Search Results

Search found 11938 results on 478 pages for 'secure boot'.

Page 117/478 | < Previous Page | 113 114 115 116 117 118 119 120 121 122 123 124  | Next Page >

• Windows secure pinned website tile

  - by Stijn de Voogd

  I'm currently working on a pinned website tile for my website and instead of using a static XML file i'm linking the tile to a web api that returns user specific XML. My question is: Is it possible to secure this tile so that a user needs to be logged in before the data loads? The pinned website livetile doesn't send any security request headers/ cookies: - Http: Request, GET /v1/livetile/firsttile Command: GET + URI: /v1/livetile/firsttile ProtocolVersion: HTTP/1.1 UserAgent: Microsoft-WNS/6.3 Host: 192.168.14.109:2089 Cache-Control: no-cache HeaderEnd: CRLF Sidenote: Notice how it's not even sending an accept header even though it only wants xml. Info: http://msdn.microsoft.com/en-US/library/ie/dn455106 http://msdn.microsoft.com/en-us/library/ie/hh761491.aspx# Thanks in advance!

  Read the article

• How to secure authorization of methods

  - by Kurresmack

  I am building a web site in C# using MVC.Net How can I secure that no unauthorized persons can access my methods? What I mean is that I want to make sure that only admins can create articles on my page. If I put this logic in the method actually adding this to the database, wouldn't I have business logic in my data layer? Is it a good practise to have a seperate security layer that is always in between of the data layer and the business layer to make? The problem is that if I protect at a higher level I will have to have checks on many places and it is more likely that I miss one place and users can bypass security. Thanks!

  Read the article

• How do I secure all the admin actions in all controllers in cakePHP

  - by Gaurav Sharma

  Hello Everyone, I am developing an application using cakePHP v 1.3 on windows (XAMPP). Most of the controllers are baked with the admin routing enabled. I want to secure the admin actions of every controller with a login page. How can I do this without repeating much ? One solution to the problem is that "I check for login information in the admin_index action of every controller" and then show the login screen accordingly. Is there any better way of doing this ? The detault URL to admin (http://localhost/app/admin) is pointing to the index_admin action of users controller (created a new route for this in routes.php file) Thanks

  Read the article

• iphone: is there any secure way to establish 2-way SSL from an application

  - by pmilosev

  Hi I need to establish a HTTPS 2-way SSL connection from my iPhone application to the customer's server. However I don't see any secure way to deliver the client side certificates to the application (it's an e-banking app, so security is really an issue). From what I have found so far the only way that the app would be able to access the certificate is to provide it pre-bundeled with the application itself, or expose an URL from which it could be fetched (http://stackoverflow.com/questions/2037172/iphone-app-with-ssl-client-certs). The thing is that neither of this two ways prevent some third party to get the certificate, which if accepted as a risk eliminates the need for 2-way SSL (since anyone can have the client certificate). The whole security protocol should look like this: - HTTPS 2-way SSL to authenticate the application - OTP (token) based user registration (client side key pair generated at this step) - SOAP / WSS XML-Signature (requests signed by the keys generated earlier) Any idea on how to establish the first layer of security (HTTPS) ? regards

  Read the article

• How secure is my website?

  - by Doug

  As a beginning web developer, I try my best to clean up all the user inputs through checks and what not. However, today, I found out my website was hacked (I'll share their website on request) and it really made my wonder how did they do it. I'm in the process of getting my website back together. What should I do to prevent these things? Is there people I should talk to and ask how secure my website is? What can I do to to keep my website safe?

  Read the article

• How to secure authiorization of methods

  - by Kurresmack

  I am building a web site in C# using MVC.Net How can I secure that no unauthorized persons can access my methods? What I mean is that I want to make sure that only admins can create articles on my page. If I put this logic in the method actually adding this to the database, wouldn't I have business logic in my data layer? Is it a good practise to have a seperate security layer that is always in between of the data layer and the business layer to make? The problem is that if I protect at a higher level I will have to have checks on many places and it is more likely that I miss one place and users can bypass security. Thanks!

  Read the article

• How to load secure S3 images into Flex with temporary URLs

  - by Yarin

  I have some secure images on S3 that I need to load into Flex. I was expecting to be able to do this using signed temporary URLs but can't get it working. I know the URLs I'm generating are correct, because they load fine in my browsers' address bar. Moreover, Flex has no problem loading my images with a non-signed url when they are public, but as soon as I try signing the urls all the images fail, whether public or not. I've tried image.source = signedURL, image.load(signedURL), etc. If I try loading the file with URLLoader/URLStream, it looks like I'm getting the data OK, but I'm not sure how to translate those results to an Image control. Is this just an issue with the Image control not being able to recognize signed urls? Do I have to load the image from a byte array? What would that look like?

