Search Results

Search found 17646 results on 706 pages for 'security warning'.

Page 125/706 | < Previous Page | 121 122 123 124 125 126 127 128 129 130 131 132  | Next Page >

  • Is it possible for double-escaping to cause harm to the DB?

    - by waiwai933
    If I accidentally double escape a string, can the DB be harmed? For the purposes of this question, let's say I'm not using parametrized queries For example, let's say I get the following input: bob's bike And I escape that: bob\'s bike But my code is horrible, and escapes it again: bob\\\'s bike Now, if I insert that into a DB, the value in the DB will be bob\'s bike Which, while is not what I want, won't harm the DB. Is it possible for any input that's double escaped to do something malicious to the DB assuming that I take all other necessary security precautions?

    Read the article

  • Important Question, Please give response if u have any idea....

    - by Sumit Kr Singh
    Hi i an developing an iphone application, it is basically a security application based on "Thief Buster"(available on Appstore URL: http://itunes.apple.com/app/thief-buster-antitheft-alarm/id327463179?mt=8# ) my problem is: * Volume Control Blocking * Automatic application restart Please provide the application logic to resolve the problem. Thanks in advance..

    Read the article

  • why jsessionid is appended to each url?

    - by sword101
    greetings all i am deploying an app using spring framework on the apache tomcat when running the application from the tomcat directly,there's no jsessionid appended to any url at all but after mapping the application to the domain,and trying to run it i got a jsessionid appended to each url in the application,i tried the spring security attribute disable-url-rewriting but it doesn't work,it removes the jsessionid from the url but the application doesn't work no more,the user cannot login. so i guess it's another problem,any ideas why this happens,how to solve it? thanks.

    Read the article

  • URLScan and percent signs

    - by Hobbes
    So I just ran into a stupid problem in which users could not download files that had a percent sign in it. It wound up being URLScan. I had to un-set two things in urlscan.ini: 1) Set VerifyNormalization to 0 (disabled) 2) Remove the percent sign from the "DenyUrlSequences" section Do an iisreset, and it problem solved. But the big question is: How much of a security risk is this?

    Read the article

  • MD5 hash with salt for keeping password in DB in C#

    - by abatishchev
    Could you please advise me some easy algorithm for hashing user password by MD5, but with salt for increasing reliability. Now I have this one: private static string GenerateHash(string value) { var data = System.Text.Encoding.ASCII.GetBytes(value); data = System.Security.Cryptography.MD5.Create().ComputeHash(data); return Convert.ToBase64String(data); }

    Read the article

  • How can I provide an ASP.NET Forms Authentication UX while using Active Directory Role and Authentic

    - by Nate Bross
    Is it possible to use this Role Provider AspNetWindowsTokenRoleProvider with ASP.NET FORMS Authentication (via this MembershipProvider System.Web.Security.ActiveDirectoryMembershipProvider)? It seems to only work with <authentication mode="Windows">, is it possible to use it with FORMS? background -- The objective here is to provide an ASP.NET Forms UX while using Active Directory as the back-end authentication system. If there is another, easy way to do this using built-in technologies, that's great and I'd like to hear about that as well.

    Read the article

  • Problem making local copy of a webpage

    - by Claudiu
    I want to run this chrome experiment locally. I copied the .html and .js files, along with the two .jpgs that the demo uses. However, when I run it off my local drive, Chrome gives this error: light.js:89 - Uncaught Error: SECURITY_ERR: DOM Exception 18 Line 89 returns the image data from the canvas after drawing the image to it. What's causing this security exception? It seems to not be Chrome-specific, as Firefox gives the same error.

    Read the article

  • Change Browser settings by script

    - by jAndy
    Hi Folks, Afaik, you can change/manipulate browser settings in Mozilla/Netscape browsers. For Instance "netscape.security.PrivilegeManager.enablePrivilege('someprivilege');" Of course the user gets informed about that and needs to verify the action. My question is, do other browser have similar functionality? IE, Safari/Chrome ? Kind Regards --Andy

    Read the article

  • prevent generating new jsessionid?

    - by mr.lost
    greetings all my application uses spring framework,spring security 3.0.2 we use apache tomcat as app server the problem is that with each new request to the application a new jsessionid is generated and a new session is created so the user is logged out and that's weird,why generating new jsessionid,how to stop that? i reviewed the code,nothing is creating a new session? is it a framework problem or app server problem or what? your help is very appreciated. thank you.

