Search Results

Search found 8253 results on 331 pages for 'secure coding'.

Page 12/331 | < Previous Page | 8 9 10 11 12 13 14 15 16 17 18 19  | Next Page >

  • Is SimplePHPBlog a secure blogging engine?

    - by authentictech
    Has anyone used the blog engine SimplePHPBlog? It is a simple blog engine that uses only text files (no database). My problem with it is that the content directory where the texts files are stored appears to require being world writeable/readable (i.e. permission 777) for it to work. This means anyone can access the text files with a browser! These text files include the blog/comment poster's IP and email address! This is not secure or good practice, right?

    Read the article

  • Secure Enterprise Search 11.2.2.2 Now Available for PeopleTools 8.53

    - by Matthew Haavisto
    We are pleased to announce that Oracle Secure Enterprise Search (SES) 11.2.2.2 is now available to PeopleSoft Customers on PeopleTools 8.53.  The minimum PeopleTools Patch Version Required to adopt SES 11.2.2.2 is PeopleTools 8.53.06.  This version of SES provides some important benefits for PeopleSoft Customers, particularly in the areas of platform support, distributed architecture support, and RAC support.  You can get all the details on this update on My Oracle Support.  This MOS document lists the fixes and configurations needed for PeopleTools certification of SES 11.2.2.2. For other useful information on PeopleTools and SES, see this Oracle forum.

    Read the article

  • 6 Ways To Secure Your Dropbox Account

    - by Chris Hoffman
    Dropbox is a hugely popular cloud storage service beloved by many. Unfortunately, it’s had a history of security problems, ranging from compromised accounts to once allowing access to every Dropbox account without requiring a password for several hours. If you’re using Dropbox, there are a variety of ways you can secure your account against unauthorized access and protect your files even if someone does gain access to your account. Why Does 64-Bit Windows Need a Separate “Program Files (x86)” Folder? Why Your Android Phone Isn’t Getting Operating System Updates and What You Can Do About It How To Delete, Move, or Rename Locked Files in Windows

    Read the article

  • Ubuntu Live USB: best practices for secure net traffic

    - by Och
    I want to to set up a live USB with Ubuntu, in the most secure way. So I want to have the persistent data on a second USB, something that its not that much problematic. How to configure a very safe Internet surfing (throughout a VPN?) Which are the best practices that could be implemented to have the Ubuntu live in a USB, the persistent data in other, and with the Internet access to a VPN (the Ubuntu privacy remix gives most of this, except the VPN config), Any ideas of how to combine the best of Ubuntu privacy remix, and Internet access to a VPN?

    Read the article

  • Create secure working environment on USB stick

    - by Chris
    I want to create an usb stick which contains an ubuntu installation that: can be used as a working environment (Covered in: How do I install Ubuntu to a USB key?) - ie the ubuntu installation on the stick must provide an accessible home folder. Is completely encrypted. I intend to use it as a secure environment to work on sensitive customer data - and also need the system on the stick to be able to connect to the internet. How do I realize the complete usb stick encryption? I am also very thankfull for any further articles and ideas on this topic!

    Read the article

  • Options for secure git -repo hosting?

    - by hhh
    I need a secure git -repo host, either by third-party or by myself. I am not sure how so outlining some ideas. Please, answer how you manage git -repos securely -- do you use some service or do you use only your 'legs' -approach? Afaik Bitbucket.org and Github.com are missing Gmail -style second-verification. Now I need this kind of login-system with password and mobile-phone to access the administration things in the git -hosting or ability to disable this kind of access without private -key. Host it oneself (not sure about details) other? Perhaps related http://stackoverflow.com/questions/11007679/how-can-i-host-git-repositories-and-manage-my-content-hosting-myself

    Read the article

  • What are startups expecting when they ask you to solve a programming challenge before interviewing? [closed]

    - by Swapnil Tailor
    I have applied to couple of startups and most of them are asking to solve programming challenge before they start on the interviewing candidate. I have submitted couple of the solutions and all the time getting rejected in the initial screening. Now what I think is, they will see my coding style, algorithm and OOD concepts that I have used to solve the problem. Can you guys input more on it as what other details are taken into consideration and how can I improve my coding for getting selected. By the way, I did all my coding in either Java/Perl. EDIT I feel the biggest reason for rejection is code didn't work for couple of use cases.

