Search Results

Search found 4187 results on 168 pages for 'secure erase'.

Page 120/168 | < Previous Page | 116 117 118 119 120 121 122 123 124 125 126 127  | Next Page >

• Tools to test softwares against any attacks for programmers ?

  - by berkay

  in these days, i'm interested in software security. As i'm reading papers i see that there are many attacks and researchers are trying to invent new methods for softwares to get more secure systems. this question can be a general including all types of attacks.There are many experienced programmers in SO, i just want to learn what are using to check your code against these attacks ? Is there any tools you use or you don't care ? For example i heard about,static,dynamic code analysis, fuzz testing. SQL injection attacks Cross Site Scripting Bufferoverflow attacks Logic errors Any kind of Malwares Covert Channels ... ... thanks

  Read the article

• How to use Custom AuthorizeAttribute for controller utilizing parameter value?

  - by RSolberg

  I am trying to secure a controller action to prevent a user from accessing an Entity that they do not have access to. I am able to do this with the following code. public ActionResult Entity(string entityCode) { if (CurrentUser.VerifyEntityPermission(entityCode)) { //populate viewModel... return View(viewModel); } return RedirectToAction("NoAccessToEntity", "Error"); } I would like to be able to add an attribute to the controller action itself. In order to validate the access to the entity, I need to see what value has been passed to the controller and what entities the user has access to. Is this possible? [EntityAuthRequired] public ActionResult Entity(string entityCode) { //populate viewModel... return View(viewModel); }

  Read the article

• CSS for https urls

  - by Vincent

  Hello, looking for some help with images referenced within the stylesheet. I have no problems with these from non secure locations within the site but only from https. The stylesheet loads fine and displays everything correctly except for the images. example: body { margin: 0; padding: 0; background: url(/img/background_tile.gif) top left repeat-x; text-align: center; background-color: #fff; } All my css files and other image paths inside the code use relative urls to images. How can I make sure they all work fine without hard coding my image paths with https or http? I want the code to work fine with http and https. Thanks

  Read the article

• How to configure Multi-tenant plugin as single-tenant with Spring security plugin as resolver?

  - by Fabien Barbier

  I can create a secure, multi-tenant web app with Grails by : setup spring security plugin, setup Multi-tenant plugin (via multi-tenant install and multi-tenant-spring-security) update config.groovy : tenant { mode = "multiTenant" resolver.type = "springSecurity" } add : Integer userTenntId in User domain add a domain class for tenant Organization associate the tenants with Organization Edit BootStrap.groovy. Everything works fine in multi-tenant mode, but how to use mode = "singleTenant" ? This configuration sound not working : tenant { mode = "singleTenant" resolver.type = "springSecurity" } Edit : I try this config : tenant { mode = "singleTenant" resolver.type = "springSecurity" datasourceResolver.type = "config" dataSourceTenantMap { t1 = "jdbc:hsqldb:file:custFoo" t2 = "jdbc:hsqldb:file:custBar" } } But I get : ERROR errors.GrailsExceptionResolver - Executing action [list] of controller [org.example.TicketController] caused exception: java.lang.StackOverflowError and : Caused by: java.lang.StackOverflowError at org.grails.multitenant.springsecurity.SpringSecurityCurrentTenant.getTenantIdFromSpringSecurity(SpringSecurityCurrentTenant.groovy:50) at org.grails.multitenant.springsecurity.SpringSecurityCurrentTenant.this$2$getTenantIdFromSpringSecurity(SpringSecurityCurrentTenant.groovy) at org.grails.multitenant.springsecurity.SpringSecurityCurrentTenant$this$2$getTenantIdFromSpringSecurity.callCurrent(Unknown Source) at org.grails.multitenant.springsecurity.SpringSecurityCurrentTenant.get(SpringSecurityCurrentTenant.groovy:41) at com.infusion.tenant.spring.TenantBeanContainer.getBean(TenantBeanContainer.java:53) at com.infusion.tenant.spring.TenantMethodInterceptor.invoke(TenantMethodInterceptor.java:32) at $Proxy14.getConnection(Unknown Source)

  Read the article

• Use absolute path for easier modify include path in future?

  - by i need help

  config.php put at the root level, this file will be included in any pages. Then at config.php <?php define( 'ROOT_DIR', dirname(__FILE__) ); ?> So at all other pages from different sub/a.php , sub/sub/b.php directories, when I want to include a specific file in specific location, I just need to include( ROOT_DIR.'/include/functions.php' ); In windows server, the ROOT_DIR bring the value to C:/inetpub/vhosts/domain.com Is this a good/secure way? It seems like via this way, when I move the b.php to other upper level folder, I don't need to do any changes to the include file path, which is good for maintenance. Any cons? Like SEO wise, or any other reason... What you guys think.

