Search Results

Search found 3707 results on 149 pages for 'secure'.

Page 109/149 | < Previous Page | 105 106 107 108 109 110 111 112 113 114 115 116  | Next Page >

• Add params before submit form ROR

  - by Jorge Najera T

  It's possible to add some parameters before submit an form? My problem is that I need to send the ticket id to my payment controller. A possibility is to send it through an hidden input field, but there's any other secure way to achieve this? Any help will be appreciated. Thanks. The process of buying a ticket 0) Select the event 1) User select the kind of ticket he wants to buy. 2) User add his personal information 3) Finally the Checkout (payment controller)

  Read the article

• Connecting PHP Server and Android?

  - by user3439988

  I am trying to create a simple test application to transfer data back and forth between my server and Android device. The following are the things I aim for: Ability to upload data and files to the server. To be able to view my files on the server. To be able to download the files from the server to my android device. Ability of the server to send me updates on the files or notifications to my phone. I need a safe and secure way to do these things. I have tried these: HTTPPost requests onto the server and echoing the output accordingly and capturing the HTTPresponse and parsing it. For files I have tried using MultipartEntity, but I think that has been deprecated.

  Read the article

• What's a good freeware collaborative (i.e., multiuser) instant messenger?

  - by Will

  I'm looking for an app that my development team that is essentially an IM app, but multiple people can be in one "room." Similar to IRC. Additional requirements (that preclude hosting an IRC server myself): IM style appliction -- Download and install one app on each PC. The app lives in the tray. New messages appear in a notification window on everybody's pc. Secure -- No Ventrillo Harassment nonsense. Only those with access can see and read what's going on. Not My Job -- Doesn't require us to host a server, set up a server, etc. I just want to log on and go. No friggen smileys -- If the client app has smilies I will have to kill someone.

  Read the article

• Securely using exec with PHP to run ffmpeg

  - by Venkat D.

  I would like to run ffmpeg from PHP for video encoding purposes. I was thinking of using the exec or passthru commands. However, I have been warned that enabling these functions is a security risk. In the words of my support staff: The directive 'disable_functions' is used to disable any functions that allow the execution of system commands. This is for more security of the server. These PHP functions can be used to crack the server if not used properly. I'm guessing that if exec is enabled, then someone could (possibly) execute an arbitrary unix command. Does anyone know of a secure way to run ffmpeg from PHP? By the way, I'm on a dedicated server. Thanks ahead of time!

  Read the article

• GWT problem wiht htmlunit

  - by ihtram

  i have a gwt url and i am trying to get next page by clicking a button. that button is an image. but when we click that button i got blank page. that url is: http://www.ichotelsgroup.com/redirect?brandCode=hi&regionCode=1&localeCode=en&path=asearch&errorURL=/h/d/6c/1/en/rates&successURL=/h/d/6c/1/en/rates/BOSGC&availabilitySearchSuccessURL=/h/d/6c/1/en/rates/BOSGC?ias=y&actionName=availabilitySearch&hotelCode=BOSGC&checkInDate=2&checkInMonthYear=62010&checkOutDate=6&checkOutMonthYear=62010&numberOfAdults=1&numberOfChildren=0&numberOfRooms=1&smokingPreference=3&secure=false&rateTypeCodes=6CBARC&rateChangePeriod=&_IATAno=99609020&cm_mmc=mdpr-_-kayak-_-USCSR-_-BOSGC i am trying to click "view rates button"..

  Read the article

• How to prompt for username and password entry in C# / SQL ASP.NET web app?

  - by salvationishere

  How do I prompt for username and password in my C#/SQL web application? This was developed in VS 2008 on a 32-bit XP. The current connection string I'm using in my web.config file is: <add name="AdventureWorksConnectionString2" connectionString="Data Source=SIDEKICK;Initial Catalog=AdventureWorks;Persist Security Info=false; " providerName="System.Data.SqlClient" /> When I select Basic Authentication it pops up the warning: "The authentication option you have chosen results in passwords being sent over the network without data encryption..." How do I choose this authentication method and still send passwords over securely? So essentially I am looking for the most secure authentication method but that still requires users to input password?

