Search Results

Search found 52277 results on 2092 pages for 'web security'.

Page 11/2092 | < Previous Page | 7 8 9 10 11 12 13 14 15 16 17 18  | Next Page >

  • WCF Security Transport Security Questions

    - by shyneman
    I'm writing a set of WCF services that rely on transport security with Windows Authentication using the trusted subsystem model. However, I want to perform authorization based on the original client user that initiated the request (e.g. a user from a website with a username/password). I'm planning to achieve this by adding the original user's credentials in the header before the client sends the message and then the service will use the supplied credentials to authorize the user. So I have a few questions about this implementation: 1) using transport security with windows auth, I do NOT need to worry about again encrypting the passed credentials to ensure the validity... WCF automatically takes care of this - is this correct? 2) how does this implementation prevent a malicious service, running under some windows account within the domain, to send a message tagged with spoofed credentials. for e.g. a malicious service replaces the credentials with an Admin user to do something bad? Thanks for any help.

    Read the article

  • Selecting Users For A/B (Champion/Challenger) Testing

    - by Gordon Guthrie
    We have a framework that offers A/B split testing. You have a 'champion' version of a page and you develop a 'challenger' version of it. Then you run the website and allocate some of your users the champion and some the challenger and measure their different responses. If the challenger is better than the champion at achieving your metrics then you dethrone the champion and develop a new challenger... My question is what mechanisms should I consider to allocate the versions? A number of options spring to mind: odd or even IP address (or sub-segments) ****.****.****.123 gets champion but .124 gets challenger cookie push - check for a champion/challenger cookie, if it doesn't exist randomly allocate the user to one and push the cookie Best practice? suggestions? comments? experience?

    Read the article

  • Web App for smartphones in ASPX

    - by Ryan Knoll
    I have been looking around recently to try and find a good place to learn how to start making my website more smartphone friendly when it is visited by an iPhone, android, or blackberry. This is something like what Digg.com does when it is visited by a smartphone. I have found a few tutorials for PHP but none for ASPX, and all I have is windows servers. Could anyone point me in the right direction, and show me were to find a quick run through on how to do something like this? I am a bit lost. :(

    Read the article

  • ASP.Net Web API in Visual Studio 2010

    - by sreejukg
    Recently for one of my project, it was necessary to create couple of services. In the past I was using WCF, since my Services are going to be utilized through HTTP, I was thinking of ASP.Net web API. So I decided to create a Web API project. Now the real issue is that ASP.Net Web API launched after Visual Studio 2010 and I had to use ASP.Net web API in VS 2010 itself. By default there is no template available for Web API in Visual Studio 2010. Microsoft has made available an update that installs ASP.Net MVC 4 with web API in Visual Studio 2010. You can find the update from the below url. http://www.microsoft.com/en-us/download/details.aspx?id=30683 Though the update denotes ASP.Net MVC 4, this also includes ASP.Net Web API. Download the installation media and start the installer. As usual for any update, you need to agree on terms and conditions. The installation starts straight away, once you clicked the Install button. If everything goes ok, you will see the success message. Now open Visual Studio 2010, you can see ASP.Net MVC 4 Project template is available for you. Now you can create ASP.Net Web API project using Visual Studio 2010. When you create a new ASP.Net MVC 4 project, you can choose the Web API template. Further reading http://www.asp.net/web-api/overview/getting-started-with-aspnet-web-api/tutorial-your-first-web-api http://www.asp.net/mvc/mvc4

    Read the article

  • ASP.NET MVC WebService - Security for Industrial Android Clients

    - by Chris Nevill
    I'm trying to design a system that will allow a bunch of Android devices to securely log into an ASP.NET MVC REST Web service. At present neither side are implemented. However there is an ASP.NET MVC website which the web service will site along side. This is currently using forms authentication. The idea will be that the Android devices will download data from the web service and then be able to work offline storing data in their own local databases, where users will be able to make updates to that data, and then syncing updates back to the main server where possible. The web service will be using HTTPS to prevent calls being intercepted and reduce the risk of calls being intercepted. The system is an industrial system and will not be in used by the general Android population. Instead only authorized Android devices will be authorized by the Web Service to make calls. As such I was thinking of using the Android devices serial number as a username and then a generated long password which the device will be able to pick up - once the device has been authorized server side. The device will also have user logins - but these will not be to log into the web service - just the device itself - since the device and user must be able to work offline. So usernames and passwords will be downloaded and stored on the devices themselves. My question is... what form of security is best setup on the web service? Should it use forms Authentication? Should the username and password just be passed in with each GET/POST call or should it start a session as I have with the website? The Android side causes more confusion. There seems to be a number of options here Spring-Android, Volley, Retrofit, LoopJ, Robo Spice which seems to use the aforementioned Spring, Retrofit or Google HttpClient. I'm struggling to find a simple example which authenticates with a forms based authentication system. Is this because I'm going about this wrong? Is there another option that would better suite this?

