Search Results

Search found 4187 results on 168 pages for 'secure erase'.

Page 119/168 | < Previous Page | 115 116 117 118 119 120 121 122 123 124 125 126  | Next Page >

• Action -methods vs public methods in PHP frameworks

  - by Tower

  There are plenty of PHP frameworks out there as many of you know, and I am interested in your thoughts on this: Zend Framework has so-called action controllers that must contain at least one action method, a method whose name ends in "Action". For example: public function indexAction() {} The word "Action" is important, without it you can't access the method directly via the URI. However, in some other frameworks like Kohana you have public and private methods, where public methods are accessible and private are not. So my question is which do you think is a better approach? From a secure point of view I would vote Zend's approach, but I am interested in knowing what others think.

  Read the article

• SSRS 2008 + SSL displays 404 not found

  - by Matt

  Hi, I have SQL reporting services configured to use a secure certificate and when I visit both Reports and ReportManager I get a 404 not found error. The reporting services logs do not contain any error information. I am a bit at a loss to know where to start to diagnose this problem, especially as SSRS is not using IIS. I created the SSL binding using the Reporting Services Configuration Manager; IP Address: (All IPv4) SSL Port: 443 Certificate: {the certicate was present in the drop down list} URL: https://mydomain:444/Reports What can I check to get this working? Thanks

  Read the article

• how to run an ActiveX that must be visible and topmost on a server without a desktop?

  - by DanJ

  We're writing a server application that needs to use an ActiveX object that must be visible and Top-Most otherwise it doesn't render correctly. The challenge is that servers typically don't have an active desktop, and therefore the applications should not require one. Ours does. I must use this ActiveX, and I don't have access to the source code. When running from within remote-desktop everything works fine as long as the session is open. As soon as the session closes it stops working. I'm guessing this is because there is no desktop. Any ideas how I can work this out in a secure and robust way?

  Read the article

• Jersey, Spring, Tomcat and Security Annotations

  - by jr

  I need to secure a simple jersey RESTful API in a Tomcat 6.0.24 container. I'd like to keep the authentication with Basic Authentication using the tomcat-users.xml file to define the users and roles (this is for now, like I said its small). Now, for authorization I'd like to be able to use the JSR 250 annotations like @RolesAllowed, @PermitAll, @DenyAll, etc. I cannot for the life of me figure out how to wire this all up together. I really don't want to go spring-security route, since I need something very simple at the current time. Can someone point me in the right direction.

  Read the article

• iPhone - Web Access Authentication

  - by Terry

  I am building a secure app for our exec's... here is my setup. It's a somewhat Macgyver approach, but bear with me :) There are only 10 users, I have a record of each uniqueIdentifier on my backend in a database table. (This is internal only for our users, so I don't believe I am breaking the public user registration rule mentioned in the API docs) Through adhoc distribution I install my app on all 10 devices My app is simply composed of a UIWebView. When the app starts it does a POST to our https site sending the uniqueIdentifier. (Thanks to this answer) The server page that recieves the POST, checks the uniqueIdentifier and if found sets a session cookie that automatically logs them into the site. This way the user doesn't have to enter in their credentials every time. So what do you think, is there a security hole with this? Thanks

  Read the article

• SSL on Heroku / User Authentication Across Multiple Domains

  - by Euwyn

  Posted a previous question on this, but have a followup. I was trying to create a workaround to use SSL on the expensive custom domain. I'm willing to live with bumping a user to https://app.heroku.com from http://www.app.com for certain secure pages, and have monkey-patched SSL required to make this happen. However, now this issue is with making sure my User is logged in when I do so. As I understand, cookies aren't cross domain. Is there a way around this issue?

