Search Results

Search found 4062 results on 163 pages for 'secure government ficam sicam'.

Page 121/163 | < Previous Page | 117 118 119 120 121 122 123 124 125 126 127 128 | Next Page >

PHP Security checklist (injection, sessions etc)

- by NoviceCoding

So what kind of things should a person using PHP and MySql be focused on to maximize security. Things I have done: -mysql_real_escape_string all inputs -validate all inputs after escaping em -Placed random alpha numerics before my table names -50character salt + Ripemd passwords Heres where I think I am slacking: -I know know nothing about sessions and securing them. How unsafe/safe is it if all you are doing is: session_start(); $_SESSION['login']= $login; and checking it with: session_start(); if(isset($_SESSION['login'])){ -I heard something about other forms of injection like cross site injection and what not... -And probably many other things I dont know about. Is there a "checklist"/Quicktut on making php secure? I dont even know what I should be worried about.I kinda regret now not building off cakephp since I am not a pro.

Read the article
How long can a hash left out in the open be considered safe?

- by Xeoncross

If I were to leave a SHA2 family hash out on my website - how long would it be considered safe? How long would I have before I could be sure that someone would find a collision for it and know what was hashed? I know that the amount of time would be based on the computational power of the one seeking to break it. It would also depend on the string length, but I'm curious just how secure hashes are. Since many of us run web-servers we constantly have to be prepared for the day when someone might make it all the way to the database which stores the user hashes. So, move the server security out of the way and then what do you have? This is a slightly theoretical area for many of the people I have talked with, so I would love to actually have some more information about average expectations for cracking.

Read the article
Remembering Form information

- by Pete Herbert Penito

Hi everyone! I'm sorry if this has been asked before but I feel my situation is a little different... I have a huge form (like 50 questions involving checkboxes, drop downs, text boxes and textareas) When a user submits a form and the validation page throws an error, is there an easy way to keep the info they entered? My intitial form is on form.php and then the form action is form_posted.php, before anything is run on form_posted.php I have my validation code which sends the user back to form.php with an error number (eg. form.php?error=3) if there was a problem with any in particular. This is done with header("form.php?error=3") so on form.php do the posted variables exist? even tho the page wasn't specifically sent with any posted variables. Also if this is the case, is it completely secure to be making the value of a textbox what it was before? like <input type="text" value="php echo $_POSTED["username"] ?>">

Read the article
Windows Server 2003

- by user229133

I have a website that is using Windows Server 2003. The site is called https://mysite.com/ and at ip address 111.1.1.1. Now when I log into the site all my relative links that are generated using NavURL (<%# NavURL("Images/Menu/img.gif")%) are saying "http://111.1.1.1/Images/Menu/img.gif" instead of "https://mysite.com/Images/Menu/img.gif". This is causing an error because it needs to be secure. I'm sure there is a setting on the server somewhere to point to the name and not the ip, but I don't know where. Thanks for your help.

Read the article
@Secured not working

- by user3640507

I am new to spring and trying to implement Role based authorization with the help of @Secured annotation. I have a method which is specifically for ADMIN and I have written @Secured ("ROLE_ADMIN") to secure it. @Secured ("ROLE_ADMIN") public void HelloUser(String name) { System.out.println("Hello ADMIN"); } Now when I call this method by creating a class object it gets called eventhough user dont have ADMIN authority But when I dont create an object and use @autowired annotation instead then it works i.e User is not allowed to access this method. In my security.xml as well as servlet.xml I have added <global-method-security secured-annotations="enabled" /> Can some one please tell me where I am going wrong or is this the natural behaviour in spring ?

Read the article
How to add authentication property for login to directory path when running batch file in WCF?

- by blankon91

I have class in my WCF service to execute batch file. when I test to run the batch file in shared directory, everything is fine, the batch was executed, but when I try to run the batch file from secure diretory, I get error "ACCESS DENIED". How to add login property so I can access my secured directory to execute my batch file? here is my code: public string ExecuteBat() { string hasil = ""; ProcessStartInfo processInfo = new ProcessStartInfo(@"D:\Rpts\SSIS_WeeklyFlash_AAF_1.bat"); processInfo.CreateNoWindow = true; processInfo.UseShellExecute = false; Process process = Process.Start(processInfo); process.WaitForExit(); if (process.ExitCode == 0) { hasil = "BAT EXECUTED!"; } else { hasil = "EXECUTE BAT FAILED"; } return hasil; }