  Read the article

• Django: HTTPS for just login page?

  - by Mark

  I just added this SSL middleware to my site http://www.djangosnippets.org/snippets/85/ which I used to secure only my login page so that passwords aren't sent in clear-text. Of course, when the user navigates away from that page he's suddenly logged out. I understand why this happens, but is there a way to pass the cookie over to HTTP so that users can stay logged in? If not, is there an easy way I can use HTTPS for the login page (and maybe the registration page), and then have it stay on HTTPS if the user is logged in, but switch back to HTTP if the user doesn't log in? There are a lot of pages that are visible to both logged in users and not, so I can't just designate certain pages as HTTP or HTTPS.

  Read the article

• All PHP files getting hacked

  - by nsearle

  Hey All, Like always, just want to say thank you for all of the help and input in advance. I have a particular site that I am the web developer for and am running into a unique problem. It seems that somehow something is getting into every single PHP file on my site and adding some malware code. I have deleted the code from every page multiple times and changed FTP and DB passwords, but to no avail. The code that is added looks like this - eval(base64_decode(string)) - which the string is 3024 characters. Not sure if anyone else has ran into this problem or if any one has ideas on how I can secure my php code up. Thanks again.

  Read the article

• Problem with domain getting turned to IP address for https

  - by user229133

  I have a website that is using Windows Server 2003. The site is called https://mysite.com/ and at ip address 111.1.1.1. Now when I log into the site all my relative links that are generated using NavURL (<%# NavURL("Images/Menu/img.gif")%) are saying "http://111.1.1.1/Images/Menu/img.gif" instead of "https://mysite.com/Images/Menu/img.gif". This is causing an error because it needs to be secure. I'm sure there is a setting on the server somewhere to point to the name and not the ip, but I don't know where. Thanks for your help.

  Read the article

• Is it possible to password protect an SQL server database even from administrators of the server ?

  - by imanabidi

  I want to install an application (ASP.Net + SQL server 2005 express) in local network of some small company for demo but I also want nobody even sysadmin see anything direct from the database and any permission wants a secure pass . I need to spend more time on this article Database Encryption in SQL Server 2008 Enterprise Edition that i found from this answer is-it-possible-to-password-protect-an-sql-server-database but 1.I like to be sure and more clear on this because the other answer in this page says : Yes. you can protect it from everyone except the administrators of the server. 2.if this is possible, the db have to be enterprise edition ? 3.is there any other possible solutions and workaround for this? thanks in advance

  Read the article

• how i can send date from site to other sites

  - by moustafa

  Hi, Im not much of a php coder, mainly use VB. But i had a problem with one of my apps. To make it more secure i would need each php parameter to go through one site. Here is an example of what i mean: Application loads sends ip and location to 2 servers (a.php & b.php) the problem so far is that the pc is making direct connections to these pages. What i was trying to do is make it so that it only sends one command to z.php and the page z.php would send the data to a.php and b.php. My question is how would i set up z.php? I hope i make sense, i have looked everywhere and couldnt find an answer.

  Read the article

• For securing forms, when do I issue the token?

  - by AQuestionADayKeepsTheDrAway

  So, I have a form, to make it a little more secure and potentially help prevent CSRF attacks I want to add a random token value in a hidden field that value is also stored server side in my session data. When should I issue a new token? Per form? Per page load where there is any form? Per session? I can render it invalid as soon as a form is successfully submitted but I'm wondering when to generate one. I ask as if I issue it per form or per page do I not risk the chance of a duplicate token value overwriting the existing (valid) token if a user opens a separate window but submitting the first form (with the now overwritten value)?