    Read the article

  • Security updates for all supported versions of SQL Server

    - by AaronBertrand
    It's patch Tuesday! [ UPDATE June 19 : Please see my follow-up post about this security update.] Today Microsoft released a security bulletin covering several issues that could potentially affect SQL Server; these exploits include remote code execution, denial of service, information disclosure and elevation of privilege. You should test these patches on all machines running SQL Server, including those running only client tools (e.g. Management Studio or Management Studio Express). The updates affect...(read more)

    Read the article

  • Security programming jobs

    - by Mike Smith
    I am a student, about to finish my undergraduate in Computer Science in about a year. I am very interested in computer/network security, but I also love programming. Is there a job or subfield that is a fusion of both? I have programmed everything from games to barcode readers to web bots, and I know for sure that I want to do some kind of programming, but ideally I would like to do some kind of software development involving computer security. Any advice would be appreciated.

    Read the article

  • Latest Security Inside Out Newsletter Now Available

    - by Troy Kitch
    The September/October edition of the Security Inside Out Newsletter is now available. Learn about Oracle OpenWorld database security sessions, hands on labs, and demos you'll want to attend, as well as frequently asked question about Label-Based Access Controls in Oracle Database 11g. Subscriber here for the bi-monthly newsletter.  ...and if you haven't already done so, join Oracle Database on these social networks: Twitter Facebook LinkedIn Google+ 

    Read the article

  • Security Updates Available for SQL Server 2008, 2008 R2, 2012, 2014

    - by AaronBertrand
    If you are running 2008 SP3, 2008 R2 SP2, 2012 SP1 (SP2 is not affected, RTM is no longer supported), or 2014, you'll want to check out Security Bulletin MS14-044 for details on a denial of service / privilege escalation issue that has been patched: http://technet.microsoft.com/en-us/library/security/MS14-044 For SQL Server 2012 and SQL Server 2014, I've blogged about recent builds and recommendations here: http://blogs.sqlsentry.com/team-posts/latest-builds-sql-server-2012/ http://blogs.sqlsentry.com/team-posts/latest-builds-sql-server-2014...(read more)

    Read the article

  • Live Security Talk Webcast: Security Best Practices for Design and Deployment on Windows Azure (Leve

    Developing secure applications and services in the cloud requires knowledge of the threat landscape specific to the cloud provider. The key is understanding threat mitigations implemented by the cloud architecture versus those that are the responsibility of the developer. Register for this exciting live webcast to learn about the threats that are specific to the cloud and how the Windows Azure architecture deals with these threats. We also cover how to use built-in Windows Azure security features...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Windows 8 Security Flaws

    A Feeling of Complacency The amount of hype coming out of the Microsoft camp concerning Windows 8's enhanced security features is pretty high. With an improved Windows Defender integrated into the upcoming operating system, some users may feel that they will have adequate protection against malware and other threats. While the improved protection is a plus, this does not mean that other trusted programs should be avoided, as it is somewhat lazy to believe that Microsoft's integrated protection in Windows 8 will provide all the security that is necessary. Careless Web Surfing The internet of...

    Read the article

  • Security of logging people in automatically from another app?

    - by Simon
    I have 2 apps. They both have accounts, and each account has users. These apps are going to share the same users and accounts and they will always be in sync. I want to be able to login automatically from one app to the other. So my solution is to generate a login_key, for example: 2sa7439e-a570-ac21-a2ao-z1qia9ca6g25 once a day. And provide a automated login link to the other app... for example if the user clicks on: https://account_name.securityhole.io/login/2sa7439e-a570-ac21-a2ao-z1qia9ca6g25/user/123 They are logged in automatically, session created. So here we have 3 things that a intruder has to get right in order to gain access; account name, login key, and the user id. Bad idea? Or should I can down the path of making one app an oauth provider? Or is there a better way?

