Search Results

Search found 1306 results on 53 pages for 'csrf protection'.

Page 14/53 | < Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >

  • Is a commercial licensing tool better than a home grown solution for licensing a software product.

    - by Kalpak
    Hi, We are developing a product in C#.Net. We would definately not like our product to be copied easily across machines (in short pirated). For that purpose can anybody suggest using a 3rd party tool or a home grown solution. What are the pros and cons of each. One negative about home grown solution is that the cost involved in creating one from scratch. Can somebody comment on the technology to be used for licensing as .Net can be decompiled.

    Read the article

  • Stopping the manipulation of variables used for data collection?

    - by Ruinous
    I am working on a project in java and I was hoping to be able to collect statistics from the client and a possible problem that I fear will occur is the manipulation of the variables used for collection which will lead to illegitimate statistics. Is it in any way possible to prevent the manipulation of variables or is it always possible? For example: I want to log the actions made per hour from the client. The variable acting as a counter for the amount of actions performed is manipulated and a much larger amount is added to the counter. This data is then uploaded to the server (Of course using a multi-tier architecture to prevent even more possible problems) and considered 'legit.' Is there any way to prevent this?

    Read the article

  • What is the best way to go about obscuring Java code?

    - by Waltzy
    Well, I'm planning on releasing a Jar into the world but would prefer if the code was not readably available to anyone with a Java Decompiler as I want to control access to the program with usernames / auth codes etc. After some Googling I haven't found any software to do this for me, so I was wondering what steps to take from here; if anyone can point me at any software or information on methodologies of obscurification I would be grateful. Cheers again Stack Overflow.

    Read the article

  • Password protected web content-- basic question

    - by nickpish
    I'm looking to create a password-protected section of my website that requires user login, and I'm wondering what approach would provide the simplest solution. For the most part, the site will be very simple and static-- i.e. no real requirement for a database/backend-- with the protected content contained in a single directory, which I've already configured on my server via htaccess. I guess I'm wondering ultimately if it's possible to use a script of some sort that will enable access to this protected directory via a form and thereby bypass the need for configuring a mySQL/PHP solution? Furthermore, this protected content is not exactly hyper-sensitive, but private nonetheless. Thanks much for any direction here.

    Read the article

  • Best way to password protect a site? .htacess

    - by Mike Lawsom
    I created/edited a .htaccess file and I got my site password protected fine. Question though: Is there such thing as a URL key? Maybe I'm wording that incorrectly, but I would like to keep my site hidden, but be able to send out a specific URL that can view the site. What's the best way to accomplish this? Thanks in advance.

    Read the article

  • How to strengthen Mysql database server Security?

    - by i need help
    If we were to use server1 for all files (file server), server2 for mysql database (database server). In order for websites in server1 to access to the database in server2, isn't it needed to connect to to ip address of second (mysql server) ? In this case, is remote mysql connection. However, I seen from some people comment on the security issue. remote access to MySQL is not very secure. When your remote computer first connects to your MySQL database, the password is encrypted before being transmitted over the Internet. But after that, all data is passed as unencrypted "plain text". If someone was able to view your connection data (such as a "hacker" capturing data from an unencrypted WiFi connection you're using), that person would be able to view part or all of your database. So I just wondering ways to secure it? Allow remote mysql access from server1 by allowing the static ip adress allow remote access from server 1 by setting port allowed to connect to 3306 change 3306 to other port? Any advice?

    Read the article

  • How to make a custom template in WordPress work as a password protected page?

    - by KaOSoFt
    I'm building a page with a custom template. The thing is, I need this page to be password protected, or at least accessible to logged in users, but even if I set it as such (Private/Password protected) in the New Pages section in WordPress Administration, it won't display the menu entry nor the content (if Private) or it would show the page contents immediately (if Password protected). I've read somewhere that the_content() function is what makes this work, but as you can guess, my custom template doesn't use the_content() at all, and it's all based on custom content. Do you happen to know how can I (re)implement these two options?