  Read the article

• Cyrillic characters from javascript cookie to php output via $_COOKIE

  - by Beck

  When i'm trying to put russian text in cookie via javascript and then output it via php it returns: %u043F%u0440%u043E%u0432%u0435%u0440%u043A%u0430 How to decode this to normal cyrillic characters? This is the function i'm using to pass to document.cookie: function setCookie(c_name,val,c_expiredays,c_path,c_domain,c_secure) { var exdate=new Date(); exdate.setDate(exdate.getDate()+c_expiredays); document.cookie=c_name+ "=" +escape(val)+ /* Additional settings */ ((c_path) ? "; path=" + c_path : "") + ((c_domain) ? "; domain=" + c_domain : "") + // used to allow using only on a certain domain ((c_secure) ? "; secure" : "") + // used for HTTPS (SSL) ((c_expiredays==null) ? "" : ";expires="+exdate.toGMTString()); } setCookie('name',$(this).val(),1); On server side, i'm outputting like that: (isset($_COOKIE['img_href_value']) ? $_COOKIE['img_href_value'] : '')

  Read the article

• Magic quotes in PHP

  - by VirtuosiMedia

  According to the PHP manual, in order to make code more portable, they recommend using something like the following for escaping data: if (!get_magic_quotes_gpc()) { $lastname = addslashes($_POST['lastname']); } else { $lastname = $_POST['lastname']; } I have other validation checks that I will be performing, but how secure is the above strictly in terms of escaping data? I also saw that magic quotes will be deprecated in PHP 6. How will that affect the above code? I would prefer not to have to rely on a database-specific escaping function like mysql_real_escape_string().

  Read the article

• Is writing eSQL database agnostic?

  - by Robert Koritnik

  Using EF we can use LINQ to read data which is rather simple (especialy using fluent calls), but we have less control unless we write eSQL on our own. Is writing eSQL database actually data store independant code? So if we decide to change data store, can the same statements still be used? Is writing eSQL strings in your code pose any serious security threats similar to writing TSQL statements in plain strings? So we moved to SPs. Could we still mode eSQL scripts outside of code as well and use some other technique to make them a bit more secure?

  Read the article

• How to use Windows login for single-sign-on and for Active Directory entries for Desktop Java applic

  - by Touko

  I'd like to have my desktop Java application to have single sign on related to Active Directory users. In two steps, I'd like to : Be sure that the particular user has logged in to Windows with some user entry. Check out some setup information for that user from the Active Directory With http://stackoverflow.com/questions/31394/java-programatic-way-to-determine-current-windows-user I can get the name of the current Windows user but can I rely to that? I think the System.getProperty("user.name") won't be secure enough? ("user.name" seems to be got from environment variables, so I can't rely on that, I think?) Question http://stackoverflow.com/questions/390150/authenticating-against-active-directory-with-java-on-linux provides me the authentication for given name+pass but I'd like to authenticate based on the Windows logon? For the Active Directory access, the LDAP would probably be the choise? I'm not totally sure if I'm asking the right questions but hopefully somebody has some ideas to forward me on.

  Read the article

• VCS File Downloading Issue with IE

  - by Sachin Gaur

  I am working on a http based (NOT Secure) Web Application. In this, I have provided a provision to add some appointment to the Client's outlook calendar. I am creating the .vcs file dynamically when clicked on a hyperlink. The code of generating .VCS file is: string calendarFormat = GetVCSFormat(); Response.ContentType = "text/calendar"; Response.AppendHeader("content-disposition", "attachment; filename=MyCalendar.vcs"); Response.Write(calendarFormat); Response.End(); It is working fine in all browsers except IE. It is giving me following error: Internet Explorer cannot download GenerateAppointment.aspx from server. Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later. Can anyone focus some light on it?

  Read the article

• Best package for basic web-based file manager

  - by alchemical

  I'm looking for a basic web-based file management application. It must have an affordable price, and fairly easy installation would be a plus. ASP.Net / IIS based would be easiest for me to work with. Basically, I'd like it to create a secure web site where myself and a few people can exchange various types of files, etc. I'm looking for a package I can install on my own server rather than a web-based service, as I think I can get more space at a good price point this way. I could go custom coding, but I figure this is such a generic need, there must be something already mature out there at a decent price. What has worked best for you?

  Read the article

• SSL Form Post in ASP.NET MVC 1.0

  - by goombaloon

  I'd like to use SSL for the post action on the login page of my MVC 1.0 app. I've seen some articles related to the [RequireSSL] attribute in ASP.NET MVC Futures. However, since this works using a redirect, I assume it's not an option (can't redirect a POST, correct?). Ultimately, my goal is to get the Html.BeginForm method to render "https://..." as the form's action so that I can secure the information being posted (login info). How have others handled this?