    Read the article

  • Google I/O 2010 - Developing web apps for Chrome Web Store

    Google I/O 2010 - Developing web apps for Chrome Web Store Google I/O 2010 - Developing web apps for the Chrome Web Store Chrome 101 Erik Kay Google Chrome is a powerful platform for developing web apps. With Chrome web apps, we're making it easier for users to discover and use these apps. Learn how to build and sell apps for the Chrome Web Store. For all I/O 2010 sessions, please go to code.google.com From: GoogleDevelopers Views: 8 0 ratings Time: 01:00:29 More in Science & Technology

    Read the article

  • Ws-Security headers using Metro

    - by Bhushan
    I have a web service which implements WS-Security but does not define a policy in the WSDL. I am able to consume this web service successfully using Axis 2 as client. I am trying to consume the same web service using Metro 2 but the wsse:security headers are not going. It works only if the service defines the security policy which is not under my control. I tested this by creating a sample web service and unless I define the policy my metro client never sends the wsse:security headers. Is there anything I am missing using Metro?

    Read the article

  • Spring Security HTTP Basic Authentication

    - by Raspayu
    Hi people! I am trying to do a really simple basic authentication with Spring Security. I have configured properly the namespace, and there are no Exceptions in the server. In my "servlet.xml" I have got the next for Spring Security: <security:http> <security:http-basic></security:http-basic> <security:intercept-url method="POST" pattern="/**" access="ROLE_USER" /> </security:http> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider> <security:user-service> <security:user name="cucu" password="tas" authorities="ROLE_USER" /> <security:user name="bob" password="bobspassword" authorities="ROLE_USER" /> </security:user-service> </security:authentication-provider> </security:authentication-manager> It nearly all goes perfect: the methods that are not POST doesn't prompt any login form, and the POST method prompt it. The problem is, that nor "cucu", neither "bob" can login there. Can anyone see what am I doing wrong? Thanks in advance! ;-)

    Read the article

  • Getting beyond basic web programming languages. How to be awesome?

    - by user73962
    I'm a web developer that's done a bunch of projects using PHP, JQuery/JS, Mysql using PhPMyAdmin, CSS, HTML and a tiny bit of XML. Basically lots of work with CMS's and freehand coding. I'm looking to take things to the next level. I've done a lot of freelance and small contract work, but I'm dying to excel. I'm tired of acting as tech support for all these "non-tech" companies that barely know how to use their own computers..."really, you didn't think to backup your files before switching to a new server??". Think of potential employers as amazon, netflix, twitter, google, etc. I don't necessarily want to work for these guys specifically, but potentially organizations like this. I could be wrong, but I feel like a big company like this would laugh at me if I interviewed. For example, how helpful is knowing Ruby, SQL (commands without interface), C++, API's, Oracle, Java, debugging, qa, etc? (I realize this is a very random list). I use Notepad ++, but have heard that the bigger boys use IDE interfaces. I'm not really interested in building desktop apps, only web related stuff. I feel like I've reached my potential and want to really take it up a notch. I see a lot of projects on GitHub and I'm amazed at what people have created. Note - my degree is in economics but I've done web dev since high school. I definitely wish I took more comp sci/programming courses in college. I'm 27 and want to be awesome at web dev before it's too late. Not just decent. Any advice? Book suggestions? Thanks

    Read the article

  • Suggested Web Application Framework and Database for Enterprise, “Big-Data” App?

    - by willOEM
    I have a web application that I have been developing for a small group within my company over the past few years, using Pipeline Pilot (plus jQuery and Python scripting) for web development and back-end computation, and Oracle 10g for my RDBMS. Users upload experimental genomic data, which is parsed into a database, and made available for querying, transformation, and reporting. Experimental data sets are large and have many layers of metadata. A given experimental data record might have a foreign key relationship with a table that describes this data point's assay. Assays can cover multiple genes, which can have multiple transcript, which can have multiple mutations, which can affect multiple signaling pathways, etc. Users need to approach this data from any point in those layers in the metadata. Since all data sets for a given data type can run over a billion rows, this results in some large, dynamic queries that are hard to predict. New data sets are added on a weekly basis (~1GB per set). Experimental data is never updated, but the associated metadata can be updated weekly for a few records and yearly for most others. For every data set insert the system sees, there will be between 10 and 100 selects run against it and associated data. It is okay for updates and inserts to run slow, so long as queries run quick and are as up-to-date as possible. The application continues to grow in size and scope and is already starting to run slower than I like. I am worried that we have about outgrown Pipeline Pilot, and perhaps Oracle (as the sole database). Would a NoSQL database or an OLAP system be appropriate here? What web application frameworks work well with systems like this? I'd like the solution to be something scalable, portable and supportable X-years down the road. Here is the current state of the application: Web Server/Data Processing: Pipeline Pilot on Windows Server + IIS Database: Oracle 10g, ~1TB of data, ~180 tables with several billion-plus row tables Network Storage: Isilon, ~50TB of low-priority raw data