Read the article
Ternary operators and variable reassignment in PHP

- by TomcatExodus

I've perused the questions on ternary operators vs. if/else structures, and while I understand that under normal circumstances there is no performance loss/gain in using ternary operators over if/else structures, I've not seen any mention of this situation. Language specific to PHP (but any language agnostic details are welcome) does the interpreter reassign values in situations like this: $foo = 'bar' $foo = strlen($foo) > 3 ? substr($foo, 0, 3) : $foo; Since this would evaluate to $foo = $foo; is this inefficient, or does the interpreter simply overlook/discard this evaluation? On a side note, what about: !defined('SECURE') ? exit : null;

Read the article
ssl security information on internet explorer 6

- by user309984

Hi all, I dont want that my webpage show security information about this page contains both secure and nonsecure... this only happen in ie6, i am testing with the program ietester. I know that the problem is in file mootools-1.11-uncompressed.js in this line if(!$("ie_ready")){var C=(window.location.protocol=="https:")?"://0":"javascript:void(0);";document.write('<\/script');$("ie_ready").onreadystatechange=function(){if(this.readyState=="complete"){A();}};}}else{window.addListener("load",A);document.addListener("DOMContentLoaded",A); i already try change the ://0 by https://0 and javascript: and javascript:false and # but the problem continues, when i remove this line from the mootools file the warning doesnt show but the code that i have to show some calendar doesnt work also, because i have something like /* and this doesnt work if i remove that line, can anyone help me??

Read the article
MySQL/PHP: How to insert logged in user id into another table that is gathering data from a form tha

- by Lisa

For the first time I am needing to join information from two tables and am quite nervous about doing it without any advice first. Basically, I am building a secure site that is accessed by authorised users. I have my login table with user_id, username, password Once the user is on the site, they have the option of inputting data into another table called input. At the moment this table only captures the information that is entered, not the user_id or username of the inputter. I would like the form to be able to input the user_id and/or username from the login table into the input table. Please could somebody talk me through this process? I am sure that once this is amended, I will then be able to use the table to only allow the logged in user to access the information that he or she have inputted, is that correct? Many thanks

Read the article
Problem with session based login after moving relevent files to site root

- by YsoL8

Hello I have a site which I have been testing in a sub-folder of my clients site-root. I had no log in problems during testing, but then I moved the new site files from a sub-directory to the main site root, and now I'm losing my logged in state after almost every page refresh in secure areas. I am running a $_session based login system that refreshes the session id on every page load, with a comparison value stored in the MySQL database. Does anyone have suggestions for what could be causing this problem?

Read the article
Use .htaccess to limit access to file downloads

- by jimiyash

I have downloads for static files like product.exe. I want to limit access to these files with a .htaccess file so that only certain users can download it. I think this can be handled with mod_rewrite and I found this snippet online that blocks bad sites using the referrer. RewriteEngine on # Options +FollowSymlinks RewriteCond %{HTTP_REFERER} http://example.com/downloads/confirm/3811 [NC,OR] RewriteRule .* - [F] Source: http://www.javascriptkit.com/howto/htaccess14.shtml Instead of blocking based on referrer, I want to allow based on referrer. That way, the referrer can be a URL that cannot be accessed without first logging in. I am thinking about going this route and using the http referrer to give permission to the file. I know it may not be the best way to do it, and I guess the referrer can be spoofed, but it does not have to be THAT secure. I am also open to other ideas you may have to for limitting access. Please

Read the article
PHP - How to determine if request is coming from a specific file.

- by John

I have fileA.php on SERVER_A and fileB.php on SERVER_B fileB.php makes a curl request to fileA.php for it's contents How can fileA.php determine that the request is coming specifically from fileB.php? -- I was thinking about sending the $_SERVER['SCRIPT_NAME'] in fileB.php to fileA.php but since someone can go into fileB.php or any file in general and just do $_SERVER['SCRIPT_NAME'] = 'fileB.php'; it's not really that secure. So how can I determine, for security reasons, that the request is coming from a specific file on a different server?