    Read the article

  • Secure Web Apps from SQL Injection in ASP.Net

    In the first part of this two-part series you learned how SQL injection works in ASP.NET 3.5 using a MS SQL database. You were also shown with a real web application which was not secure against SQL injection attacks how these attacks can be used by the hacker to delete sensitive information from your website such as database tables. In this part you will learn how to start securing your web applications so they will not be vulnerable to these kinds of exploits. A complete corrected example of the insecure web application will be provided at the end of this tutorial.... ALM Software Solution ? Try it live! Requirements Management, Project Planning, Implementation Tracking & QA Testing.

    Read the article

  • How to make safe and secure forms in asp.net MVC 3

    - by anirudha
    the asp.net application need all kind of security. unsecure forms may be influence by XSS [cross site scripting] there is some way to solve these type of problem in MVC. first sollution is that use <%= Html.AntiForgeryToken() %> for make secure from cross site scripting. it’s work by machine key in MVC. well you can valid them whenever you got respond from client. you can apply by this attribute on action you give the response behalf of form submission [ValidateAntiForgeryToken] you can secondly use authorize attribute where you can make own definition of authorize attribute in asp.net mvc for more info read david’s post well I am use my own custom attribute who use a different type of authorization :- the who controller use a attribute I put their and the attribute I put their have a logic and logic check the cookie in request who make sure that request they got from user.

    Read the article

  • How secure is KeePassX?

    - by Uli
    I have hundreds of passwords, since I use a different random one for each website/service. They are all generated & stored with KeePassX, which can be synced to different computers and my android phone via dropbox (or ubuntuone). I know the database of KeePassX is secure (at least with a good passphrase). But what about when I am copying the password into the clipboard (where it is stored for 5 seconds)? Can any program running in user-space access the clipboard and store the password? If so, how big of a security risk is this?

    Read the article

  • How do I secure a Tomcat installation?

    - by spangeman
    I have installed tomcat on my Ubuntu Home 11.10 system and can successfully access the test page online after port forwarding on 8080 within my router. I have not made any other changes to the router, Ubuntu or the tomcat install, everything else has remained standard. I intend on using this to play around with Java Servlets and basic web development for my own personal use. What steps, if any, would you suggest I take to ensure this is secure? Should I change anything within the Tomcat configuration? This seemed like a good idea to limit access - http://www.seankilleen.com/2010/09/how-to-allow-only-specific-ip-addresses_30.html But I am open to any other recommendations.

    Read the article

  • Is there a best coding style for indentations (same line, next line)?

    - by Luis Soeiro
    I prefer Pascal-like coding style, where the beginning and ending of a code block are on the same column. I think that it is easier to read and to handle cut and paste than the other kind of coding style. The style I prefer (Pascal-like): void fooBar(String s) { int a; int length=s.length(); for (int i=0;i<length;i++) { if (i>10) { System.out.println(i); System.out.println(s.charAt(i)); } } } The style that was adopted by the Java community: void fooBar(String s) { int a; int length=s.length(); for (int i=0;i<length;i++){ if (i>10){ System.out.println(i); System.out.println(s.charAt(i)); } } } So why do you use one type or the other (please cite an objective reason)?

    Read the article

  • Secure POP3/SMTP proxy?

    - by chibi
    An ISP doesn't offer secure/encrypted POP3/SMTP connections to its email servers. (I could forward the mail to another mail service that does, but I'd like to try a proxy) Is there some simple software that could be run on a linux box to allow secure SSL POP3/SMTP connections to it, and transparently proxy/connect to the ISP email servers? This is to allow wireless mobile devices more secure access their email without needing the full vpn.