    Read the article

  • Duplicate IIS web site with Web Deploy

    - by gsantovena
    I have a Win2008 server with IIS 7 and I want to duplicate one web site and just change the binding port and the application pool that is using, so I will have 2 web sites (locally or remote) with same configuration but listening on different ports. Is there a way to do this with web deploy tool ir order to deploy locally and remotely this unique web site and change the binding ports in the destination?

    Read the article

  • TDE Tablespace Encryption 11.2.0.1 Certified with EBS 12

    - by Steven Chan
    Oracle Advanced Security is an optional licenced Oracle 11g Database add-on.  Oracle Advanced Security Transparent Data Encryption (TDE) offers two different features:  column encryption and tablespace encryption.  11.2.0.1 TDE Column encryption was certified with E-Business Suite 12 as part of our overall 11.2.0.1 database certification.  As of today, 11.2.0.1 TDE Tablespace encryption is now certified with Oracle E-Business Suite Release 12. What is Transparent Data Encryption (TDE) ? Oracle Advanced Security Transparent Data Encryption (TDE) allows you to protect data at rest. TDE helps address privacy and PCI requirements by encrypting personally identifiable information (PII) such as Social Security numbers and credit card numbers. TDE is completely transparent to existing applications with no triggers, views or other application changes required. Data is transparently encrypted when written to disk and transparently decrypted after an application user has successfully authenticated and passed all authorization checks. Authorization checks include verifying the user has the necessary select and update privileges on the application table and checking Database Vault, Label Security and Virtual Private Database enforcement policies.

    Read the article

  • Address Regulatory Mandates for Data Encryption Without Changing Your Applications

    - by Troy Kitch
    The Payment Card Industry Data Security Standard, US state-level data breach laws, and numerous data privacy regulations worldwide all call for data encryption to protect personally identifiable information (PII). However encrypting PII data in applications requires costly and complex application changes. Fortunately, since this data typically resides in the application database, using Oracle Advanced Security, PII can be encrypted transparently by the Oracle database without any application changes. In this ISACA webinar, learn how Oracle Advanced Security offers complete encryption for data at rest, in transit, and on backups, along with built-in key management to help organizations meet regulatory requirements and save money. You will also hear from TransUnion Interactive, the consumer subsidiary of TransUnion, a global leader in credit and information management, which maintains credit histories on an estimated 500 million consumers across the globe, about how they addressed PCI DSS encryption requirements using Oracle Database 11g with Oracle Advanced Security. Register to watch the webinar now.

    Read the article

  • Multi-module web project with Spring and Maven

    - by Johan Sjöberg
    Assume we have a few projects, each containing some web resources (e.g., html pages). parent.pom +- web (war) +- web-plugin-1 (jar) +- web-plugin-2 (jar) ... Let's say web is the deployable war project which depends on the known, but selectable, set of plugins. What is a good way to setup this using Spring and maven? Let the plugins be war projects and use mavens poor support for importing other war projects Put all web-resource for all plugins in the web project Add all web-resources to the classpath of all jar web-plugin-* dependencie and let spring read files from respective classpath? Other? I've previously come from using #1, but the copy-paste semantics of war dependencies in maven is horrible.