  Read the article

• Thoughts on security model to store credit card details

  - by Faisal Abid

  Here is the model we are using to store the CC details how secure does this look? All our information is encrypted using public key encryption and the keypair is user dependent (its generated on the server and the private key is symmetric encrypted using the users password which is also Hashed on the database) So basically on first run the user sends in his password via a SSL connection and the password is used with the addition of salt to generate an MD5 hash, also the password is used to encrypt the private key and the private key is stored on the server. When the user wants to make a payment, he sends his password. The password decrypts the private key, and the private key decrypts the CC details and the CC details are charged.

  Read the article

• Add / remove a port number to/from a URL with REGEX in PHP

  - by SuperDuck

  Hello guys, I've searched but was unable to find an existing regex function. Has anybody done this before? I wish to add a port number, or remove a potantially existing one from a url in php. To use in some functions which translate a given url to the secure one, unsecure one, etc. Now I need a second SSL secured site on the server so I need to dynamically add a port number while converting http to https, and remove any port number while converting from https to http. Thanks, Duck

  Read the article

• The host 'smtp' could not be found.

  - by SmartestVEGA

  I am getting the following error while sending mail by click of a button in MS access form I am using sendObject to send mail using vba code. The host 'smtp' could not be found. Please verify that you have entered the server name correctly. Account: 'pop3', Server: 'smtp', Protocol: SMTP, Port: 25, Secure(SSL): No, Socket Error: 11001, Error Number: 0x800CCC0D Points to note: I am able to send and receive mails in my outlook; Problem is only when send mails through VBA access application.(Means it is not a outlook client configuration problem) When i copy paste the Vba application to another PC, i could successfully send emails without any error. (means this is not a vba access application problem) Please help.

  Read the article

• |Ideas for applications using face detection and recognition

  - by Omry

  Full disclosure: I work at face.com. Face.com just launched a free (up to an hourly limit) face detection and recognition REST API. We got a very handy API sandbox that developers can use to play the API and to see what it can and can't do. Besides the obvious point of letting you guys know about the API, I wanted to hear from you what kind of applications you think can be developed with it. Some pretty obvious ideas: Face based login (not entirely secure but still fun). Automatic face crop for sites that let users upload photos (dating sites etc) Some kind of integration into augmented reality games There is no right or wrong answers here, use your imagination :).

  Read the article

• On iPhone, how do I show a login screen to get username and password before giving access to iPhone

  - by MikeN

  On iPhone, how do I show a login screen to get username and password before giving access to iPhone app? Also, does the iPhone store a cookie to the secure website like a web browser? I was thinking of giving users to my website a long API key to store in the settings of their iPhone instead of asking them to login with a username/password (seems to be the Slicehost iPhone app approach.) Which is the best way to get a user to login securely? I have full control over the design of the iPhone app and website so have a lot of flexibility.

  Read the article

• Avoid Internet Explorer Warning when embedding Youtube on HTTPS site?

  - by pellepim

  On a HTTPS site embedding youtube clips works great in all browser, except Internet Explorer where I get this famous little warning message: "Do you want to view only the webpage content that was delivered securely? This page contains content that will not be delivered using a secure HTTPS ... etc" I've tried to solve this in several ways. The most promising one was to use the ProxyPass functionality in Apache to map to YouTube. Like this: ProxyPass: /youtube/ http://www.youtube.com ProxyPassReverse: /youtube/ http://www.youtube.com This gets rid of the annoying warning. However, the youtube SWF fails to start streaming The SWF i manage to load into the browser simply states : "An error occurred, please try again later". Potential solutions are perhaps: Download youtube FLV:s and serve them out of own domain (gah) Use custom FLV-player and stream only FLV:s from youtube over a https proxy?

  Read the article

• Troubles configuring SSL for an Apache host

  - by Ryan

  I configured it on Friday night and all worked well. Today for some reason it stopped working and I can't figure out why. When you goto the secure page it's acting like I have a self-signed certificate and I don't. I have the host configured like so ServerAdmin [email protected] DocumentRoot "/path/to/site" Servername www.mydomain.com ServerAlias mydomain.com DirectoryIndex index.cfm index.htm SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/path/to/mydomain.com.crt SSLCertificateKeyFile /etc/httpd/path/to/www.mydomain.com.key SSLCertificateChainFile /etc/httpd/path/to/gd_bundle.crt Apache starts with no errors and I can't seem to find anything meaningful in any of the logs. It's got to be something minor but I can't seem to see it. It's an updated Centos/Apache VM. I have worn Google out.

  Read the article

• Which open source social networking platform to use?