    Read the article

  • Creating a secure multicast tunnel with socat

    - by ams
    How we can create secure multicast tunnels ith socat? Assume that we have a list of IP address, CIDR network addresses that we want to create secure tunnel to them. I found this: socat STDIO UDP4-DATAGRAM:224.1.0.1:6666,range=192.168.10.0/24 but I want a secure tunnel and different adds with net addrs I want to create script that give the IPs and net addresses and creates a secure tunnel ./myscript IP1 NetAdd1 IP2 NetAdd2 .... How can I send these parameters to socat? Does socat multicast have any limits?

    Read the article

  • creating secure multicast with socat

    - by arash
    How we can create secure tunnels multicast with socat? Assume we have a list of ip address, CIDR network addresses that we want to create secure tunnel to them. I found this socat STDIO UDP4-DATAGRAM:224.1.0.1:6666,range=192.168.10.0/24 but I want a secure tunnel and different adds with net addrs I want to create script that give the IPs and net addresses and create secure tunnel ./myscript IP1 NetAdd1 IP2 NetAdd2 .... how can i send this parametersw to socat? Socat multicast hasn't any limits? Thanks for your help

    Read the article

  • Apache mod_header rule to change all cookies to secure

    - by Supowski
    I would like to change all cookies to be secure and http-only. I works fine for one cookie, but doesn't work when multiple cookies are set in response. Apache mod_header rule should change cookies from: Set-Cookie cookie1=value; Path=/somePath Set-Cookie cookie2=value; Path=/somePath to Set-Cookie cookie1=value; Path=/somePath; Secure; Http-Only Set-Cookie cookie2=value; Path=/somePath; Secure; Http-Only I use mod_headers for it with following rule: Header edit Set-Cookie ^(.*)$ $1;Secure;HttpOnly It works fine when only one cookie is set, but if there is more than one, it just removes all the following and they are not set at all. Any help how to write mod_headers rule for multiple values? or the problem is in something else?

    Read the article

  • Apache mod_header rule to change all cookies to secure

    - by Supowski
    I would like to change all cookies to be secure and http-only. It works fine for one cookie, but doesn't work when multiple cookies are set in response. Apache mod_header rule should change cookies from: Set-Cookie cookie1=value; Path=/somePath Set-Cookie cookie2=value; Path=/somePath to Set-Cookie cookie1=value; Path=/somePath; Secure; Http-Only Set-Cookie cookie2=value; Path=/somePath; Secure; Http-Only I use mod_headers for it with following rule: Header edit Set-Cookie ^(.*)$ $1;Secure;HttpOnly It works fine when only one cookie is set, but if there is more than one, it just removes all the following and they are not set at all. Any help how to write mod_headers rule for multiple values? or the problem is in something else?

    Read the article

  • mod_secdownload in lighttpd support subdirectories for secure stream?

    - by zomail
    i want to know that lighttpd supports secure stream for subdirectories ? I want to secure my subdirectories within a directory but looks like its not working on subdirectories . I want to secure my subdirectories within download-area directory given below secdownload.secret = "MySecretSecurePassword" secdownload.document-root = "/home/lighttpd/download-area/" secdownload.uri-prefix = "/dl/" secdownload.timeout = 3600

    Read the article

  • Suggestion for a secure small-business e-mail-server needed

    - by Lorikun
    Hello, we are a small business company (60-100 emploees) handling financial data. We want to have a secure E-Mail Server. What is the best in-house solution? Our laws force us to ?eep the server physically at our place. Is Exchange secure enough, or are we better off with Linux and Postfix+Dovecot? For that reason we will hire a system-administrator, but whats more secure solution? Thanks in advance

    Read the article

  • Secure Your Wireless Router: 8 Things You Can Do Right Now

    - by Chris Hoffman
    A security researcher recently discovered a backdoor in many D-Link routers, allowing anyone to access the router without knowing the username or password. This isn’t the first router security issue and won’t be the last. To protect yourself, you should ensure that your router is configured securely. This is about more than just enabling Wi-Fi encryption and not hosting an open Wi-Fi network. Disable Remote Access Routers offer a web interface, allowing you to configure them through a browser. The router runs a web server and makes this web page available when you’re on the router’s local network. However, most routers offer a “remote access” feature that allows you to access this web interface from anywhere in the world. Even if you set a username and password, if you have a D-Link router affected by this vulnerability, anyone would be able to log in without any credentials. If you have remote access disabled, you’d be safe from people remotely accessing your router and tampering with it. To do this, open your router’s web interface and look for the “Remote Access,” “Remote Administration,” or “Remote Management” feature. Ensure it’s disabled — it should be disabled by default on most routers, but it’s good to check. Update the Firmware Like our operating systems, web browsers, and every other piece of software we use, router software isn’t perfect. The router’s firmware — essentially the software running on the router — may have security flaws. Router manufacturers may release firmware updates that fix such security holes, although they quickly discontinue support for most routers and move on to the next models. Unfortunately, most routers don’t have an auto-update feature like Windows and our web browsers do — you have to check your router manufacturer’s website for a firmware update and install it manually via the router’s web interface. Check to be sure your router has the latest available firmware installed. Change Default Login Credentials Many routers have default login credentials that are fairly obvious, such as the password “admin”. If someone gained access to your router’s web interface through some sort of vulnerability or just by logging onto your Wi-Fi network, it would be easy to log in and tamper with the router’s settings. To avoid this, change the router’s password to a non-default password that an attacker couldn’t easily guess. Some routers even allow you to change the username you use to log into your router. Lock Down Wi-Fi Access If someone gains access to your Wi-Fi network, they could attempt to tamper with your router — or just do other bad things like snoop on your local file shares or use your connection to downloaded copyrighted content and get you in trouble. Running an open Wi-Fi network can be dangerous. To prevent this, ensure your router’s Wi-Fi is secure. This is pretty simple: Set it to use WPA2 encryption and use a reasonably secure passphrase. Don’t use the weaker WEP encryption or set an obvious passphrase like “password”. Disable UPnP A variety of UPnP flaws have been found in consumer routers. Tens of millions of consumer routers respond to UPnP requests from the Internet, allowing attackers on the Internet to remotely configure your router. Flash applets in your browser could use UPnP to open ports, making your computer more vulnerable. UPnP is fairly insecure for a variety of reasons. To avoid UPnP-based problems, disable UPnP on your router via its web interface. If you use software that needs ports forwarded — such as a BitTorrent client, game server, or communications program — you’ll have to forward ports on your router without relying on UPnP. Log Out of the Router’s Web Interface When You’re Done Configuring It Cross site scripting (XSS) flaws have been found in some routers. A router with such an XSS flaw could be controlled by a malicious web page, allowing the web page to configure settings while you’re logged in. If your router is using its default username and password, it would be easy for the malicious web page to gain access. Even if you changed your router’s password, it would be theoretically possible for a website to use your logged-in session to access your router and modify its settings. To prevent this, just log out of your router when you’re done configuring it — if you can’t do that, you may want to clear your browser cookies. This isn’t something to be too paranoid about, but logging out of your router when you’re done using it is a quick and easy thing to do. Change the Router’s Local IP Address If you’re really paranoid, you may be able to change your router’s local IP address. For example, if its default address is 192.168.0.1, you could change it to 192.168.0.150. If the router itself were vulnerable and some sort of malicious script in your web browser attempted to exploit a cross site scripting vulnerability, accessing known-vulnerable routers at their local IP address and tampering with them, the attack would fail. This step isn’t completely necessary, especially since it wouldn’t protect against local attackers — if someone were on your network or software was running on your PC, they’d be able to determine your router’s IP address and connect to it. Install Third-Party Firmwares If you’re really worried about security, you could also install a third-party firmware such as DD-WRT or OpenWRT. You won’t find obscure back doors added by the router’s manufacturer in these alternative firmwares. Consumer routers are shaping up to be a perfect storm of security problems — they’re not automatically updated with new security patches, they’re connected directly to the Internet, manufacturers quickly stop supporting them, and many consumer routers seem to be full of bad code that leads to UPnP exploits and easy-to-exploit backdoors. It’s smart to take some basic precautions. Image Credit: Nuscreen on Flickr     