  Read the article

• PageMethods security

  - by TenaciousImpy

  Hi, I'm trying to 'AJAX-ify' my site in order to improve the UI experience. In terms of performance, I'm also trying to get rid of the UpdatePanel. I've come across a great article over at Encosia showing a way of posting using PageMethods. My question is, how secure are page methods in a production environment? Being public, can anyone create a JSON script to POST directly to the server, or are there cross-domain checks taking place? My PageMethods would also write the data into the database (after filtering). I'm using Forms Authentication in my pages and, on page load, it redirects unauthenticated users to the login page. Would the Page Methods on this page also need to check authentication if the user POSTs directly to the method, or is that authentication inherited for the entire page? (Essentially, does the entire page cycle occur even if a user has managed to post only to the PageMethod)? Thanks

  Read the article

• Implementing Security on custom BCS/.net class?

  - by Michael Stum

  I'm implementing a custom BCS Model to get data from a backend system. As the backend uses it's own user management, I'm accessing it through a service account. All of this works well and allows me to pull data into SharePoint. However because it's channeled through the service account, everyone can access it, which is bad. Can anyone give me some tips which method to implement? The backend does not give me NT ACLs, but I wonder if I could just "fake" them somehow? (Essentially saying "This NT Group has Read Access" is good enough). I am aware of ISecurityTrimmer2 for Search Results, but ideally I want to cover security inside the BCS Model so that it applies to external lists as well. I want to avoid using Secure storage and mapping each individual user to the backend.

  Read the article

• Does Google index HTTPS ASP.NET pages?

  - by ncakmak

  I have an online application that all of its pages use HTTPS. I have 3 questions: Does Google index HTTPS pages? I have a password protected single ASP.NET page (using HTTPS). Password protection is basically achieved by a Session object. When the correct password is entered, it hides the login panel and displays the same page which has a sensitive data. Is this page indexed by Google? I have a Secure folder that I implemented Forms Authentication. All pages in folder use HTTPS as well. Are the pages in this folder indexed by Google? Thank you for your help, Niyazi

  Read the article

• Let MySQL users create databases, but allow access to only their own databases

  - by eikes

  I want to have multiple a MySQL users to be able to issue commands like CREATE DATABASE dbTest; But I also want each of these users to be able to see and access only their own databases. All I could find was how to either create the databases by a DBA and grant the privileges on this database to the specific user: GRANT ALL PRIVILEGES ON dbTest.* TO 'user'; or grant privileges on all databases to a user: GRANT ALL PRIVILEGES ON *.* TO 'user'; But neither is what I want, because it needs to scale and be secure.

  Read the article

• How to generate a client certificate using a third party CA-NOT Self Signed CA

  - by Bryan

  I am trying to trying to export a client certificate for use with a web browser. The goal is to restrict access using the <Location directive to the admin area. I have seen numerous tutorials on using self signed CAs. How would you do this using a third party? 1) Do I need to include the CA in the client pfx if it is a trusted root CA? I have seen both examples. Without CA: openssl pkcs12 -export -inkey KEYFILENAME -in CERTFILEFILENAME -out XXX.pfx With CA: openssl pkcs12 -export -in my.crt- inkey my.key -certfile my.bundle -out my.pfx 2) Do I need to still include SSLCACertificateFile for trusted CA in the httpd.conf setup? SSLVerifyClient none SSLCACertificateFile conf/ssl.crt/ca.crt <Location /secure/area> SSLVerifyClient require SSLVerifyDepth 1 </Location> http://www.modssl.org/docs/2.8/ssl_howto.html#ToC8

  Read the article

• My website is infected with JS:ScriptIP-inf [Trj]

  - by Rizwan Aaqil

  I am using Network Solutions hosting. I was recently attacked with JS:Illredir-S [Trj], I asked my hosting providers to clean it and they cleaned it and updated all passwords, but now after a week my site got infected again with JS:ScriptIP-inf [Trj]. Can anyone please suggest me how to secure my website properly ? Should I change my hosting provider ? I am fed up of these viruses again and again on my websites. I can't even find this virus in my files. Please post informative answers. Thanks

  Read the article

• What are the use cases for closures/callback functions in Javascript?

