Search Results

Search found 4062 results on 163 pages for 'secure government ficam sicam'.

Page 115/163 | < Previous Page | 111 112 113 114 115 116 117 118 119 120 121 122  | Next Page >

• Best package for basic web-based file manager

  - by alchemical

  I'm looking for a basic web-based file management application. It must have an affordable price, and fairly easy installation would be a plus. ASP.Net / IIS based would be easiest for me to work with. Basically, I'd like it to create a secure web site where myself and a few people can exchange various types of files, etc. I'm looking for a package I can install on my own server rather than a web-based service, as I think I can get more space at a good price point this way. I could go custom coding, but I figure this is such a generic need, there must be something already mature out there at a decent price. What has worked best for you?

  Read the article

• PageMethods security

  - by TenaciousImpy

  Hi, I'm trying to 'AJAX-ify' my site in order to improve the UI experience. In terms of performance, I'm also trying to get rid of the UpdatePanel. I've come across a great article over at Encosia showing a way of posting using PageMethods. My question is, how secure are page methods in a production environment? Being public, can anyone create a JSON script to POST directly to the server, or are there cross-domain checks taking place? My PageMethods would also write the data into the database (after filtering). I'm using Forms Authentication in my pages and, on page load, it redirects unauthenticated users to the login page. Would the Page Methods on this page also need to check authentication if the user POSTs directly to the method, or is that authentication inherited for the entire page? (Essentially, does the entire page cycle occur even if a user has managed to post only to the PageMethod)? Thanks

  Read the article

• SSL Form Post in ASP.NET MVC 1.0

  - by goombaloon

  I'd like to use SSL for the post action on the login page of my MVC 1.0 app. I've seen some articles related to the [RequireSSL] attribute in ASP.NET MVC Futures. However, since this works using a redirect, I assume it's not an option (can't redirect a POST, correct?). Ultimately, my goal is to get the Html.BeginForm method to render "https://..." as the form's action so that I can secure the information being posted (login info). How have others handled this?

  Read the article

• Implementing Security on custom BCS/.net class?

  - by Michael Stum

  I'm implementing a custom BCS Model to get data from a backend system. As the backend uses it's own user management, I'm accessing it through a service account. All of this works well and allows me to pull data into SharePoint. However because it's channeled through the service account, everyone can access it, which is bad. Can anyone give me some tips which method to implement? The backend does not give me NT ACLs, but I wonder if I could just "fake" them somehow? (Essentially saying "This NT Group has Read Access" is good enough). I am aware of ISecurityTrimmer2 for Search Results, but ideally I want to cover security inside the BCS Model so that it applies to external lists as well. I want to avoid using Secure storage and mapping each individual user to the backend.

  Read the article

• Does Google index HTTPS ASP.NET pages?

  - by ncakmak

  I have an online application that all of its pages use HTTPS. I have 3 questions: Does Google index HTTPS pages? I have a password protected single ASP.NET page (using HTTPS). Password protection is basically achieved by a Session object. When the correct password is entered, it hides the login panel and displays the same page which has a sensitive data. Is this page indexed by Google? I have a Secure folder that I implemented Forms Authentication. All pages in folder use HTTPS as well. Are the pages in this folder indexed by Google? Thank you for your help, Niyazi

  Read the article

• Let MySQL users create databases, but allow access to only their own databases

  - by eikes

  I want to have multiple a MySQL users to be able to issue commands like CREATE DATABASE dbTest; But I also want each of these users to be able to see and access only their own databases. All I could find was how to either create the databases by a DBA and grant the privileges on this database to the specific user: GRANT ALL PRIVILEGES ON dbTest.* TO 'user'; or grant privileges on all databases to a user: GRANT ALL PRIVILEGES ON *.* TO 'user'; But neither is what I want, because it needs to scale and be secure.

  Read the article

• How to generate a client certificate using a third party CA-NOT Self Signed CA

  - by Bryan

  I am trying to trying to export a client certificate for use with a web browser. The goal is to restrict access using the <Location directive to the admin area. I have seen numerous tutorials on using self signed CAs. How would you do this using a third party? 1) Do I need to include the CA in the client pfx if it is a trusted root CA? I have seen both examples. Without CA: openssl pkcs12 -export -inkey KEYFILENAME -in CERTFILEFILENAME -out XXX.pfx With CA: openssl pkcs12 -export -in my.crt- inkey my.key -certfile my.bundle -out my.pfx 2) Do I need to still include SSLCACertificateFile for trusted CA in the httpd.conf setup? SSLVerifyClient none SSLCACertificateFile conf/ssl.crt/ca.crt <Location /secure/area> SSLVerifyClient require SSLVerifyDepth 1 </Location> http://www.modssl.org/docs/2.8/ssl_howto.html#ToC8

  Read the article

• What are the use cases for closures/callback functions in Javascript?