  Read the article

• Spring security oauth2 provider to secure non-spring api

  - by user1241320

  I'm trying to set up an oauth 2.0 provider that should "secure" our restful api using spring-security-oauth. Being a 'spring fan' i thought it could be the quicker solution. main point is this restful thingie is not a spring based webapp. boss says the oauth provider should be a separate application, but i'm starting to doubt that. (got this impression by reading spring-security-oauth) i'm also new here so haven't really got my hands into this other (jersey-powered) restul api (core of our business). any help/hint will be much appreciated.

  Read the article

• htpasswd, secure specific files in zend framework

  - by AKFourSeven

  Hi I have been bashing my head against the wall with this riddle and cannot find the way to solve this. I would like to secure couple of files to restrict access to certain pages but my attempts so far are unsuccessful. I do not want to use Zend Auth as it is a very small web site doing simple stuff. Here is a sample of what I have done: AuthUserFile /path/to/my/.htpasswd AuthName "Admin Restriction" AuthType Basic <Files file.phtml> require valid-user </Files> Is there any way to achieve this ?

  Read the article

• Is it secure to use malloc?

  - by Felix Guerrero

  Somebody told me that allocating with malloc is not secure anymore, I'm not a C/C++ guru but I've made some stuff with malloc and C/C++. Does anyone know about what risks I'm into? Quoting him: [..] But indeed the weak point of C/C++ it is the security, and the Achilles' heel is indeed malloc and the abuse of pointers. C/C++ it is a well known insecure language. [..] There would be few apps in what I would not recommend to continue programming with C++."

  Read the article

• Writing secure java code with RMI

  - by jtnire

  Hi Everyone, This may seem like a very broad question, but any help is appreciated. I have a client/server solution written in java which uses the Cajo project (which uses RMI). I just want to try and make my solution as secure as possible, given the sensitive data that will be transferred between server and client. So far, my ideas are to make all my classes "final" as well as throw a "non-serializable" exception for all my classes in the server (except for the object bound in the RMI registry, and any objects that actually do need to be transferred of course). Can anyone think of any other ideas? I know that someone could write a malicious client - this isn't hard to do as you can find out the remote object's API using reflection. However is there anything I can do to protect a malicious client access classes/objects within the server that they are not supposed to access? Many Thanks

  Read the article

• Secure password transmission over unencrypted tcp/ip

  - by academicRobot

  I'm in the designing stages of a custom tcp/ip protocol for mobile client-server communication. When not required (data is not sensitive), I'd like to avoid using SSL for overhead reasons (both in handshake latency and conserving cycles). My question is, what is the best practices way of transmitting authentication information over an unencrypted connection? Currently, I'm liking SRP or J-PAKE (they generate secure session tokens, are hash/salt friendly, and allow kicking into TLS when necessary), which I believe are both implemented in OpenSSL. However, I am a bit wary since I don't see many people using these algorithms for this purpose. Would also appreciate pointers to any materials discussing this topic in general, since I had trouble finding any.

  Read the article

• Secure messaging using Signed MIME is it reliable?

  - by aaronb

  We have an automatic reporting and notification system written in .net that sends emails with plain text. We are having to encrypt the messages that we send our clients. The possible implementation approaches we have: Send messages as S/Mime email with attachments. Plain text email with that just contains a link to a web site that will display the message over https. It seems like S/Mime is a simpler solution, as we won't need to create the web application or secure it. Our concern is our interoperability with our clients email clients and more importantly their email filtering software. Has anyone had success or issues deploying a Signed MIME messaging solution?

  Read the article

• Secure Gmail login on web browser from external Java program

  - by Zach Scrivena

  Is there a secure way of logging into a Gmail account on a web browser, from an external Java program? I know the following works, but is there a safer alternative? Desktop.getDesktop().browse(new URI( "https://www.google.com/accounts/ServiceLoginAuth?continue=http://mail.google.com/gmail" + "&service=mail&Email=LOGIN&Passwd=PASSWORD&null=Sign+in")); Clarification: The external Java program is GmailAssistant, a Gmail notifier that already uses the IMAP capabilities of JavaMail. I just need a way of allowing the user to access the account directly in a web browser.