    Read the article

  • best way to escape and create a slug

    - by Mac Taylor
    hey guys im somehow confused in using proper functions to escape and create a slug i used this : $slug_title = mysql_real_escape_string()($mtitle); but someone told me not to use it and use urlencode() which one is better for slugs and security as i can see in SO , it inserts - between words : http://stackoverflow.com/questions/941270/validating-a-slug-in-django thanx in advanced

    Read the article

  • ASP.NET ascx.cs via GET

    - by Heavy Bytes
    Say I have this url: http://site.example/dir/ In this folder I have these files: test.ascx.cs and test.ascx Just to be clear, I am not a .NET developer. From a security point of view - why can't I access http://site.example/dir/test.ascx.cs and how secure is it to keep those files there? I assume IIS filters out request that query these kind of files, but can someone explain me this? Thank you.

    Read the article

  • Process limit for user in Linux

    - by BrainCore
    This is the standard question, "How do I set a process limit for a user account in Linux to prevent fork-bombing," with an additional twist. The running program originates as a root-owned Python process, which then setuids/setgids itself as a regular user. As far as I know, at this point, any limits set in /etc/security/limits.conf do not apply; the setuid-ed process may now fork bomb. Any ideas how to prevent this?

    Read the article

  • To HTMLENCODE or not to HTMLENCODE user input on web form (asp.net vb)

    - by Phil
    I have many params making up an insert form for example: x.Parameters.AddWithValue("@city", City.Text) I had a failed xss attack on the site this morning, so I am trying to beef up security measures anyway.... Should I be adding my input params like this? x.Parameters.AddWithValue("@city", HttpUtility.HtmlEncode(City.Text)) Is there anything else I should consider to avoid attacks? Thanks

    Read the article

  • Solr Multicore Admin Problem

    - by Daniel M
    Im trying to add a url based security constraint to solr deployed in websphere 6.1. If I specify the core name in the url of the constraint then the admin url for that core gives a 404. Has anyone had any success with this or any suggestions? Cheers

    Read the article

  • How to detect Java agents, JVMTI, etc...

    - by Andrew Westberg
    How does one secure the Java environment when running on a machine you don't control? What is to stop someone from creating a java agent or native JVMTI agent and dumping bytecode or re-writing classes to bypass licensing and/or other security checks? Is there any way to detect if any agents are running from Java code? From JNI? From a JVMTI agent?

    Read the article

  • C++ Professional Code Analysis Tools

    - by Voulnet
    Hello there, I would like to ask about the available (free or not) Static and Dynamic code analysis tools that can be used to C++ applications ESPECIALLY COM and ActiveX. I am currently using Visual Studio's /analyze compiler option, which is good and all but I still feel there is lots of analysis to be done. I'm talking about a C++ application where memory management and code security is of utmost importance.

    Read the article

  • deploying WAMP -> live site - any random tips?

    - by Haroldo
    In the next few weeks I'll be taking my site from the localhost (WAMP) and puting it on a new server. This will be the first site, on my first server, so basically...i'm a noob! This must be an important moment for any independent web developer / small business so i'd love to hear about some experiences, mistakes and system default security holes that one should fix straight away... I'm using php, mysql, cpanel and WHM, and looking for tips like "Turn off error reporting in PHP"

    Read the article

  • GenericIdentity not FormsIdentity

    - by Tony
    H Regarding this URL http://www.codeproject.com/KB/aspnet/FlashUpload.aspx User.Identity as System.Web.Security.FormsIdentity is always null, because the Identity is GenericIdentity, I assumed it will be as in the tutorial FormsIdentity, what is chances. Thanks

    Read the article

  • Auto-creating User details with Grails and LDAP

    - by Benny Hallett
    I'm using the Acegi Security plugin for Grails, and authentication via LDAP. The application logs show that on login, we can authenticate the user and get their roles via LDAP, but the login fails because the User Details cannot be found in the application's database. Is there a way to auto create and save a basic User Details domain object if one doesn't already exit?

    Read the article

  • How to Consume a WebService(created by C#) using Https protocol

    - by Navaneeth A Krishnan
    I'm developing a small project, that is an C# web service, i did that but now i want to run the web service using the protocol HTTPS, for that i have installed web authentication certificate in my system and my IIS 5.1 server is running under HTTPS protocol(i have configured in that directory security) But now i want to invoke the web service using the HTTPS protocol, somebody told that, i need to modify the WSDL file for that web service but i don't know how to do it... now my service url is like this.... http://localhost:2335/SWebService.asmx here i would like to use https instead of http

    Read the article

  • Heroku powered private restricted beta

    - by Ben Sand
    I'd like to run an app in a restricted private beta on heroku. We're changing the app regularly and haven't done a security audit. To stop anyone exploiting stuff, we'd like to lock down the whole site, so you need a password to access anything. Ideally similar to using .htaccess and .htpasswd files to lock an entire site on an Apache server. Is there a simple one shot way to do this for a heroku hosted app?

    Read the article

< Previous Page | 121 122 123 124 125 126 127 128 129 130 131 132  | Next Page >