    Read the article

  • How to Make Your Verizon FIOS Router 1000% More Secure

    - by The Geek
    If you’ve just switched to Verizon FIOS and they’ve installed the new router in your house, there’s just one problem: it’s set to use lousy WEP encryption by default, instead of the much more secure WPA2. Here’s how to fix it. The problem with WEP encryption is that it can be cracked really easily—a skilled hacker can do it in a few minutes, and even an unskilled geek can do it in just a little more time with the right tools. Once they’ve done that, they can leech off your internet connection and do anything they want—including illegal stuff coming from your network. Note: if you are using an old Nintendo DS connected to the internet, they usually only support WEP encryption, so you may not want to do this Latest Features How-To Geek ETC The Complete List of iPad Tips, Tricks, and Tutorials The 50 Best Registry Hacks that Make Windows Better The How-To Geek Holiday Gift Guide (Geeky Stuff We Like) LCD? LED? Plasma? The How-To Geek Guide to HDTV Technology The How-To Geek Guide to Learning Photoshop, Part 8: Filters Improve Digital Photography by Calibrating Your Monitor The Spam Police Parts 1 and 2 – Goodbye Spammers [Videos] Snow Angels Theme for Windows 7 Exploring the Jungle Ruins Wallpaper Protect Your Privacy When Browsing with Chrome and Iron Browser Free Shipping Day is Friday, December 17, 2010 – National Free Shipping Day Find an Applicable Quote for Any Programming Situation

    Read the article

  • Oracle Secure Global Desktop (SGD) 5.1

    - by wcoekaer
    Last week, we released the latest update of Oracle Secure Global Desktop. Release 5.1 introduces a number of bug fixes and smaller changes but the most interesting one is definitely increased support for html5-based client access. In SGD 5.0 we added support for Apple iPads using Safari to connect to SGD and display your session right inside the browser. The traditional model for SGD is that you connect using a webbrowser to the webtop and applications that are displayed locally using a local client (tta). This client gets installed the first time you connect. So in the traditional model (which works very well...) you need a webbrowser, java and the tta client. With the addition of html5 support, there's no longer a need to install a local client, in fact, there is also no longer a need to have java installed. We currently support Chrome as a browser to enable html5 clients. This allows us to enable html5 on the android devices and also on desktops running Chrome (Windows, MacOS X, Linux). Connections will work transparently across proxy servers as well. So now you can run any SGD published app or desktop right from your webbrowser inside a browser window. This is very convenient and cool.

    Read the article

  • How to properly secure Windows Server 2008 R2 that will host SQL Server 2012?

    - by Max
    I am a .net programmer trying to create this setup: I want this server to be inaccessible through DMZ accept for IPSEC connections, and to also have a private network which will be accessible through another windows 2008 server which will host vpn. That is how our windows 2003 infrastructure works and I am trying to do the same with 2008 servers, are there any guides or documentations that have this scenario?