  Read the article

• Secure C# Assemblies from unauthorized Callers

  - by Creepy Gnome

  Is there any way to secure your assembly down to the class/property & class/method level to prevent the using/calling of them from another assembly that isn't signed by our company? I would like to do this without any requirements on strong naming (like using StrongNameIdentityPermission) and stick with how an assembly is signed. I really do not want to resort to using the InternalsVisibleTo attribute as that is not maintainable in a ever changing software ecosystem. For example: Scenario One Foo.dll is signed by my company and Bar.dll is not signed at all. Foo has Class A Bar has Class B Class A has public method GetSomething() Class B tries to call Foo.A.GetSomething() and is rejected Rejected can be an exception or being ignored in someway Scenario Two Foo.dll is signed by my company and Moo.dll is also signed by my company. Foo has Class A Moo has Class C Class A has public method GetSomething() Class C tries to call Foo.A.GetSomething() and is not rejected

  Read the article

• Secure Webservice?

  - by cam

  I'm trying to create a secure webservice (that provides simple database data) with PHP that can be connected to through my Silverlight application. I don't know enough about PHP to be able to see another way to do this. The webservice should only be accessible through the client, and only with the proper username/password. The only two ways I can imagine to do this would be by passing the username/password hash via URL, or use a "hidden form" and do it via POST_. I'm just trying to get past this point, I'm the sole developer on this project and I'm just trying to get past this PHP webservice part so I can get back to being an application programmer :) Normally, I would learn PHP, but I'm on the clock, so I'm just looking for a point in the right direction on how to achieve this!

  Read the article

• Is this a secure way to structure a mysql_query in PHP

  - by Supernovah

  I have tried and tried to achieve an SQL injection by making custom queries to the server outside of firefox. Inside the php, all variables are passed into the query in a string like this. Note, by this stage, $_POST has not been touched. mysql_query('INSERT INTO users (password, username) VALUES(' . sha1($_POST['password']) . ',' . $_POST['username'] . ')); Is that a secure way to make a change?

  Read the article

• Secure Desktop Mode effect for java application

  - by Aiden Strydom

  Does anyone now how to achieve a "Secure-Desktop Mode" (effect) such as one gets from the Windows Vista/7 UAC consent-blocks? I assume it is some function which will remove pixels here-and-there (and possibly graying them) and then finally drawing that to screen... I would like to apply it to my application to keep the user from doing anything until the another user connects to the system (but that is besides the point) I would really appreciate the advise. Kind regards A EDIT: i was really only looking for this graphicsFX.setColor(new Color(0, 0, 0, 0.8f)); graphicsFX.fillRect(0, 0, 800, 600); the defering of input i can do quite well... Thanks for all....

  Read the article

• Rails - How to secure foreign keys and still allow association selection

  - by Bryce

  For simplicity, assume that I have a simple has-many-through relationship class User < ActiveRecord::Base has_many :courses, :through => :registrations end class Registration < ActiveRecord::Base belongs_to :user belongs_to :course end class Course < ActiveRecord::Base has_many :users, :through => :registrations end I want to keep my app secure, so I use attr_accessible to whitelist my attributes. My question is twofold: How would I set up my whitelist attributes such that I could create a new Registration object through a form (passing in :user and :course, but not risk allowing those foreign keys to be maliciously updated later? How would I set up my validations such that both belongs_to associations are required BUT also allow for Registration objects to be created in nested forms?

  Read the article

• Secure Menu Items Based on User

  - by Mike Wills

  On this winform application I am writing, I want to secure one menu item from most users. It runs a month-end and cannot be easily backed out if accidentally run. The menu option opens up a window to prompt the user for some information before processing. I don't care where exactly I do the check, but I want to be sure only certain users can run this function. A Google search (on my question title above) didn't turn up anything obvious. Can anyone point me in a direction to pick up who is signed into Windows and how to check if they are authorized?

  Read the article

• Ubuntu Server - Power failure leads to boot failure

  - by Ali Nadalizadeh

  I have installed Ubuntu Server 10.04.1 LTS on an ext4 partition. Whenever my system looses power suddenly, It doesn't boot into the normal procedure to fix the problems automatically, but switches to the busy box shell (where it says Kernel Panic : No init found) So I guess kernel is refusing to mount the filesystem when it is not clean, since when I boot up using a Live CD and fsck it, it boots up correctly. How can I force kernel to mount the filesystem, even if it is not clean ?, so that automated fsck on system startup fixes the problems... (or it's a grub problem ?) K-V : 2.6.32-26-generic-pae #48-Ubuntu SMP

  Read the article

• MacBook Pro Boot Camp SPDIF passthrough?

  - by Ryan Zink

  I'm using Windows 7 through Boot Camp on a unibody Macbook Pro and am having problems using the SPDIF output. I get the expected Dolby Digital or DTS in some movies, but in other movies and in games (Source engine, StarCraft 2) where the output is enabled to 5.1, the output invariably shows up as Dolby Pro Logic, which means (I think) that passthrough is not enabled. The boot camp drivers for the sound card don't have any sort of control panel, and the Windows settings for enabling DTS and Dolby seem to work when I test those outputs in the sound settings. Is there some other setting or utility I can use to enable SPDIF passthrough for all programs?