    Read the article

  • Cookies not working for password-protected Pages on WordPress

    - by KaOSoFt
    Initially I had the issue reported in this question. Now, what I noticed is that there are some browsers that accept the password, and there are some which don't. Difference? For some reason the cookie is generated when I log in into the Administration module, but it isn't when I write down the password to access the page, forcing it to simply reload. I can see the cookie created for the log-in, but I can see none for the password-protected Page. These happens on Internet Explorer, both version 7 and 8; only on some machines, though, but most of them fail this. I already tried white-listing the URL, and even letting it accept ALL cookies, to no avail. What may be the cause? If perhaps it's got something to do with question above, please help me! Thanks in advance. PS: If you know of another, cookie-free method to make a simple authentication, please link me to it. Thanks. Oh, and by the way, this is inside an Intranet with static, class C IPs.

    Read the article

  • Making commercial Java software

    - by roddik
    Hi. I intend to make some software to be sold over internet. I've only created open-source before, so I have really no idea of how to protect it from being cracked and distributed as warez. Bearing in mind that I know like two programms that aren't either cracked or not really useful I decided that the only more or less reliable way may look like this: Connect to a server and provide licensing info and some sort of hardware summary info If everything is fine, the server returns some crucial missing parts of the program bound to that certain pc along with the usage limit of say 2 days That crucial stuff is not saved to hard drive, so it is downloaded every time the program starts, if the programm runs more than 2 days, data is downloaded again If the same info is used from different computers, suspend the customer account What do you think about this? It may seem a bit to restrictive, but I'd better make less sales at first then eventually see my precious killer app downloaded for free. Anyways, first I need some basic theory/tutorials/guides about how to ensure that user only uses a certain Java app if he has paid for it, so please suggest some. Thanks

    Read the article

  • Password protect web pages on Windows CE 6

    - by Chris
    I am using the default web server for WinCE 6 and wish to password protect certain folders. The default VROOT /remoteadmin/ is password protected, and this works but my configuration doesn't work. I have tried mimicking these settings on my own folders but to little success. Here is how one looks: In the HKLM\Comm\HTTPD\VROOTS key I have created a subkey called /web/configuration (this folder actually exists on the box). The following values are in this key A = 1 DefaultPage = config.html Path = /hard disk/webroot/web/configuration/ UserList = ADMIN This is nigh on identical to the settings in /RemoteAdmin/ but /RemoteAdmin/ requests a password and /web/configuration doesn't (even after reboot).

    Read the article

  • Why not use HTTPS for everything?

    - by Malfist
    If I was setting up a server, and had the SSL certificate(s), why wouldn't I use HTTPS for the entire site instead of just for purchases/logins? I would think it would make more sense just to encrypt the entire site, and protect the user entirely. It would prevent problems such as deciding what has to be secured because everything would be, and it's not really an inconvenience to the user. If I was already using an HTTPS for part of the site, why wouldn't I want to use it for the entire site?

    Read the article

  • .Net SQL Server Connection String - hide password from other developers

    - by Chris Klepeis
    We're migrating one of our sites to ASP.Net. We do not want to use integrated security, which uses the windows account to connect to sql server (not going to get into why, its just out of the question). We created a username and password to connect to SQL Server, and would like to use that username and password, however, we also do not want other developers to see this information (easily read from the web.config).... I know it can be encrypted, but it can just as easily be decrypted by the developers - plus encryption has a performance hit. Is there any solution to this problem?

    Read the article

  • Authentication system - Return information that have to change every time

    - by paulohr
    I have a application (made in Delphi) that contains a Authentication system (login & password). This system is in PHP, and the application get results from PHP using HTTP GET method. The system returns 'OK' if login and password are correct, and 'NO' if not correct. Like this... procedure Check; var x: string; begin x:=Get('www.mywebsite.com/auth.php?user=xxxxxx&pass=zzzzzz'); if x='OK' then UnlockFeatures else MessageBox(0,'You're not VIP','Error',0); end; Well, it works fine, but it is very easy to circumvent this system with sniffers, packet editor or proxy. So, I want to get some information (in PHP) that changes every time, and that could be possible get the same information by my application. What can I do? I don't need codes. Just tips, suggestions, please... Thanks...

    Read the article

  • break Folder Protection, Folder Guard Lock or Folder in Windows XP?