  Read the article

• simple GET validation

  - by Andrew

  I have GET[] input and would like to carry out their validation. The input data is always a number by. Schema. I want to make sure that the pass number and the appropriate amount - not to throw the sql query. at this moment I am using the procedures $cc = $_GET['cc']; if ($cc=='') $cc='9012';$find=array("..", "/", "\\"); $replace=array("", "", ""); $cc=str_replace($find, $replace, $cc); $eic = $_GET['eic']; .... ect. // where f.ex. 9012 is an real existing data (in dbase) to generate sucure sql question GET[] variable data schema $_GET[$cc] - always 4 digits $_GET[$eic] - always 4 digits $_GET[$iy] - always 4 digits $_GET[$ir] - always 1 digit Can you show me a better way to secure my GET?

  Read the article

• Why is using a Non-Random IV with CBC Mode a vulnerability?

  - by The Rook

  I understand the purpose of an IV. Specifically in CBC mode this insures that the first block of of 2 messages encrypted with the same key will never be identical. But why is it a vulnerability if the IV's are sequential? According to CWE-329 NON-Random IV's allow for the possibility of a dictionary attack. I know that in practice protocols like WEP make no effort to hide the IV. If the attacker has the IV and a cipher text message then this opens the door for a dictionary attack against the key. I don't see how a random iv changes this. (I know the attacks against wep are more complex than this.) What security advantage does a randomized iv have? Is this still a problem with an "Ideal Block Cipher"? (A perfectly secure block cipher with no possible weaknesses.)

  Read the article

• SVN access/security concern

  - by user167850

  I'm considering using a third party hosting company to house an SVN repository. (I'm looking at Dreamhost but this may apply to other hosts as well.) The hosting company sets up the repository at http://svn.yourdomain.com/path. The problem I have noticed is that anyone could come along and export the files using: svn export http://svn.yourdomain.com/path Obviously I will need to export the files myself, but is there a way to secure this on a shared host so others don't have the ability to export this over http? Or is the real solution to manage your own SVN server? Thanks for your thoughts.

  Read the article

• Uploading files using HTTP Post Request

  - by Nakago

  Hi All, I want to upload files to a server which is also owned by me. I could think of two ways, of how this can be achieved. Method1: Use HTTP POST request to upload the files. The standard way of uploading files. Method2: Its a two step process. First the client does a POST request with all the details of the file, to the server. Then the server issues Get request(s) onto the client to get the contents of the file. Here method2 seems to be more secure, as the server is in control. The server can request data from the server only when the server feels it to be appropriate, and restrict the amount of data that needs to be transferred. Still i am confused as i am not an expert in this area. Anyone with more hindsight thoughts on this can you please share. Thanks

  Read the article

• securing a webservice for use from a custom iphone app only

  - by mme

  I want to create an iphone application which consists of two parts: The app itself and a server side component. On a users request, the app sends data to the server which is to be handled by human operators. To prevent abuse from an iphone app user, the id of the iphone is sent along with the request, and the operators can blacklist pranksters to deny their iphone access to the service. So far so good. Now the problem is: Someone could easily discover the address of the serverside component, and write a script to send bogus requests, using multiple IP addresses etc. So my question is: how can I defend myself against this? Captchas to protect against scripted attacks or requiring the user to register himself are not an option for this particular application. If I had control of the download, I would associate a unique ID with each downloaded app, but obviously this is not an option with the appstore. What would be your approach to make the server side part more secure?

  Read the article

• Simple Hash that is always equal between C# and Java

  - by GaiusSensei

  I have a C# WebService and a (Java) Android Application. Is there a SIMPLE hash function that produces the same result between these two languages? The simplest C# hash is a String.GetHashCode(), but I can't replicate it in Java. The simplest Java hash is not simple at all. And I don't know if I can replicate it exactly in C#. In case it's relevant, I'm hashing passwords before sending it across the internet. I'm currently using Encode64, but that's obviously not secure since we can reverse it.

  Read the article

• Are sessions modifiable by the client/user?

  - by Sev

  In my PHP Web-App I use sessions to store the user's data. For exmaple, if a user logs in, then an instance of the User class is generated and stored in a Session. I have access levels associated with each user to determine their privileges. Store the user in a session by: $_SESSION['currentUser'] = new User($_POST['username']); For example: if($_SESSION['currentUser'] -> getAccessLevel() == 1) { //allow administration functions } where getAccessLevel() is simply a get method in the User class that returns the _accesslevel member variable. Is this secure? Or can the client somehow modify their access level through session manipulation of some sort?

  Read the article

• can I change my open ID URL change?

  - by dhruvbird

  I wanted to know if I can change my open ID url from say: www.abc.com/username to www.pqr.com/username while the relying party still thinks I am the same user? or even say: www.abc.com/something/username to www.abc.com/somethingelse/username I intuitively think that this is not possible since if it were, then it is possible for anyone to spoof anyone else's identity. Also, does Open ID specify which fields the relying party should use to ensure secure determination of the user's identity? For example, I would expect it to club the URL provided with the username/email address sent back by the Open ID server.

  Read the article

• Web Service Security java

  - by WhoAmI

  My web service was created some time back using IBM JAX-RPC. As a part of enhancement, I need to provide some security to the existing service. One way is to provide a handler, all the request and response will pass through that handler only. In the request I can implement some authentication rules for each and every application/user accessing it. Other than this, What are the possible ways for securing it? I have heard someting called wsse security for web service. Is it possible to implement it for the JAX-RPC? Or it can be implemented only for JAX-WS? Need some helpful inputs on the wsse security so that i can jump learning it. Other than handler and wsse security, any other possible way to make a service secure? Please help.

  Read the article

• How To Securly Store Data In MySQL Using AES_ENCRYPT

  - by Justin

  We are storing sensitive data in MySQL, and I want to use AES_ENCRYPT(data, 'my-secret-key-here') which works great. My biggest question is how do I secure the key? Previously I just wast storing the key in a web PHP file, so something like: define("ENCRYPTION_KEY", 'my-secret-key-here'); This really doesn't work though, as our MySQL server and web server are the same physical machine, so if somebody gains access to the server, they can get both the encrypted data stored in MySQL and the key. Any ideas? I am thinking I need to move the key to a separate server, and read it in remotely. Or, what about generating the encryption key dynamically for each piece of data. For example taking the customer_id and running md5 on it, and then using that as the key.

  Read the article

• Tomcat SSL Configuration

  - by bdares

  I received a SSL cert to use for a Tomcat 6.0 server, ready to use. I configured Tomcat to use it with the following in server.xml: <Connector port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="C:\Tomcat 6.0\ssl\cert" keystorePass="*****" clientAuth="false" sslProtocol="TLS"/> I started Tomcat using the command prompt so I could see any error message as they happened. There were none. The results for accessing different URLS: http://localhost - normal page loads fine https://localhost - browser claims page cannot be found https://localhost:8443 - page cannot be found http://localhost:8443 - offers a certificate, after accepted redirects to https://localhost (I suspect the https:// urls initially offer the certificate which is automatically accepted by the browser, as it was issued by Verisign) How to fix? Edit: I've also tried port="443". Same result.

  Read the article

• Network license control for a Java application

  - by user1461615

  I have been tasked with providing some form of network license control for a Java application. The app would be stored on a network drive and run from a client machine. The basic idea is that it will be able to work out how many times it is being run concurrently and prevent the N+1th user from running the software where N is the number of concurrent licenses the customer has purchased. Is this possible somehow with a Java application? I implemented a "solution" which relied on multi-cast UDP communication between the running instances of the application but this didn't work because on most networks this kind of communication is blocked by security measures. Is there a better way? I don't even mind if it requires JNI/JNA. N.B. The solution does not have to be that sophisticated or highly secure.

  Read the article

• Rails subscription limitations

  - by David Lyod

  I have an application with set limits on subscription attributes i/e a user can have five projects for subscription A but have ten for subscription B At present I run a check on there current usage when linking to the create action and if they are over there limit I do not display the link to create a new project. On the view (for the new project ) I again run the check (in a helper) to see if they can create a new project and if they are not I display a message stating so and a little upgrade link. Is this a secure method of stopping a user bypassing there subscription attribute limitations ? What about direct PUT requests etc ?

  Read the article

< Previous Page | 105 106 107 108 109 110 111 112 113 114 115 116  | Next Page >