Search Results

Search found 29513 results on 1181 pages for 'microsoft security essent'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 135/1181 | < Previous Page | 131 132 133 134 135 136 137 138 139 140 141 142  | Next Page >

  • immplementing security with session variables, how it is insecure

    - by haansi
    Hello, I am doing web based projects in dotnet. Currently I am implementing security using session variables. I keep current user id and user type in session and authenticate user from these session variables (say Session["UserId"],Session["UserName"] and Session["UserType"]) I do authentications. Please guide me how it is insecure ? I heard such security can be broken and applications can be hacked very easily, like it is possible to get session id and directly connect to that session id etc. Please guide me on this thanks

    Read the article

  • Microsoft Office Programmability Delivers for Consultants Customers

    I’ve talked with with many dozens of customers here at TechEd 2010 about Office 2010 and shown them a lot of demos at the kiosk. As they arrive I hand them a www.iheartmacros.com t-shirt (hugely popular, btw). Very often the response is: “This is great. I actually do love macros and VBA”. I’m not surprised. In the following 2 minute video clip I talk with Mike Corkery, a consultant and IT trainer who specializes in Office development and training. He mentions how a relatively...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Microsoft Sync. Framework with Azure on iOS

    - by Richard Jones
    A bit of a revelation this evening. I discovered something obvious, but missing from my understanding of the brilliant iOS example that ships with the Sync. Framework 4.0CTP It seems that on the server side if a record is edited, correctly only the fields that are modified gets sent down to your device (in my case an iPad). I was previously just blindly assuming that I'd get all fields down. I modified my Xcode population code (based on iOS sample) as follows: + (void)populateQCItems: (id)dict withMetadata:(id)metadata withContext:(NSManagedObjectContext*) context { QCItems *item = (QCItems *)[Utils populateOfflineEntity:dict withMetadata:metadata withContext:context]; if (item != nil) // modify new or existing live item { if ([dict valueForKey:@"Identifier"]) // new bit item.Identifier = [dict valueForKey:@"Identifier"]; if ([dict valueForKey:@"InspectionTypeID"]) // new bit item.InspectionTypeID = [dict valueForKey:@"InspectionTypeID"]; [item logEntity]; } } I hope this helps someone else; as I learnt this the hard way. Technorati Tags: Xcode, iOS, Azure, Sync Framework, Cloud

    Read the article

  • Sharepoint page level security

    - by ifunky
    Hi, Another SharePoint question from myself! I've created a subsite and from within Sharepoint designer I've created a new aspx page, all nice and simple so far. I can't seem to find where I can change the security on this new page, only site admins can view the page and everyone else gets access denied. It doesn't seem to inherit the permissions from the parent and I can't see where to change the security settings! Please help, I'm sure it's something simple! Thanks Dan

    Read the article

  • sudoers security

    - by jetboy
    I've setup a script to do Subversion updates across two servers - the localhost and a remote server - called by a post-commit hook run by the www-data user. /srv/svn/mysite/hooks/post-commit contains: sudo -u cli /usr/local/bin/svn_deploy /usr/local/bin/svn_deploy is owned by the cli user, and contains: #!/bin/sh svn update /srv/www/mysite ssh cli@remotehost 'svn update /srv/www/mysite' To get this to work I've had to add the following to the sudoers file: www-data ALL = (cli) NOPASSWD: /usr/local/bin/svn_deploy cli ALL = NOEXEC:NOPASSWD: /usr/local/bin/svn_deploy Entries for both www-data and cli were necessary to avoid the error: post commit hook failed: no tty present and no askpass program specified I'm wary of giving any kind of elevated rights to www-data. Is there anything else I should be doing to reduce or eliminate any security risk?

    Read the article

  • Microsoft Lifecam VX-2000 doesn't work anymore in Cheese

    - by paed808
    I got have two Lifecam VX-2000's and they don't work in cheese anymore. I don't know if it's a problem with a missing package, or a package I installed. Here is the output. (cheese:11122): Clutter-WARNING **: No listener with the specified listener id 29 (cheese:11122): Clutter-WARNING **: No listener with the specified listener id 30 (cheese:11122): Clutter-WARNING **: No listener with the specified listener id 31 (cheese:11122): Clutter-WARNING **: No listener with the specified listener id 32 (cheese:11122): GLib-CRITICAL **: g_hash_table_remove_internal: assertion `hash_table != NULL' failed (cheese:11122): Clutter-WARNING **: Not able to remove listener with id 1 (cheese:11122): GLib-CRITICAL **: g_hash_table_size: assertion `hash_table != NULL' failed totem-video-thumbnailer: 'file:///home/myusername/Videos/Webcam/2012-09-20- 191530.webm' isn't thumbnailable Reason: Media contains no supported video streams. ** (cheese:11122): WARNING **: could not generate thumbnail for /home/myusername/Videos/Webcam/2012-09-20-191530.webm (video/webm) Notice the: Reason: Media contains no supported video streams. When I try to record a video it just makes a 13.2KB WEBM file with nothing. When I take a picture it works. Edit: I've been thinking that the problem started after installing the MediUbuntu repository on my system.

    Read the article

  • SQLAuthority News Public Training Classes In Hyderabad 12-14 May Microsoft SQL Server 2005/2008 Qu

    After successfully delivering many corporate trainings as well as the private training Solid Quality Mentors, India is launching the Public Training in Hyderabad for SQL Server 2008 and SharePoint 2010. This is going to be one of the most unique and one-of-a-kind events in India where Solid Quality Mentors are offering public classes. I will [...]...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Microsoft is Top Pick for ALM

    - by Arkham
    Investigating the market for a new software product can be a daunting task. Sometimes it’s difficult to even uncover all of the players. There’s no shortage of rhetoric on each vendor’s web site, but how can today’s CTO get objective information about how a software package ranks against it’s peers in a given space? Every year, Gartner releases what they call a Magic Quadrant report evaluating various products in a given space. This past week, Gartner released their analysis of products in the Application Lifecycle Management (ALM) arena. It is very exciting to see us in the top spot as a thought leader and for our ability to execute. If you are interested in ALM, you can read through an entire reprint of the report here. There’s plenty of new competitors listed and some of the existing competitors have shifted quite a bit. And this comes prior to the release of Team Foundation Server 2012! I suppose with all of the new features in 2012, they could just add another square to the upper-right. It’s beyond awesome! It’s be-awesome!

    Read the article

  • Microsoft Office Communications Server 2007 R2 - Part I

    Office Communications Server, which provides integrated voice, conferencing, IM, and telephony, is one of those products that are difficult to explain in simple terms. It takes a brave man to take on the task, and to provide a simple guide to installing it: Luckily for us, Johan is that man. In the first of a series, he explains what it is, how it benefits your enterprise, and how to make it happen.

    Read the article

  • Understanding the Microsoft Permissive License

    - by cable729
    I want to use certain parts of the Game State Management Example in a game I'm making, but I'm not sure how to do this legally. It says in the license that I'm supposed to include a copy of the license with it. So if I make a Visual Studio Solution, I just add the license.txt to the solution? Also, if I use a class and change it, do I have to keep the license info at the top or add that I changed it or what?

    Read the article

  • Security review of an authenticated Diffie Hellman variant

    - by mtraut
    EDIT I'm still hoping for some advice on this, i tried to clarify my intentions... When i came upon device pairing in my mobile communication framework i studied a lot of papers on this topic and and also got some input from previous questions here. But, i didn't find a ready to implement protocol solution - so i invented a derivate and as i'm no crypto geek i'm not sure about the security caveats of the final solution: The main questions are Is SHA256 sufficient as a commit function? Is the addition of the shared secret as an authentication info in the commit string safe? What is the overall security of the 1024 bit group DH I assume at most 2^-24 bit probability of succesful MITM attack (because of 24 bit challenge). Is this plausible? What may be the most promising attack (besides ripping the device out off my numb, cold hands) This is the algorithm sketch For first time pairing, a solution proposed in "Key agreement in peer-to-peer wireless networks" (DH-SC) is implemented. I based it on a commitment derived from: A fix "UUID" for the communicating entity/role (128 bit, sent at protocol start, before commitment) The public DH key (192 bit private key, based on the 1024 bit Oakley group) A 24 bit random challenge Commit is computed using SHA256 c = sha256( UUID || DH pub || Chall) Both parties exchange this commitment, open and transfer the plain content of the above values. The 24 bit random is displayed to the user for manual authentication DH session key (128 bytes, see above) is computed When the user opts for persistent pairing, the session key is stored with the remote UUID as a shared secret Next time devices connect, commit is computed by additionally hashing the previous DH session key before the random challenge. For sure it is not transfered when opening. c = sha256( UUID || DH pub || DH sess || Chall) Now the user is not bothered authenticating when the local party can derive the same commitment using his own, stored previous DH session key. After succesful connection the new DH session key becomes the new shared secret. As this does not exactly fit the protocols i found so far (and as such their security proofs), i'd be very interested to get an opinion from some more crypto enabled guys here. BTW. i did read about the "EKE" protocol, but i'm not sure what the extra security level is.

    Read the article

  • Is this iptables NAT exploitable from the external side?

    - by Karma Fusebox
    Could you please have a short look on this simple iptables/NAT-Setup, I believe it has a fairly serious security issue (due to being too simple). On this network there is one internet-connected machine (running Debian Squeeze/2.6.32-5 with iptables 1.4.8) acting as NAT/Gateway for the handful of clients in 192.168/24. The machine has two NICs: eth0: internet-faced eth1: LAN-faced, 192.168.0.1, the default GW for 192.168/24 Routing table is two-NICs-default without manual changes: Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 (externalNet) 0.0.0.0 255.255.252.0 U 0 0 0 eth0 0.0.0.0 (externalGW) 0.0.0.0 UG 0 0 0 eth0 The NAT is then enabled only and merely by these actions, there are no more iptables rules: echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # (all iptables policies are ACCEPT) This does the job, but I miss several things here which I believe could be a security issue: there is no restriction about allowed source interfaces or source networks at all there is no firewalling part such as: (set policies to DROP) /sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT And thus, the questions of my sleepless nights are: Is this NAT-service available to anyone in the world who sets this machine as his default gateway? I'd say yes it is, because there is nothing indicating that an incoming external connection (via eth0) should be handled any different than an incoming internal connection (via eth1) as long as the output-interface is eth0 - and routing-wise that holds true for both external und internal clients that want to access the internet. So if I am right, anyone could use this machine as open proxy by having his packets NATted here. So please tell me if that's right or why it is not. As a "hotfix" I have added a "-s 192.168.0.0/24" option to the NAT-starting command. I would like to know if not using this option was indeed a security issue or just irrelevant thanks to some mechanism I am not aware of. As the policies are all ACCEPT, there is currently no restriction on forwarding eth1 to eth0 (internal to external). But what are the effective implications of currently NOT having the restriction that only RELATED and ESTABLISHED states are forwarded from eth0 to eth1 (external to internal)? In other words, should I rather change the policies to DROP and apply the two "firewalling" rules I mentioned above or is the lack of them not affecting security? Thanks for clarification!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 131 132 133 134 135 136 137 138 139 140 141 142  | Next Page >