Read the article
Forcibly clear memory in java

- by MBennett

I am writing an application in java that I care about being secure. After encrypting a byte array, I want to forcibly remove from memory anything potentially dangerous such as the key used. In the following snippet key is a byte[], as is data. SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES"); Cipher cipher = Cipher.getInstance("AES"); cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec); byte[] encData = cipher.doFinal(data, 0, data.length); Arrays.fill(key, (byte)0); As far as I understand, the last line above overwrites the key with 0s so that it no longer contains any dangerous data, but I can't find a way to overwrite or evict secretKeySpec or cipher similarly. Is there any way to forcibly overwrite the memory held by secretKeySpec and cipher, so that if someone were to be able to view the current memory state (say, via a cold boot attack), they would not get access to this information?

Read the article
Using Forms authentication with remote auth system?

- by chobo

I am working on a website that uses a remote websites database to check for authentication (they are both share some database tables, but are separate website...) Right now I check the username and password against the remote websites account / member table, if there is a match I create a session. Questions: Is this secure? On authenticated pages I just check if a session of a specific type exists.Is it possible for someone to create an empty session or something that could bypass this? Is it possible to use Forms authentication with this setup? Right now if a user is authenticated I just get an object back with the username, email and id.

Read the article
matrix = *((fxMatrix*)&d3dMatrix); //Evil?

- by Xilliah

I've been using matrix = *((fxMatrix*)&d3dMatrix); for quite a while. It worked fine until my screen turned black and received a bucket of frustration on my desk. fxMatrix contains 4 fxVectors. fxVector used to be 16 bytes, but now it was suddenly 20. This was because it inherited fxStreamable, which added the vTable. So one solution is of course just to not inherit fxStreamable, and leave a comment saying that it must always be 16 bytes and never more. Another solution would be to make conversion functions, and copy the matrix completely. This makes it more secure, but has an impact on the performance. I suppose this is the best idea. Another solution is to not convert at all, and stick to D3DXMATRIX, but this makes the engine inconsistent and I personally really dislike this idea. What is your opinion?

Read the article
how to return value through php function when called through the anchor tag in html

- by sumit

Look at my code below <a href="https://secure.gate2shop.com/ppp/purchase.do?merchant_id=234555454545433&merchant_site_id=54443¤cy=USD&total_amount=39.99&item_name_1=IncidentSupportTier1&item_amount_1=39.99&item_quantity_1=1&checksum=**call php function to get the checksum value**&time_stamp=2010-06-14.14:34:33&version=3.0.0" onmouseover="document.myform.sub_but.src='checkout02.jpg'" onmouseout="document.myform.sub_but.src='butup.gif'" onclick="return val_form_this_page()"> <img src="http://www.techvedic.com/gifs/checkout02.jpg" width="143" height="39" border="0" alt="Submit this form" name="sub_but" /> On button click the href link will open. But before opening the link I need to calculate the cheksum. I know how to calculate it in PHP script. But please tell me how can I call the PHP function which will return the checksum value. Don’t worry about the code in PHP script.

Read the article
Query about the service or technology behind gmail service

- by user1726908

I am a final year computer science student. I am studying in hyderabad, andhra pradesh, india. I have come to know that the gmail is a cloud service. I am very much interested in learning more about cloud computing. This technology has been puzzling,tickling,increasing my curiosity and i just want to learn as much as i can about it. And through experience, i have learnt that practically doing can improve our knowledge and thirst to learn more. Thus, I would like to know "what are the security measures which you have taken to keep the cloud service like gmail secure and authentic? What is the architecture of the service? What are the technologies used in building it? What are the different levels of security applied in general for building a private cloud?"

Read the article
How to generate random strings that match a given regexp?

- by Pies

Duplicate: Random string that matches a regexp No, it isn't. I'm looking for an easy and universal method, one that I could actually implement. That's far more difficult than randomly generating passwords. I want to create an application that takes a regular expression, and shows 10 randomly generated strings that match that expression. It's supposed to help people better understand their regexps, and to decide i.e. if they're secure enough for validation purposes. Does anyone know of an easy way to do that? One obvious solution would be to write (or steal) a regexp parser, but that seems really over my head. I repeat, I'm looking for an easy and universal way to do that. Edit: Brute force approach is out of the question. Assuming the random strings would just be [a-z0-9]{10} and 1 million iterations per second, it would take 65 years to iterate trough the space of all 10-char strings.

Read the article
What's a good freeware collaborative (i.e., multiuser) instant messenger?