  - by vrao

  I want to build a highly secure social networking portal. Like other portals, subscriber users should be able to create a topic, discuss topic, share information about them, and have the ability for notifications/alerts. The added feature, I would like to have is to moderate users. Based on the topic of discussion, users will be asked automated questions and their responses will be processed to provide recommendations. I have no knowledge of social networking portal requirements. I will be coding alone and want to have something up and running in about six months. Which is the easiest open source platform that I should use to develop? I know some.net and sql, but I am open to use other platforms. Please give me your recommendations

  Read the article

• Database security / scaling question

  - by orokusaki

  Typically I use a database such as MySQL or PostGreSQL on the same machine as the application using it, which makes access easy and secure. I'm just now building the first site that will have a separate physical database server (later this year it will). I'm wondering 3 things: (security) What things should I look into for starters pertaining to security of accessing a separate machine's database? (scalability) Are their scalability issues that I should think about pertaining to this (technology agnostic)? (more ServerFaultish but related) If starting the DB out on the same physical server (using a separate VMWare VM) and later moving to a different physical server, are there implicit problems that I'll have to deal with? Isn't another VM still accessed via localhost? If these questions are completely ludicrous, I apologize to you DB experts.

  Read the article

• Best practice? iphone: sync data

  - by Andy Jacobs

  So i'm working on a project where there is data visualization. My ultimate goal is that i have a set of data shipped with the download of the iphone app. But i want it connected to a backend, that if the iphone has a connection with the internet. it can sync the changes from the backend. The syncing is no problem or the connection between the backend & the iphone. But what should i use as data storage on my iphone? what is the best way. my data is purely text and doesn't have to be secure. But it's main feature should be updating certain parts of data ( adding and deleting are not so important ) so what is the easiest (read: least time consuming development ) or the best way? sqlite? plist? ..?

  Read the article

• How to encorporate encyption to FlexPaper

  - by Jonathan

  Is it possible to configure the FlexPaper reader to un-encrypt password-protected pdfs or swfs? Here is the use-case: User uploads a pdf My server would then convert the pdf to swf via pdf2swf Then somehow encrypt the swf with a password (not sure best way to do this) Then the FlexPaper would be able to un-encrypt the swf and display it What I am trying to avoid is the caching of readable swf in the browser's cache. Any ideas on the best way to achieve this? I know, even with this it will not be a fully secure solution, but certainly helps. Note: I am running this on Linux and OS X and using Rails. Thanks! Jonathan

  Read the article

• ShoutCast over SSL

  - by Honus Wagner

  So I've gone ahead and set up my ShoutCast server DNAS and set my DSP in Winamp on my host computer. The server listens on port 8000, so per some instructions I installed an output plugin for winamp (Shoutcast DSP) and used 8000 and the password to connect. Server accepts the connection. Now, what the heck do I do now? My host computer is SSL secured and the DNAS server is installed within the secure web directory (if that matters). My desired end result is that I want to listen to my ShoutCast setup at home (host computer) from any computer. I try browsing to my ip address and port 8000 (without using HTTPS) and it comes back with nothing. If I browse with HTTPS://my.server.com:8000, I get Error code: ssl_error_rx_record_too_long) Have I completely missed something, or am I just a total moron? Thanks.

  Read the article

• RSA encrypted Diffie-Hellman handshake

  - by cmaduro

  Would a RSA encrypted Diffie-Hellman handshake enable secure communication? I'm encrypting communication from a silverlight client to a php webservice. The silverlight client initiates they key agreement by sending the RSA public key encrypted DH parameters to the webservice. Only the webservice has the private key, so a MITM attack is not possible. The webservice sends plain text answer back to the client, and a key is agreed upon. This key is then used to encrypt communication between the webservice and silverlight client with AES, which is also encrypted with the RSA public key. Does anyone see a flaw?

  Read the article

• Client side page permissions - Javascript / jquery / cookies / other?

  - by Ozaki

  TLDR Using plain HTML / Javascript. Want to block access to some pages (doesn't have to be super secure just to stop some peeking eyes). I thought of simply doing this by setting a cookie for each page they are allowed to visit with a value of true but thats a bit messy. Although it would work. Is there a way to set an array of values to a cookie so I can read the cookie and if a name of a page is in there then allow access with an IF statement or so on each of my pages. If they dont have the cookie just to replace my #content (entirepage) to "sorry no" etc. For example: $.cookie("Access","page1, page2, page3",{ expires: 1 }); Am already using JQuery, Jquery cookie. etc. I am up for anyway of doing this cookie idea is just an example So what do you think would be the best / most efficient way of managing this?

  Read the article

• Is writing eSQL database independent or not?