    - by SonyAdi
    when I'm making a new partition by the partition magic. Then all of a sudden power failure. Unfortunately because my computer is not equipped with UPS (Power supply Uniterruptible), my computer finally died, too. When power is restored, I tried to turn on the computer. Suddenly my computer can not boot normally into windows. Option through safemode and others all I've tried. The result fails, can not boot at all, into safe mode also can not. And I know the cause. Partition Magic did not finish the work and stopped in the middle of the road and cause the transfer of data files or stopped, finally file2 any default windows were destroyed as well. Unfortunately my important data I store in my document. Finally, I take my hard drive to a friend. Hopes to open a computer hard drive through friend, at least I could save my important data, and then I can install window again by reformatting my hard drive is first. I read the hard drive in explorer my friend, complete with their data, but the data of my important data in my document can not get to go because it requires administrator privileges or the original user's default start my windows (my computer) to open my document folder tersebut.Ini actually very similar to the work or Folder Protection Folder Guard. result I was disappointed and almost desperate to get back my important data is. how do i break Folder Protection, Folder Guard Lock or Folder in Windows XP?

    Read the article

  • SOLVED - 'srcDomainMulti' is not declared. It may be inaccessible due to its protection level

    When converting a project from C# to VB I ran into this compiler error which stopped me in my tracks for about 15 minutes. Just when I gave up and decided to rebuild the page by hand inspiration hit and I found my solution... The scenario I had just put the finishing touches to a domain whois tool and I was ready to convert it over to a VB project. I'm not a very strong VB.net coder but the project required the final deliverable in VB so I opted to make it all in C# first and then convert it over...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • SIMPLEST way to set up password protection for a static site, with basic admin UI?

    - by Joseph Turian
    I have a static site. I would like the simplest approach to password protecting a directory, with a basic admin UI for adding/removing users. I will have so few users that I don't care about performance. I don't care if it's PHP or Django or whatever, I just want a complete software package. Apache basic auth isn't good, because you can't log out. Nor is there a UI for adding users. I tried throwing everything behind Django auth and serving the files through Django. However, Chrome treats all my text/css headers as text/plain, so I don't get any stylesheets showing. I can't use mod_xsendfile on my server because I can't reconfigure Apache to add new modules. I think this approach is overkill anyway. I can try configuring Nginx's X-Accel-Redirect, however that requires implementing all the Django code for auth myself, and I'd prefer an existing solution. However, this is my backup plan. Is there a code package that implements authentication with basic admin for a static site?

    Read the article

  • Google Maps pour iOS pointé du doigt en Allemagne, l'application ne respecterait pas les lois sur la protection de la vie privée

    Apple pourrait refuser d'intégrer l'application Google Maps dans l'AppStore D'après Google, qui se dit « peu optimiste » Selon The Guardian, ce n'est pas de sitôt que l'application Google Maps fera son retour sur iOS. C'est en tout cas ce qu'aurait laissé entendre une source du journal britannique, un employé de Google proche de la division qui travaille sur ce projet. Cette source affirme que Google n'est « pas optimiste » sur l'attitude que va avoir Apple lors de la prochaine soumission de l'application sur l'AppStore. Pour mémoire, une des « nouveautés » d'iOS 6 a été ...

    Read the article

  • How to enable hotlink protection without hardcoding my domain in the Apache config file?

    - by Jeff
    Been surfing around for a solution for a couple days now. How do I enable Apache hotlink protection without hardcoding my domain in the config file so I can port the code to my other domains without having to update the config file every time? This is what I have so far: RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://www\.example\.com [NC] RewriteRule \.(gif|ico|jpe|jpeg|jpg|png)$ - [NC,F,L] ... And this is what Apache suggests: SetEnvIf Referer example\.com localreferer <FilesMatch \.(jpg|png|gif)$> Order deny,allow Deny from all Allow from env=localreferer </FilesMatch> ... both of which hardcode the domain in their rules. The closest I came to finding any info that covers this is right here on ServerFault, but the conclusion was that it cannot be done. Based on my research, that appears to be true, but I didn't find any questions or commentary dedicated soley to this question. If anyone's curious, here is the link to the Apache 2 docs that cover this topic. Note that Apache variables (e.g. %{HTTP_REFERER}) can only be used in the RewriteCond text-string and the RewriteRule substitution arguments.