  - by Christopher Altman

  I was listening to Crockford's talk on Javascript closures and am convinced of the benefit of information hiding, but I do not have a firm understanding of when to use callback functions. It is mostly a true statement that a person could accomplish the same functionality with or without callbacks. As someone who is writing code, what heuristics or cues should I keep in mind when determining when to use callbacks/closures? I am not looking for the blanket statement 'Closures make more secure code', rather a list of practical examples or rules of thumb for when callbacks are the right idea. Crockford's Presentation: http://www.yuiblog.com/blog/2010/04/08/video-crockonjs-5/

  Read the article

• Finding out what user Apache is running as?

  - by AP257

  I want to secure a file upload directory on my server as described beautifully here, but I have one problem before I can follow these instructions. I don't know what user Apache is running as. I've found a suggestion that you can look in httpd.conf and there will be a "User" line, but there is no such line in my httpd.conf file, so I guess Apache is running as the default user. I can't find out what that is, though. So, my question is (are): how do I find out what the default user is do I need to change the default user if the answer is yes and I change the default user by editing httpd.conf, is it likely to screw anything up? Thanks!

  Read the article

• My website is infected with JS:ScriptIP-inf [Trj]

  - by Rizwan Aaqil

  I am using Network Solutions hosting. I was recently attacked with JS:Illredir-S [Trj], I asked my hosting providers to clean it and they cleaned it and updated all passwords, but now after a week my site got infected again with JS:ScriptIP-inf [Trj]. Can anyone please suggest me how to secure my website properly ? Should I change my hosting provider ? I am fed up of these viruses again and again on my websites. I can't even find this virus in my files. Please post informative answers. Thanks

  Read the article

• DotNetOpenAuth OpenIdTextBox For Google/Yahoo

  - by user300992

  If I want to integrate DotNetOpenAuth (primary for people to use their Google/Yahoo accounts to login, not act as provider) into my existing site, is this one line control good enough? <rp:OpenIdTextBox ID="OpenIdTextBox1" runat="server" /> Say, if a user wants to login as Google, I can simply set the textbox to "https://www.google.com/accounts/o8/id" and then they can login. I tried it with my Google account, it seems working and I can get the token from HttpContext.Current.User.Identity.Name. Is this "one line" solution secure enough for production? or is it a "must" that I have to use "OpenIdSelector" or "OpenIDLogin" control? I also opened the .net template and some samples, they are very complicated. There are PAPE policies, xrds.aspx (for discovery), ConsumerKey + ConsumerSecret...etc. As a newbie, I am very confused. Any tips on this will be really appreciated. Thanks

  Read the article

• Advice on HTTPS connections using Ruby on Rails

  - by user502052

  Since I am developing a "secure" OAuth protocol for my RoR3 apps, I need to send protected information over the internet, so I need to use HTTPS connections (SSL/TSL). I read How to Cure Net::HTTP’s Risky Default HTTPS Behavior aticle that mentions the 'always_verify_ssl_certificates' gem, but, since I want to be more "pure" (it means: I do not want to install other gems, but I try to do everything with Ruby on Rails) as possible, I want to do that work without installing new gems. I read about 'open_uri' (it is also mentioned in the linked article: "open_uri is a common exception - it gets things right!") that is from the Ruby OOPL and I think it can do the same work. So, for my needs, is 'open_uri' the best choice (although it is more complicated of 'always_verify_ssl_certificates' gem)? If so, can someone help me using that (with an example, if possible) because I have not found good guides about?

  Read the article

• Web site aggregation with twitter widget SSL issue

  - by AB

  Hello! I'm seeking for solution how to isolate widget included by partial to main site. Issue appear when user access site with https. Ie 6,7 shows security confirmation dialog (part of website resources are not in secure zone). First of all I download twitter widget on our side, also I download all CSS and pictures. Then I patched widget JS to point onto downloaded resources. But still has not luck with security warning :( I guess the reason of this issue is AJAX request to twitter, but there is no idea how to sole it. (Just to create some kind of proxy on our side). Thank you for attention.

  Read the article

• Concurrency Problem in Java ...

  - by Tara Singh

  I am designing a client-server chat application in Java. This is a secure application where the messages are exchanged using cryptographic algorithms. I have one server and it can support many clients. My problem is that when one client logs on the server it works fine, but when another user logs into the system, the server starts giving me bad padding exceptions for the encrypted text. I am not able to figure out the problem, according to my logic, when new connection request to server is made, the server creates a thread for listening to the client. Is it possible that once the instance of thread class is created, it does all the processing correctly for the first client, but not for the second client because the variables in server listener thread class already have some previous value, and thus the encrypted text is not decrypted properly? Please advise how I can make this process more robust so that the number of clients does not affect how well the server functions.

  Read the article

• Tools to test softwares against any attacks for programmers ?

  - by berkay

  in these days, i'm interested in software security. As i'm reading papers i see that there are many attacks and researchers are trying to invent new methods for softwares to get more secure systems. this question can be a general including all types of attacks.There are many experienced programmers in SO, i just want to learn what are using to check your code against these attacks ? Is there any tools you use or you don't care ? For example i heard about,static,dynamic code analysis, fuzz testing. SQL injection attacks Cross Site Scripting Bufferoverflow attacks Logic errors Any kind of Malwares Covert Channels ... ... thanks

  Read the article

• How to configure Multi-tenant plugin as single-tenant with Spring security plugin as resolver?

  - by Fabien Barbier

  I can create a secure, multi-tenant web app with Grails by : setup spring security plugin, setup Multi-tenant plugin (via multi-tenant install and multi-tenant-spring-security) update config.groovy : tenant { mode = "multiTenant" resolver.type = "springSecurity" } add : Integer userTenntId in User domain add a domain class for tenant Organization associate the tenants with Organization Edit BootStrap.groovy. Everything works fine in multi-tenant mode, but how to use mode = "singleTenant" ? This configuration sound not working : tenant { mode = "singleTenant" resolver.type = "springSecurity" } Edit : I try this config : tenant { mode = "singleTenant" resolver.type = "springSecurity" datasourceResolver.type = "config" dataSourceTenantMap { t1 = "jdbc:hsqldb:file:custFoo" t2 = "jdbc:hsqldb:file:custBar" } } But I get : ERROR errors.GrailsExceptionResolver - Executing action [list] of controller [org.example.TicketController] caused exception: java.lang.StackOverflowError and : Caused by: java.lang.StackOverflowError at org.grails.multitenant.springsecurity.SpringSecurityCurrentTenant.getTenantIdFromSpringSecurity(SpringSecurityCurrentTenant.groovy:50) at org.grails.multitenant.springsecurity.SpringSecurityCurrentTenant.this$2$getTenantIdFromSpringSecurity(SpringSecurityCurrentTenant.groovy) at org.grails.multitenant.springsecurity.SpringSecurityCurrentTenant$this$2$getTenantIdFromSpringSecurity.callCurrent(Unknown Source) at org.grails.multitenant.springsecurity.SpringSecurityCurrentTenant.get(SpringSecurityCurrentTenant.groovy:41) at com.infusion.tenant.spring.TenantBeanContainer.getBean(TenantBeanContainer.java:53) at com.infusion.tenant.spring.TenantMethodInterceptor.invoke(TenantMethodInterceptor.java:32) at $Proxy14.getConnection(Unknown Source)

  Read the article

• CSS for https urls

  - by Vincent

  Hello, looking for some help with images referenced within the stylesheet. I have no problems with these from non secure locations within the site but only from https. The stylesheet loads fine and displays everything correctly except for the images. example: body { margin: 0; padding: 0; background: url(/img/background_tile.gif) top left repeat-x; text-align: center; background-color: #fff; } All my css files and other image paths inside the code use relative urls to images. How can I make sure they all work fine without hard coding my image paths with https or http? I want the code to work fine with http and https. Thanks

  Read the article

• How to use Custom AuthorizeAttribute for controller utilizing parameter value?

  - by RSolberg

  I am trying to secure a controller action to prevent a user from accessing an Entity that they do not have access to. I am able to do this with the following code. public ActionResult Entity(string entityCode) { if (CurrentUser.VerifyEntityPermission(entityCode)) { //populate viewModel... return View(viewModel); } return RedirectToAction("NoAccessToEntity", "Error"); } I would like to be able to add an attribute to the controller action itself. In order to validate the access to the entity, I need to see what value has been passed to the controller and what entities the user has access to. Is this possible? [EntityAuthRequired] public ActionResult Entity(string entityCode) { //populate viewModel... return View(viewModel); }

  Read the article

• Use absolute path for easier modify include path in future?