  - by Christopher Altman

  I was listening to Crockford's talk on Javascript closures and am convinced of the benefit of information hiding, but I do not have a firm understanding of when to use callback functions. It is mostly a true statement that a person could accomplish the same functionality with or without callbacks. As someone who is writing code, what heuristics or cues should I keep in mind when determining when to use callbacks/closures? I am not looking for the blanket statement 'Closures make more secure code', rather a list of practical examples or rules of thumb for when callbacks are the right idea. Crockford's Presentation: http://www.yuiblog.com/blog/2010/04/08/video-crockonjs-5/

  Read the article

• Finding out what user Apache is running as?

  - by AP257

  I want to secure a file upload directory on my server as described beautifully here, but I have one problem before I can follow these instructions. I don't know what user Apache is running as. I've found a suggestion that you can look in httpd.conf and there will be a "User" line, but there is no such line in my httpd.conf file, so I guess Apache is running as the default user. I can't find out what that is, though. So, my question is (are): how do I find out what the default user is do I need to change the default user if the answer is yes and I change the default user by editing httpd.conf, is it likely to screw anything up? Thanks!

  Read the article

• DotNetOpenAuth OpenIdTextBox For Google/Yahoo

  - by user300992

  If I want to integrate DotNetOpenAuth (primary for people to use their Google/Yahoo accounts to login, not act as provider) into my existing site, is this one line control good enough? <rp:OpenIdTextBox ID="OpenIdTextBox1" runat="server" /> Say, if a user wants to login as Google, I can simply set the textbox to "https://www.google.com/accounts/o8/id" and then they can login. I tried it with my Google account, it seems working and I can get the token from HttpContext.Current.User.Identity.Name. Is this "one line" solution secure enough for production? or is it a "must" that I have to use "OpenIdSelector" or "OpenIDLogin" control? I also opened the .net template and some samples, they are very complicated. There are PAPE policies, xrds.aspx (for discovery), ConsumerKey + ConsumerSecret...etc. As a newbie, I am very confused. Any tips on this will be really appreciated. Thanks

  Read the article

• Advice on HTTPS connections using Ruby on Rails

  - by user502052

  Since I am developing a "secure" OAuth protocol for my RoR3 apps, I need to send protected information over the internet, so I need to use HTTPS connections (SSL/TSL). I read How to Cure Net::HTTP’s Risky Default HTTPS Behavior aticle that mentions the 'always_verify_ssl_certificates' gem, but, since I want to be more "pure" (it means: I do not want to install other gems, but I try to do everything with Ruby on Rails) as possible, I want to do that work without installing new gems. I read about 'open_uri' (it is also mentioned in the linked article: "open_uri is a common exception - it gets things right!") that is from the Ruby OOPL and I think it can do the same work. So, for my needs, is 'open_uri' the best choice (although it is more complicated of 'always_verify_ssl_certificates' gem)? If so, can someone help me using that (with an example, if possible) because I have not found good guides about?

  Read the article

• Web site aggregation with twitter widget SSL issue

  - by AB

  Hello! I'm seeking for solution how to isolate widget included by partial to main site. Issue appear when user access site with https. Ie 6,7 shows security confirmation dialog (part of website resources are not in secure zone). First of all I download twitter widget on our side, also I download all CSS and pictures. Then I patched widget JS to point onto downloaded resources. But still has not luck with security warning :( I guess the reason of this issue is AJAX request to twitter, but there is no idea how to sole it. (Just to create some kind of proxy on our side). Thank you for attention.

  Read the article

• Concurrency Problem in Java ...

  - by Tara Singh

  I am designing a client-server chat application in Java. This is a secure application where the messages are exchanged using cryptographic algorithms. I have one server and it can support many clients. My problem is that when one client logs on the server it works fine, but when another user logs into the system, the server starts giving me bad padding exceptions for the encrypted text. I am not able to figure out the problem, according to my logic, when new connection request to server is made, the server creates a thread for listening to the client. Is it possible that once the instance of thread class is created, it does all the processing correctly for the first client, but not for the second client because the variables in server listener thread class already have some previous value, and thus the encrypted text is not decrypted properly? Please advise how I can make this process more robust so that the number of clients does not affect how well the server functions.

  Read the article

< Previous Page | 115 116 117 118 119 120 121 122 123 124 125 126  | Next Page >