    Read the article

  • Oracle MAA Part 1: When One Size Does Not Fit All

    - by JoeMeeks
    The good news is that Oracle Maximum Availability Architecture (MAA) best practices combined with Oracle Database 12c (see video) introduce first-in-the-industry database capabilities that truly make unplanned outages and planned maintenance transparent to users. The trouble with such good news is that Oracle’s enthusiasm in evangelizing its latest innovations may leave some to wonder if we’ve lost sight of the fact that not all database applications are created equal. Afterall, many databases don’t have the business requirements for high availability and data protection that require all of Oracle’s ‘stuff’. For many real world applications, a controlled amount of downtime and/or data loss is OK if it saves money and effort. Well, not to worry. Oracle knows that enterprises need solutions that address the full continuum of requirements for data protection and availability. Oracle MAA accomplishes this by defining four HA service level tiers: BRONZE, SILVER, GOLD and PLATINUM. The figure below shows the progression in service levels provided by each tier. Each tier uses a different MAA reference architecture to deploy the optimal set of Oracle HA capabilities that reliably achieve a given service level (SLA) at the lowest cost.  Each tier includes all of the capabilities of the previous tier and builds upon the architecture to handle an expanded fault domain. Bronze is appropriate for databases where simple restart or restore from backup is ‘HA enough’. Bronze is based upon a single instance Oracle Database with MAA best practices that use the many capabilities for data protection and HA included with every Oracle Enterprise Edition license. Oracle-optimized backups using Oracle Recovery Manager (RMAN) provide data protection and are used to restore availability should an outage prevent the database from being able to restart. Silver provides an additional level of HA for databases that require minimal or zero downtime in the event of database instance or server failure as well as many types of planned maintenance. Silver adds clustering technology - either Oracle RAC or RAC One Node. RMAN provides database-optimized backups to protect data and restore availability should an outage prevent the cluster from being able to restart. Gold raises the game substantially for business critical applications that can’t accept vulnerability to single points-of-failure. Gold adds database-aware replication technologies, Active Data Guard and Oracle GoldenGate, which synchronize one or more replicas of the production database to provide real time data protection and availability. Database-aware replication greatly increases HA and data protection beyond what is possible with storage replication technologies. It also reduces cost while improving return on investment by actively utilizing all replicas at all times. Platinum introduces all of the sexy new Oracle Database 12c capabilities that Oracle staff will gush over with great enthusiasm. These capabilities include Application Continuity for reliable replay of in-flight transactions that masks outages from users; Active Data Guard Far Sync for zero data loss protection at any distance; new Oracle GoldenGate enhancements for zero downtime upgrades and migrations; and Global Data Services for automated service management and workload balancing in replicated database environments. Each of these technologies requires additional effort to implement. But they deliver substantial value for your most critical applications where downtime and data loss are not an option. The MAA reference architectures are inherently designed to address conflicting realities. On one hand, not every application has the same objectives for availability and data protection – the Not One Size Fits All title of this blog post. On the other hand, standard infrastructure is an operational requirement and a business necessity in order to reduce complexity and cost. MAA reference architectures address both realities by providing a standard infrastructure optimized for Oracle Database that enables you to dial-in the level of HA appropriate for different service level requirements. This makes it simple to move a database from one HA tier to the next should business requirements change, or from one hardware platform to another – whether it’s your favorite non-Oracle vendor or an Oracle Engineered System. Please stay tuned for additional blog posts in this series that dive into the details of each MAA reference architecture. Meanwhile, more information on Oracle HA solutions and the Maximum Availability Architecture can be found at: Oracle Maximum Availability Architecture - Webcast Maximize Availability with Oracle Database 12c - Technical White Paper

    Read the article

  • Condition Error: Property is not declared. It may be inaccessible due to its protection level.

    - by Stoive
    I've have a workflow whose root activity is a custom NativeActivity with a public InArgument called XmlData. When I try and use this argument in a child If activity I get the following error using XmlData within the condition: 'XmlData' is not declared. It may be inaccessible due to its protection level I'm adding the argument inside CacheMetadata using the metadata.AddArgument method, and I've tried adding the child property it has using both AddChild and AddImplementationChild. If I replace my custom activity with an ActivityBuilder and use code to create a DynamicActivityProperty then the condition can be compiled successfully, so I don't see what I'm missing when I use my own code.

    Read the article

  • In Apache, how do I set up password protection?

    - by rphello101
    I'm attempting to set up a server using Apache. In the conf file, I inserted the code: <Directory /> Options FollowSymLinks AllowOverride AuthConfig AuthType Basic AuthName "Restricted Files" AuthBasicProvider file AuthUserFile C:\...\serverpass.txt Require user Admin </Directory> In order to try and get Apache to require a password. I created the username and password with htpasswd -c. When I got to localhost though, it doesn't prompt me for a username and password?

    Read the article

< Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >