Search Results

Search found 17646 results on 706 pages for 'security warning'.

Page 127/706 | < Previous Page | 123 124 125 126 127 128 129 130 131 132 133 134  | Next Page >

  • Is there a current OpenSSL book?

    - by Martin
    Does anyone know of a more recent OpenSSL book than "Network Security with OpenSSL: Cryptography for Secure Communications" (http://www.opensslbook.com/)? It is from 2002 and does not cover OpenSSL version 0.97+. Best would be a book for OpenSSL 1.0.0 but I guess that one is too recent.

    Read the article

  • Using @Secured Annotation causes IS_FULLY_AUTHENTICATED problem in grails

    - by TripWired
    I'm using Acegi/Spring Security in grails and when i use the annotations like @Secured(['ROLE_ADMIN']) it denies my login even though the user is part of ROLE_ADMIN. In looking through the login is it seems that it's getting an IS_AUTHENTICATED_FULLY role also but I have never added that to a page so i'm not sure how to bypass that. I read somewhere to preauthorize the user, but i'm not sure how to do that with grails.

    Read the article

  • Is it possible to create a FIPS 140-2 compliant server in Perl?

    - by Nayruden
    The question is pretty simple, is it possible to create a FIPS 140-2 compliant server in Perl? Especially, is it possible without modifying any of the C code for the modules? If it's not possible in straight Perl, what would be the easiest way to go about it from a C perspective? I'm basically creating a mini-httpd that only serves up a single file, but due to security restrictions it needs to be served up on SSL under FIPS compliance.

    Read the article

  • How to pass username and password for authentication in URL?

    - by Maggie
    Hi there. I need to pass the user name and password in the URL for a REST web services call. I know that if I pass it this way in Firefox, it works: https://{UserName}:{Password}@api.opsourcecloud.net/oec/0.9/myaccount Is there a proper way to pass user name and password aside from the above example? It's a Spring Security Context?

    Read the article

  • How should I ethically approach user password storage for later plaintext retrieval?

    - by Shane
    As I continue to build more and more websites and web applications I am often asked to store user's passwords in a way that they can be retrieved if/when the user has an issue (either to email a forgotten password link, walk them through over the phone, etc.) When I can I fight bitterly against this practice and I do a lot of ‘extra’ programming to make password resets and administrative assistance possible without storing their actual password. When I can’t fight it (or can’t win) then I always encode the password in some way so that it at least isn’t stored as plaintext in the database—though I am aware that if my DB gets hacked that it won’t take much for the culprit to crack the passwords as well—so that makes me uncomfortable. In a perfect world folks would update passwords frequently and not duplicate them across many different sites—unfortunately I know MANY people that have the same work/home/email/bank password, and have even freely given it to me when they need assistance. I don’t want to be the one responsible for their financial demise if my DB security procedures fail for some reason. Morally and ethically I feel responsible for protecting what can be, for some users, their livelihood even if they are treating it with much less respect. I am certain that there are many avenues to approach and arguments to be made for salting hashes and different encoding options, but is there a single ‘best practice’ when you have to store them? In almost all cases I am using PHP and MySQL if that makes any difference in the way I should handle the specifics. Additional Information for Bounty I want to clarify that I know this is not something you want to have to do and that in most cases refusal to do so is best. I am, however, not looking for a lecture on the merits of taking this approach I am looking for the best steps to take if you do take this approach. In a note below I made the point that websites geared largely toward the elderly, mentally challenged, or very young can become confusing for people when they are asked to perform a secure password recovery routine. Though we may find it simple and mundane in those cases some users need the extra assistance of either having a service tech help them into the system or having it emailed/displayed directly to them. In such systems the attrition rate from these demographics could hobble the application if users were not given this level of access assistance, so please answer with such a setup in mind. Thanks to Everyone This has been a fun questions with lots of debate and I have enjoyed it. In the end I selected an answer that both retains password security (I will not have to keep plain text or recoverable passwords), but also makes it possible for the user base I specified to log into a system without the major drawbacks I have found from normal password recovery. As always there were about 5 answers that I would like to have marked correct for different reasons, but I had to choose the best one--all the rest got a +1. Thanks everyone!

    Read the article

  • Can a python view template be made to be 'safe/secure' if I make it user editable?

    - by Blankman
    Say I need to have a templating system where a user can edit it online using an online editor. So they can put if tags, looping tags etc., but ONLY for specific objects that I want to inject into the template. Can this be made to be safe from security issues? i.e. them somehow outputing sql connection string information or scripting things outside of the allowable tags and injected objects.

    Read the article

  • Interrogating Java source code

    - by VibeofBoston
    I have a Java source code that I need to interrogate and apply security policies [for e.g. applying CWE] I have couple of ideas, for starters using AST and then travel thru the tree. Others include using regular expression. Are there any options other than AST or regex that I could use for such process.

    Read the article

  • Node.js A Good authentication module ? or whats the proper way to authenticate users?