    Read the article

  • SQLAuthority News – Wireless Router Security and Attached Devices – Complex Password

    - by pinaldave
    In the last four days (April 21-24), I have received calls from friends who told me that they have got strange emails from me. To my surprise, I did not send them any emails. I was not worried until my wife complained that she was not able to find one of the very important folders containing our daughter’s photo that is located in our shared drive. This was alarming in my par, so I started a search around my computer’s folders. Again, please note that I am by no means a security expert. I checked my entire computer with virus and spyware, and strangely, there I found nothing. I tried to think what can cause this happening. I suddenly realized that there was a power outage in my area for about two hours during the days I have mentioned. Back then, my wireless router needed to be reset, and so I did. I had set up my WPA-PSK [TKIP] + WPA2-PSK [AES] very well. My key was very simple ( ‘SQLAuthority1′), and I never thought of changing it. (It is now replaced with a very complex one). While checking the Attached Devices, I found out that there was another very strange computer name and IP attached to my network. And so as soon as I found out that there is strange device attached to my computer, I shutdown my local network. Afterwards, I reconfigured my wireless router with a more complex security key. Since I created the complex password, I noticed that the user is no more connecting to my machine. Subsequently, I figured out that I can also set up Access Control List. I added my networked computer to that list as well. When I tried to connect from an external laptop which was not in the list but with a valid security key, I was not able to access the network, neither able to connect to it. I wasn’t also able to connect using a remote desktop, so I think it was good. If you have received any nasty emails from me (from my gmail account) during the afore-mentioned days, I want to apologize. I am already paying for my negligence of not putting a complex password; by way of losing the important photos of my daughter. I have already checked with my client, whose password I saved in SSMS, so there was no issue at all. In fact, I have decided to never leave any saved password of production server in my SSMS. Here is the tip SQL SERVER – Clear Drop Down List of Recent Connection From SQL Server Management Studio to clean them. I think after doing all this, I am feeling safe right now. However, I believe that safety is an illusion of many times. I need your help and advice if there is anymore I can do to stop unauthorized access. I am seeking advice and help through your comments. Reference : Pinal Dave (http://www.SQLAuthority.com) Filed under: SQL, SQL Authority, SQL Query, SQL Security, SQL Server, SQL Tips and Tricks, SQLAuthority News, T SQL, Technology

    Read the article

  • How to store Role Based Access rights in web application?

    - by JonH
    Currently working on a web based CRM type system that deals with various Modules such as Companies, Contacts, Projects, Sub Projects, etc. A typical CRM type system (asp.net web form, C#, SQL Server backend). We plan to implement role based security so that basically a user can have one or more roles. Roles would be broken down by first the module type such as: -Company -Contact And then by the actions for that module for instance each module would end up with a table such as this: Role1 Example: Module Create Edit Delete View Company Yes Owner Only No Yes Contact Yes Yes Yes Yes In the above case Role1 has two module types (Company, and Contact). For company, the person assigned to this role can create companies, can view companies, can only edit records he/she created and cannot delete. For this same role for the module contact this user can create contacts, edit contacts, delete contacts, and view contacts (full rights basically). I am wondering is it best upon coming into the system to session the user's role with something like a: List<Role> roles; Where the Role class would have some sort of List<Module> modules; (can contain Company, Contact, etc.).? Something to the effect of: class Role{ string name; string desc; List<Module> modules; } And the module action class would have a set of actions (Create, Edit, Delete, etc.) for each module: class ModuleActions{ List<Action> actions; } And the action has a value of whether the user can perform the right: class Action{ string right; } Just a rough idea, I know the action could be an enum and the ModuleAction can probably be eliminated with a List<x, y>. My main question is what would be the best way to store this information in this type of application: Should I store it in the User Session state (I have a session class where I manage things related to the user). I generally load this during the initial loading of the application (global.asax). I can simply tack onto this session. Or should this be loaded at the page load event of each module (page load of company etc..). I eventually need to be able to hide / unhide various buttons / divs based on the user's role and that is what got me thinking to load this via session. Any examples or points would be great.

    Read the article

  • What are some topics you'd like to see covered in an 'Introduction to Network Security' book?

    - by seth.vargo
    I'm trying to put together a list of topics in Network Security and prioritize them accordingly. A little background on the book - we are trying to gear the text towards college students, as an introduction to security, and toward IT professionals who have recently been tasked with securing a network. The idea is to create a book that covers the most vital and important parts of securing a network with no assumptions. So, if you were a novice student interested in network security OR an IT professional who needed a crash course on network security, what topics do you feel would be of the upmost importance in such a text?

    Read the article

< Previous Page | 7 8 9 10 11 12 13 14 15 16 17 18  | Next Page >