  - by Robert Koritnik

  Using EF we can use LINQ to read data which is rather simple (especially using fluent calls), but we have less control unless we write eSQL on our own. Is writing eSQL actually data store independent code? So if we decide to change data store, can the same statements still be used? Does writing eSQL strings in your code pose any serious security threats similar to writing TSQL statements as plain strings in C# code? That's why SPs are recommended. Could we still move eSQL scripts outside of code and use some other technique to make them a bit more secure?

  Read the article

• how to create an function using jquery live?

  - by Mahmoud

  Hey all i am trying to create a function that well keep the user in lightbox images while he adds to cart, for a demo you can visit secure.sabayafrah.com username: mahmud password: mahmud when you click at any image it well enlarge using lightbox v2, so when the user clicks at the image add, it well refresh the page, when i asked about it at jcart support form they informed me to use jquery live, but i dont know how to do it but as far as i tried this code which i used but still nothing is happening jQuery(function($) { $('#button') .livequery(eventType, function(event) { alert('clicked'); // to check if it works or not return false; }); });

  Read the article

• ASIHTTPRequest on www.blau.de?

  - by rdesign

  Hey guys, I need to login here. I've tried the ASIHTTPRequest and ASIFormDataRequest. None of them works as expected. I only got the data from the loginpage in the response string, not the data from the secure area. What am I doing wrong here? ASIFormDataRequest *request = [ASIFormDataRequest requestWithURL:[NSURL URLWithString:@"https://www.blau.de/"]]; [request setPostValue:@"USERNAME" forKey:@"quickLoginNumber"]; [request setPostValue:@"PASSWORD" forKey:@"quickLoginPassword"]; [request startAsynchronous];

  Read the article

• socket.setdefaulttimeout interacting with M2Crypto connection

  - by Becky

  Hello - I'm making a secure SSL connection to a server using python and M2Crypto. See code below. from M2Crypto import SSL, m2,x509 from M2Crypto.m2xmlrpclib import Server, SSL_Tranport ctx = SSL.Context() m2.ssl_ctx_use_pkey_privkey(ctx.ctx,myKey.pkey) m2.ssl_ctx_use_x509(ctx.ctx,myCert.x509) server = Server(serverUrl, SSL_Transport(ctx)) server.ping() The above works fine. If I try to change the default socket timeout by adding the following two lines at the beginning of the code, I get a protocol error. import socket socket.setdefaulttimeout(40) This is the error I receive: File "/usr/local/lib/python2.4/xmlrpclib.py", line 1096, in call return self._send(self._name, args) File "/usr/local/lib/python2.4/xmlrpclib.py", line 1383, in _request verbose=self._verbose File "/usr/local/lib/python2.4/site-packages/M2Crypto/m2xmlrpclib.py", line 68, in request headers xmlrpclib.ProtocolError: Why is the default socket timeout causing problems?

  Read the article

• c++ smtp connection state - starttls

  - by Jackell

  Hi all! I am using openssl to build secure smtp connections to gmail.com:25. So I can successfully connect to the server and sends a command STARTTLS (I receive 220 2.0.0 Ready to start TLS). Then execute the following code without disconnecting: SSL_METHOD* method = NULL; SSL_library_init(); SSL_load_error_strings(); method = SSLv23_client_method(); ctx = SSL_CTX_new(method); if (ctx == NULL) { ERR_print_errors_fp(stderr); } SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); ssl = SSL_new(ctx); if (!SSL_set_fd(ssl, socket)) { ERR_print_errors_fp(stderr); return; } if (ssl) { if (SSL_connect((SSL*)ssl) < 1) { ERR_print_errors_fp(stderr); } // then i think i need to send EHLO } But after calling SSL_connect I get an error: 24953:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:601: Why? What I do wrong?

  Read the article

• Language in a Sandbox in Rails

  - by Jon Romero

  I've found that there WAS a sandbox gem (created by the guys that made try ruby in your browser but it was compatible only with Ruby 1.8. Another problem is that I cannot find it anymore (it seems they stop serving the gem from the servers...). So, is there any secure way of running ruby in a sandbox (so you can run it from your browser)? Or an easy way to run (for example lua/python) in a sandbox (no filesystem access, no creation of objects etc) and be called from Ruby (Rails 2.2)? I want to make an application like try_ruby even without having a ruby underneath. But it has to be an easy language (I saw there was a prolog in ruby, even a lisp but I don't think they are easy to learn languages...). So, do you have any suggestions or tips? Or should I just start creating my own DSL in Ruby (if there is a solution in creating a somewhat safe system)? Thx

  Read the article

< Previous Page | 116 117 118 119 120 121 122 123 124 125 126 127  | Next Page >