    Read the article

  • Deploying an ADF Secure Application using WLS Console

    - by juan.ruiz
    Last week I worked on a requirement from a customer that wanted to understand how to deploy to WLS an application with ADF Security without using JDeveloper. The main question was, what steps where needed in order to set up Enterprise Roles, Security Policies and Application Credentials. In this entry I will explain the steps taken using JDeveloper 11.1.1.2. 0 Requirements: Instead of building a sample application from scratch, we can use Andrejus 's sample application that contains all the security pieces that we need. Open and migrate the project. Also make sure you adjust the database settings accordingly. Creating the EAR file Review the Security settings of the application by going into the Application -> Secure menu and see that there are two enterprise roles as well as the ADF Policies enforcing security on the main page. Make sure the Application Module uses the Data Source instead of JDBC URL for its connection type, also take note of the data source name - in my case I have: java:comp/env/jdbc/HrDS To facilitate the access to this application once we deploy it. Go to your ViewController project properties select the Java EE Application category and give it a meaningful name to the context root as well to the Application Name Go to the ADFSecurityWL Application properties -> Deployment  and create a new EAR deployment profile. Uncheck the Auto generate and Synchronize weblogic-jdbc.xml Descriptors During Deployment Deploy the application as an EAR file. Deploying the Application to WLS using the WLS Console On the WLS console create a JNDI data source. This is the part that I found more tricky of the hole exercise given that the name should match the AM's data source name, however the naming convention that worked for me was jdbc.HrDS Now, deploy the application manually by selecting deployments ->Install look for the EAR and follow the default steps. If this is the firs time you deploy the application, once the deployment finishes you will be asked to Activate Changes on the domain, these changes contain all the security policies and application roles insertion into the WLS instance. Creating Roles and User Groups for the Application To finish the after-deployment set up, we need to create the groups that are the equivalent of the Enterprise Roles of ADF Security. For our sample we have two Enterprise Roles employeesApplication and managersApplication. After that, we create the application users and assign them into their respective groups. Now we can run the application and test the security constraints

    Read the article

  • Best language on Linux to replace manual tasks that use SSH/Telnet? [on hold]

    - by Calab
    I've been tasked to create and maintain a web browser based interface to replace several of the manual tasks that we perform now. I currently have a "shakey" but working program written in Perl (2779 lines) that uses basic Expect coding, but it has some limitations that require a great deal of coding to get around. Because of this I am going to do a complete rewrite and want to do it "right" this time. My question is this... What would be the best language to use to create a web based interface to perform SSH/Telnet tasks that we would normally do manually? Keep in mind the following requirements: Runs on a CentOS Linux system v5.10 Http will be served by Apache2 This is an INTRANET site and only accessible within our organization. User load will be light. No more that 5 users accessing it at one time. perl 5.8.8, php 5.3.3, python 2.7.2 are available... Not sure what other languages to check for, or what modules might be installed in each language. The web interface will need to provide progress indicators and text output produced by the remote connection, in real time as it is generated. If we are running our process on multiple hosts, they should be in individual threads so that they can run side by side, not sequentially. I want the ability to "trap" on specific text generated by the remote host and display an alert to the user - such as when the remote host generates an error message. I would like to avoid as much client side scripting (javascript/vbscript) as I can. Most users will be on Windows PC's using Chrome or IE as a browser. Users will be downloading the resulting output so they can process it as they see fit. I currently have no experience with "Ajax" or the like. Most of my coding experience is old 6809 assembly, Visual Basic 6, and whatever I can cut/paste from online examples in various languages (hence my "shaky" Perl program) My coding environment is Eclipse for remote code editing, but I prefer stuff like UltraEdit if I can get a decent syntax file for the language I'm using. I do have su access on the server, but I'm not the only one using this server so I can't just upgrade/install blindly as I might impact other software currently running on the machine. One reason that I'm asking here, instead of searching (which I did) is that most replies were, "use language 'xyz', but you need to use an external SSH connection" - like I'm using Expect in my Perl script. Most also did not agree on what language that 'xyz' should be. ...so, after this long posting, can someone offer some advice?

    Read the article

< Previous Page | 8 9 10 11 12 13 14 15 16 17 18 19  | Next Page >