (SSLSocketFactory)SSLSocketFactory.getDefault(); SSLSocket socket = (SSLSocket)sslsocketfactory.createSocket(mailserver, STANDARD_SMTP_PORT); But all connections get a timeout exception as follows alt1.gmail-smtp-in.l.google.com. java.net.ConnectException: Operation timed out Please help.

    Read the article

  • How to make a secure login using UDID or device token?

    - by Erik B
    So I'm making an app where I want the users to be able add, edit and rate content, but I do not want to force them to register. Instead I was planning on just using their device id or device token to identify them. I'm planning on making both an iPhone and Android version, so I'm looking for a general solution, but the iPhone version has higher priority, so an iPhone specific solution would also be welcome. The problem is that I don't want just anyone to be able to use my web service by sending a phony device id or someone else's device id. How would the client prove to the server that it is providing the correct device id?

    Read the article

  • How do I secure a .NET Web Service for use by an iPhone application?

    - by David A Gibson
    Hello, The title says it all, I have a Web Service written in .NET that provides data for an iPhone application. It will also allow the application make a "reservation." Currently it's all internal to the corporate network but obviously when the iPhone application is published I will need ensure the Web Service is available externally. How would I go about securing the Web Service? There are two aspects I'm looking into: Authentication for accessing the web service Protection for the data being transferred I'm no so bothered about the data being passed back and forth as it will be viewable in the application anyway (which will be free). The key issue for me is preventing users from accessing the Web Service and making reservations themselves. At the moment I am considering encrypting any strings in the XML data passed back and forth so only the client can effectively use the web service sidestepping the need for authentication and providing protection for the data. This is the only model I have seen but I think the overheads on the iPhone and even for the web service make for a poor user experience. Any solutions at all would be most welcome? Thanks

    Read the article

  • best approah (security) to do some admin work through web page in Linux?

    - by Data-Base
    Hello, I want to build a web based admin tools that allow the system admin to run pre-configured commands and scripts through a web page (simple and limited webmin), what is the best approach? I already started with Ubuntu installing LAMP and give the user www-data root's privileges !!! as I learned (please check the link) this is a really bad move !!!, so how to build such web-based system without the security risk? cheers

    Read the article

  • Java embedded applet page security, how to properly meet its recquirements?

    - by meds
    If I have an applet embedded in a webpage and I want it to connect to server side software (also written in Java) how can I do this properly on a windows machine running local host? Would I have to run the java application from within the localhost directory and access the applet html from a browser (i.e. localhost/applet.html)? From what I undestand if you don't have everything setup correctly you won't be able to connect because of Java's security requirements. Thanks for any help :)

    Read the article

  • (Secure) alternative to TLS / SSLv3 ?

    - by CSkau
    Toying with an idea for a F2F networked application I've just been reading up on secure communication. I quickly settled with the idea of using TLS / SSL as the basis for any communication since it employs Public Key encryption at the protocol level and thus is perfect for my needs. However I was surprised to read (on wikipedia) that the newest version of TLS, SSLv3 uses a mix of MD5 and SHA-1 "because if any vulnerability was found in one of these algorithms the other would prevent it from compromising SSLv3". However, as I take it, lately both have been found flawed ! So my questions are thus: Does this not mean that SSLv3 is basically flawed, or am I not reading close enough ? And if so does a "secure" alternative to SSLv3 exist ?

    Read the article

  • uitextfield secure

    - by D_R
    I have a UITexetField with "Secure" option enabled in InterfaceBuilder (used to enter a password). Then I try to read, what the user entered. (void)textFieldDidEndEditing:(UITextField *)textField{ NSString *txt = textField.text; int a = 0; } It works fine with iOS 5 but since I use it in iOS6, this method no longer works - neither in simulator, nor at the real device. It was called, but textField.text returns always an empty string. With other UITextFields, without "Secure" option, it works fine. Could somebody help me ?

    Read the article

  • Is canvas security model ignoring access-control-allow-origin headers?

    - by luklatlug
    It seems that even if you set the access-control-allow-origin header to allow access from mydomain.org to an image hosted on domain example.org, the canvas' origin-clean flag gets set to false, and trying to manipulate that image's pixel data will trigger a security exception. Shouldn't canvas' obey the access-control-allow-origin header and allow access to image's data without throwing an exception?

    Read the article

  • Is keeping uploads folder outside of 'public_html' enough to keep my application secure from malicio

    - by ecu
    Although I realise there are different approaches to securing upload process, I'm still confused when it comes to basic principles. I want to allow users to upload any kind of file they want, but keep my app secure. So my question is: Is it sufficient to store the files with their original names in 'uploads' folder outside 'webroot' and fetching them via some download.php script? If it't not secure enough, please point me in the right direction, or suggest what additional steps I should take to make it safe. Thank you.

    Read the article

  • Secure method for linking to image files uploaded via custom CMS

    - by letseatfood
    How does one provide a direct URL for an image file (JPEG) that is secure? For example, if a PHP script writes uploaded images to directory http://www.somehost.com/images, is it okay to provide http://www.somehost.com/images/someimage.jpg as the URL, or is there a more secure way to do this? Should I look into something like the permalink feature that is a part of Wordpress? I am not sure if that is related. The main reason I ask is that I have a custom PHP/MySQL CMS for managing images. I would like for the client to be able to copy a link to the image they want and then include it in a TinyMCE text editor for inserting the image in their website. Thanks!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 104 105 106 107 108 109 110 111 112 113 114 115  | Next Page >