- by Will

I'm looking for an app that my development team that is essentially an IM app, but multiple people can be in one "room." Similar to IRC. Additional requirements (that preclude hosting an IRC server myself): IM style appliction -- Download and install one app on each PC. The app lives in the tray. New messages appear in a notification window on everybody's pc. Secure -- No Ventrillo Harassment nonsense. Only those with access can see and read what's going on. Not My Job -- Doesn't require us to host a server, set up a server, etc. I just want to log on and go. No friggen smileys -- If the client app has smilies I will have to kill someone.

Read the article
Connecting PHP Server and Android?

- by user3439988

I am trying to create a simple test application to transfer data back and forth between my server and Android device. The following are the things I aim for: Ability to upload data and files to the server. To be able to view my files on the server. To be able to download the files from the server to my android device. Ability of the server to send me updates on the files or notifications to my phone. I need a safe and secure way to do these things. I have tried these: HTTPPost requests onto the server and echoing the output accordingly and capturing the HTTPresponse and parsing it. For files I have tried using MultipartEntity, but I think that has been deprecated.

Read the article
Add params before submit form ROR

- by Jorge Najera T

It's possible to add some parameters before submit an form? My problem is that I need to send the ticket id to my payment controller. A possibility is to send it through an hidden input field, but there's any other secure way to achieve this? Any help will be appreciated. Thanks. The process of buying a ticket 0) Select the event 1) User select the kind of ticket he wants to buy. 2) User add his personal information 3) Finally the Checkout (payment controller)

Read the article
Securely using exec with PHP to run ffmpeg

- by Venkat D.

I would like to run ffmpeg from PHP for video encoding purposes. I was thinking of using the exec or passthru commands. However, I have been warned that enabling these functions is a security risk. In the words of my support staff: The directive 'disable_functions' is used to disable any functions that allow the execution of system commands. This is for more security of the server. These PHP functions can be used to crack the server if not used properly. I'm guessing that if exec is enabled, then someone could (possibly) execute an arbitrary unix command. Does anyone know of a secure way to run ffmpeg from PHP? By the way, I'm on a dedicated server. Thanks ahead of time!

Read the article
[php + mysql] Save IP in database

- by Knarf

When a user logs inn I want to save their IP in the database. How would I do that? What type is best to use for the MySQL field? How would the PHP code to get IP look like? I'm thinking of using it as an extra security feature for the login/session stuff. I'm thinking of checking the IP the user logged in with from the DB with the IP the user have now as addition to checking the session. So that it first check the session, and then check if you have a valid IP. Is that an allright extra feature? And what other things can I do to make it more secure?

Read the article
How to prompt for username and password entry in C# / SQL ASP.NET web app?

- by salvationishere

How do I prompt for username and password in my C#/SQL web application? This was developed in VS 2008 on a 32-bit XP. The current connection string I'm using in my web.config file is: <add name="AdventureWorksConnectionString2" connectionString="Data Source=SIDEKICK;Initial Catalog=AdventureWorks;Persist Security Info=false; " providerName="System.Data.SqlClient" /> When I select Basic Authentication it pops up the warning: "The authentication option you have chosen results in passwords being sent over the network without data encryption..." How do I choose this authentication method and still send passwords over securely? So essentially I am looking for the most secure authentication method but that still requires users to input password?

Read the article
GWT problem wiht htmlunit

- by ihtram

i have a gwt url and i am trying to get next page by clicking a button. that button is an image. but when we click that button i got blank page. that url is: http://www.ichotelsgroup.com/redirect?brandCode=hi&regionCode=1&localeCode=en&path=asearch&errorURL=/h/d/6c/1/en/rates&successURL=/h/d/6c/1/en/rates/BOSGC&availabilitySearchSuccessURL=/h/d/6c/1/en/rates/BOSGC?ias=y&actionName=availabilitySearch&hotelCode=BOSGC&checkInDate=2&checkInMonthYear=62010&checkOutDate=6&checkOutMonthYear=62010&numberOfAdults=1&numberOfChildren=0&numberOfRooms=1&smokingPreference=3&secure=false&rateTypeCodes=6CBARC&rateChangePeriod=&_IATAno=99609020&cm_mmc=mdpr-_-kayak-_-USCSR-_-BOSGC i am trying to click "view rates button"..

Read the article

< Previous Page | 117 118 119 120 121 122 123 124 125 126 127 128 | Next Page >