    - by Mohamed Ahmed
    I'm learning Node.js and looking forward to create a simple web application which will be based on Express and I was thinking of something like creating user groups and each group has its own users and each group has its own permissions (Just like ACL in Cakephp) So can anyone recommend a good module or whatever to do so ? Also I'm a little curious about security and how these passwords are going to be saved and what type of encryption the passwords will be encrypted in. Thanks :)

    Read the article

  • Unsure how to modify userDetailsService to allow for custom userDetails but keep datasource

    - by adam2510
    what i am trying to do is i'm following this http://www.theserverside.com/tip/-Spring-Security-Customizing-Your-User-and-Authorization-in website to attempt to customise the UserDetails so i can retrieve more fields regarding to the user... as far as implementing the UserDetails, where i am confused is the UserDetailsService at the moment i only have the code for the userDetailsService that is in the website linked above i'm just not sure on how to go about doing it

    Read the article

  • Are WCF Services encrypted automatically if they go over SSL?

    - by michael
    Basically, if I have a plain WCF Service over HTTPS is it automatically secure? [ServiceContract] public interface ICalc { [OperationContract] int add(int a, int b); } public class Calculator : ICalc { public int add(int a, int b) { return a + b; } } I figure the actual SOAP message isn't encrypted here, but is it still secure if I use https? Basically, if I use a basichttpbinding with no security settings in my config over https://www.myserver.com/services/Calc.svc is that secure?

    Read the article

  • Best way to store a database password in a startup script / config file?

    - by Mark Harrison
    So our web server apps need to connect to the database, and some other apps have startup scripts that execute at boot time. What's the best way to store the name/password for these applications, in terms of security, e.g. perhaps we don't want sysadmins to know the database password maintainability, e.g. making the configuration easy to change when the password changes, etc. both windows and linux solutions appreciated!

    Read the article

  • Is there a Veil-like plug-in for MySQL?

    - by Kevin
    We have a MySQL database and would like to have row-level security implemented at the database level. I have been playing with the Veil plug-in for PostgreSQL and like what it does. Is there something similar for MySQL so we do not have to convert over to PostgreSQL?

    Read the article

  • How to disallow a windows service stop

    - by Saar
    I have some security related service running on my machine (start type = automatic) In the service control manager, the stop/restart commands are grayed out. I was wondering how can I develop such service for which the stop operation is disallowed. Note that I am logged in as an administrator

    Read the article

  • CPU emulator on C for assembler

    - by krlzx00
    Hi, there. I have a problem. I´m working on a little aplication of security, but i recived an array that means a bytes, and that bytes can be interpreted as a assembler code, so my cuestion is.... some one knows a library that a i can use on my aplication that can execute this bytes and show what it do, or something like that?

    Read the article

  • Should the function or the caller be resonsible for input validation?

    - by haudenschilt
    I'm doing a security audit on a fairly large php application and was wondering where I should include my user-input validation. Should I validate the data, then send the clean data off to the back-end functions or should I rely on each function to do it's own validation? Or even both? Is there any standard or best-practice for this sort of thing? Currently the app does both inconsistently and I'll like to make things more consistent.

    Read the article

  • MailEnable - Configuring TLS for secure SMTP (Gmail)

    - by Buckers
    I have the latest version of MailEnable Pro installed on a new server that I'm setting up. Sending & receiving works fine with a new email account that I have set up, however I am now trying to configure GMail to use the mailserver for outgoing SMTP. I've done the following so far: Creating a self-cert SSL certficiate Ticked "Enable TLS" on the General tab of the SMTP connector properties Ticked "Send using TLS if remote server supports it" on the Outbound tab of the SMTP connector properties Selected the new self-cert SSL certificate on the SSL tab of the localhost server properties. Given permissions to IME_System on the new certificate However, Gmail is still giving me the following error: Authentication failed. Please check your username/password. [Server response: 454 TLS not available due to temporary reason code(454) ] I'm trying to connect on port 25, (someone told me you can still do this and you dont have to connect on 465). Is this right? Or do I need to tell MailEnable to use port 465? Am I missing something? Thanks, Chris.

    Read the article

  • 'Certificate types are not available' When creating computer certificate?

    - by Anicho
    Environment Windows Server 2008 sp1 Xeon CPU E5430 @ 2.66 GHz 16.0 GB Ram 64-bit Operating System 1TB Disk Space Server Role: SQL Server Other Information: Joint to domain, Logged in user domain administrator Issue Steps that cause issue: Create a computer certificate using mmc snap-in 'certificates' by right clicking on 'Certificates' folder Under 'root\Personal' tree, and clicking All Tasks - Request New Certificate. Certificate Enrollment window appears, you verify you are connected to your network and you are logged onto the domain. Then Click Next, which leads to a window stating the issue: "Certificate types are not available" "You cannot request a certificate this time because no certificate types are available. If you need a certificate contact your administrator." Wanted Solution Create a certificate on this server, to implement SSL connection to MSSQL servers.

    Read the article

< Previous Page | 123 124 125 126 127 128 129 130 131 132 133 134  | Next Page >