  - by i need help

  config.php put at the root level, this file will be included in any pages. Then at config.php <?php define( 'ROOT_DIR', dirname(__FILE__) ); ?> So at all other pages from different sub/a.php , sub/sub/b.php directories, when I want to include a specific file in specific location, I just need to include( ROOT_DIR.'/include/functions.php' ); In windows server, the ROOT_DIR bring the value to C:/inetpub/vhosts/domain.com Is this a good/secure way? It seems like via this way, when I move the b.php to other upper level folder, I don't need to do any changes to the include file path, which is good for maintenance. Any cons? Like SEO wise, or any other reason... What you guys think.

  Read the article

• Thoughts on security model to store credit card details

  - by Faisal Abid

  Here is the model we are using to store the CC details how secure does this look? All our information is encrypted using public key encryption and the keypair is user dependent (its generated on the server and the private key is symmetric encrypted using the users password which is also Hashed on the database) So basically on first run the user sends in his password via a SSL connection and the password is used with the addition of salt to generate an MD5 hash, also the password is used to encrypt the private key and the private key is stored on the server. When the user wants to make a payment, he sends his password. The password decrypts the private key, and the private key decrypts the CC details and the CC details are charged.

  Read the article

• Add / remove a port number to/from a URL with REGEX in PHP

  - by SuperDuck

  Hello guys, I've searched but was unable to find an existing regex function. Has anybody done this before? I wish to add a port number, or remove a potantially existing one from a url in php. To use in some functions which translate a given url to the secure one, unsecure one, etc. Now I need a second SSL secured site on the server so I need to dynamically add a port number while converting http to https, and remove any port number while converting from https to http. Thanks, Duck

  Read the article

• |Ideas for applications using face detection and recognition

  - by Omry

  Full disclosure: I work at face.com. Face.com just launched a free (up to an hourly limit) face detection and recognition REST API. We got a very handy API sandbox that developers can use to play the API and to see what it can and can't do. Besides the obvious point of letting you guys know about the API, I wanted to hear from you what kind of applications you think can be developed with it. Some pretty obvious ideas: Face based login (not entirely secure but still fun). Automatic face crop for sites that let users upload photos (dating sites etc) Some kind of integration into augmented reality games There is no right or wrong answers here, use your imagination :).

  Read the article

• On iPhone, how do I show a login screen to get username and password before giving access to iPhone

  - by MikeN

  On iPhone, how do I show a login screen to get username and password before giving access to iPhone app? Also, does the iPhone store a cookie to the secure website like a web browser? I was thinking of giving users to my website a long API key to store in the settings of their iPhone instead of asking them to login with a username/password (seems to be the Slicehost iPhone app approach.) Which is the best way to get a user to login securely? I have full control over the design of the iPhone app and website so have a lot of flexibility.

  Read the article

• The host 'smtp' could not be found.

  - by SmartestVEGA

  I am getting the following error while sending mail by click of a button in MS access form I am using sendObject to send mail using vba code. The host 'smtp' could not be found. Please verify that you have entered the server name correctly. Account: 'pop3', Server: 'smtp', Protocol: SMTP, Port: 25, Secure(SSL): No, Socket Error: 11001, Error Number: 0x800CCC0D Points to note: I am able to send and receive mails in my outlook; Problem is only when send mails through VBA access application.(Means it is not a outlook client configuration problem) When i copy paste the Vba application to another PC, i could successfully send emails without any error. (means this is not a vba access application problem) Please help.

  Read the article

• Which open source social networking platform to use?

  - by vrao

  I want to build a highly secure social networking portal. Like other portals, subscriber users should be able to create a topic, discuss topic, share information about them, and have the ability for notifications/alerts. The added feature, I would like to have is to moderate users. Based on the topic of discussion, users will be asked automated questions and their responses will be processed to provide recommendations. I have no knowledge of social networking portal requirements. I will be coding alone and want to have something up and running in about six months. Which is the easiest open source platform that I should use to develop? I know some.net and sql, but I am open to use other platforms. Please give me your recommendations

  Read the article

< Previous Page | 111 112 113 114 115 116 117 118 119 120 121 122  | Next Page >