  Read the article

• CentOS will not boot. Error 13

  - by ipengineer

  I am having trouble with one of our CentOS servers. I migrated this server to XenServer, installed a new xen kernel, and performed a mkinitrd with: mkinitrd --omit-scsi-modules --with=xennet --with=xenblk --preload=xenblk initrd-2.6.18-308.4.1.el5xen-no-scsi.img 2.6.18-308.4.1.el5xen Now I am getting an error 13 on boot. Screenshot: http://postimage.org/image/k7js0l41v/ I can still boot with the PAE kernel. Does anyone have any idea on how to resolve this? My Grub file looks like: default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title CentOS (2.6.18-308.4.1.el5xen) root (hd0,0) kernel /vmlinuz-2.6.18-308.4.1.el5xen ro root=/dev/hdb1 ramdisk_size=256000 initrd /initrd-2.6.18-308.4.1.el5xen-no-scsi.img title CentOS (2.6.18-308.4.1.el5PAE) root (hd0,0) kernel /vmlinuz-2.6.18-308.4.1.el5PAE ro root=/dev/hdb1 ramdisk_size=256000 initrd /initrd-2.6.18-308.4.1.el5PAE.img title CentOS (2.6.18-274.17.1.el5PAE) root (hd0,0) kernel /vmlinuz-2.6.18-274.17.1.el5PAE ro root=/dev/hdb1 ramdisk_size=256000 initrd /initrd-2.6.18-274.17.1.el5PAE.img

  Read the article

• Can someone recommend a Compact Flash card to be used as a boot disk

  - by Hamish Downer

  I have an early Acer Aspire One netbook, and the flash drive is really slow at writing. I've taken it apart to add more RAM, but I've pretty much stopped using it. I've read about people replacing the SSD with a Compact Flash card and a CF to ZIF adapter but I've also read about some Compact Flash cards where the manufacturer has permanently disabled the boot flag to stop people doing this kind of mod. (Can't find the link any more though). So my most specific question is: can someone recommend a compact flash card that does allow the boot flag to be set? Please say whether you've done it yourself, or just heard about it from someone else. Beyond that, is this generally a problem?

  Read the article

• Ubuntu Lucid: Erratic screen behaviour after boot

  - by fgysin

  In short: about 50% of the time I have a screwed up monitor setup after reboot. About 50% it is totally correct. Now the longer version: I updated my machine from 9.04 to 10.04 (via 9.10). At first I run into some monitor problems (I have a 3-monitor setup) because of the known bug in the new xserver driver for xinerama. This messes up behaviour if the mouse goes either left or above the screen number 0, i.e. I had to make my left-most monitor screen 0. Everything worked out fine finally, I got my 3-monitor setup back with xinerama enabled to get one big desktop streched over 3 screens. Now the fun part: Every time I start up my machine only one of the 3 monitors gets a signal and is woken up: it only recognizes the left-most monitor (screen 0) and crams all the desktop stuff into this one screen. If I go into nvidia settings I only see one physical device although all 3 are connected and have power. When I look into the xorg.conf I can still see my old setup with 3 devices, 3 screens, xinerama active etc... But I was totally unable to get 3 montitors to work. (I tried unplugging monitors, reconfiguring whole nvidia setup, ...) But it gets even better: When I restart my machine (i.e. choose the restart option from the Ubuntu menu) it shuts down and tries to restart. The restart then gets stuck after showing the Ubuntu splash screen with the 'loading bar' (the moving dots thingy) and I am forced to kill the machine by cutting power. But after the power cut the machine boots up normally and suddenly I get my 3 monitor setup back up working. That is until the next time I shut down and start up, where it all starts over again and I only have one monitor... (see above) I really have a hard time seeing where the error is. It must be that the restart boot somehow differs from the 'normal' boot. But the fact that it gets stuck and I need to cut power which then basically triggers a 'normal' boot does not really support this theory... My setup (please tell me if you need further info): 3 monitors as 3 screens as one desktop (with xinerama) 2 nvidia cards where screen 0 and 1 are on card 0 and screen 2 is on card 1 Ubuntu 10.04 Lucid Lynx (updated from 9.10, 9.04, ....) I would appreciate every idea on the subject, at the moment I really don't have any clue what to do...

  Read the article

< Previous Page | 113 114 115 116 117 118 119 120 121 122 123 124  | Next Page >