Search Results

Search found 14771 results on 591 pages for 'security policy'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 166/591 | < Previous Page | 162 163 164 165 166 167 168 169 170 171 172 173  | Next Page >

  • question about pcap

    - by scatman
    hi, i have to do a sniffer as an assignment for the security course. i am using c and the pcap library. i got everything working well (since i got a code from the internet and changed it). but i have some questions about the code. u_int ip_len = (ih->ver_ihl & 0xf) * 4; ih is of type ip_header, and its currently pointing the to ip header in the packet. ver_ihl gives the version of the ip i can't figure out what is: & 0xf) * 4; any help?

    Read the article

  • Passing Certificate to Svcutil to generate proxy for OSB Service

    - by webwires
    We are wanting to implement Two-Way SSL security from WCF to OSB Services. We have successfully deployed the certificates so that when you browse to the service with IE you get the appropriate prompt for certificate and then it takes you immediately to the WSDL. But, when you attempt to generate a proxy using svcutil as defined in steps 8 and 9 in this MSDN article. http://msdn.microsoft.com/en-us/library/cc949005.aspx I get the error: A reply message was received for operation 'Get' with action 'http://schemas.xmlsoap.org/ws/2004/09/transfer/Get'. However, your client code requires action 'http://schemas.xmlsoap.org/ws/2004/09/transfer/GetResponse'. The OSB services are set to use Soap 1.2 and the svcutil.exe.config we use is identicle to the article except for the findValue and x509FindType. Instead we used the FindByThumbprint pointing to the "My" store name and "CurrentUser" store location. The cert is there and is the same cert we select from the IE prompt.

    Read the article

  • Is there anyway to make a Rails / Rack application tell the web server to drop the connection

    - by dasil003
    There are many security reasons why one would want to drop an HTTP connection with no response (eg. OWASP's SSL best practices). When these can be detected at the server level then it's no big deal. However, what if you can only detect this condition at the application level? Does Rails, or more generally Rack, have any standard way of telling the server to drop the connection without a response? If not, are there some standard headers to pass in that will accomplish that in common web servers (I'm thinking Nginx or Apache)? Even if there is not a standard header is there a reasonable way to configure that behavior? Is this a fool's errand?

    Read the article

  • "Invalid Postback or callback argument" on modifying the DropDownList on the client side

    - by gnomixa
    I know why it's happening and i turned the validation on the page level, but is there a way to turn it off on the control level? "Invalid Postback or callback argument . Event validation is enabled using in configuration or <%@ Page EnableEventValidation="true" %in a page. For security purposes, this feature verifies that arguments to Postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the Postback or callback data for validation."

    Read the article

  • Cannot install Apache Web Server on Ubuntu, Amazon WS

    - by Eugene Retunsky
    I enter command apt-get install apache2 --fix-missing (under the root user) and this is what I receive: Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap ssl-cert Suggested packages: apache2-doc apache2-suexec apache2-suexec-custom openssl-blacklist The following NEW packages will be installed: apache2 apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap ssl-cert 0 upgraded, 10 newly installed, 0 to remove and 36 not upgraded. Need to get 2,945 kB/3,141 kB of archives. After this operation, 10.4 MB of additional disk space will be used. Do you want to continue [Y/n]? y Err http://us-west-1.ec2.archive.ubuntu.com/ubuntu/ oneiric-updates/main apache2.2-bin i386 2.2.20-1ubuntu1.1 404 Not Found [IP: 10.161.51.124 80] Err http://security.ubuntu.com/ubuntu/ oneiric-security/main apache2.2-bin i386 2.2.20-1ubuntu1.1 404 Not Found [IP: 91.189.92.167 80] Err http://security.ubuntu.com/ubuntu/ oneiric-security/main apache2-utils i386 2.2.20-1ubuntu1.1 404 Not Found [IP: 91.189.92.167 80] Err http://security.ubuntu.com/ubuntu/ oneiric-security/main apache2.2-common i386 2.2.20-1ubuntu1.1 404 Not Found [IP: 91.189.92.167 80] Err http://security.ubuntu.com/ubuntu/ oneiric-security/main apache2-mpm-worker i386 2.2.20-1ubuntu1.1 404 Not Found [IP: 91.189.92.167 80] Err http://security.ubuntu.com/ubuntu/ oneiric-security/main apache2 i386 2.2.20-1ubuntu1.1 404 Not Found [IP: 91.189.92.167 80] Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.20-1ubuntu1.1_i386.deb 404 Not Found [IP: 91.189.92.167 80] Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.20-1ubuntu1.1_i386.deb 404 Not Found [IP: 91.189.92.167 80] Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.20-1ubuntu1.1_i386.deb 404 Not Found [IP: 91.189.92.167 80] Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.20-1ubuntu1.1_i386.deb 404 Not Found [IP: 91.189.92.167 80] Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.20-1ubuntu1.1_i386.deb 404 Not Found [IP: 91.189.92.167 80] Unable to correct missing packages. E: Aborting install. Any help is appreciated.

    Read the article

  • errorCode=003001; statusCode=403; source=Throttling Policy

    - by ihoka
    Lately, in our app using IPP data services, we have encountered these errors from time to time. <RestResponse xmlns="http://www.intuit.com/sb/cdm/v2"> <Error RequestId="49f7926a9aa84cfc8289534801dee72d"> <RequestName>ErrorRequest</RequestName> <ProcessedTime>2012-12-07T10:10:59+00:00</ProcessedTime> <ErrorCode>3001</ErrorCode> <ErrorDesc>message=This client has made too many consecutive requests over too short a period of time. Please wait a short amount of time before attempting to submit again; errorCode=003001; statusCode=403; source=Throttling Policy</ErrorDesc> </Error> </RestResponse> Can't find any reference to a "Throttling Policy" or error code "3001" anywhere in the IPP documentation. Any help is appreciated.

    Read the article

  • Tools to test softwares against any attacks for programmers ?

    - by berkay
    in these days, i'm interested in software security. As i'm reading papers i see that there are many attacks and researchers are trying to invent new methods for softwares to get more secure systems. this question can be a general including all types of attacks.There are many experienced programmers in SO, i just want to learn what are using to check your code against these attacks ? Is there any tools you use or you don't care ? For example i heard about,static,dynamic code analysis, fuzz testing. SQL injection attacks Cross Site Scripting Bufferoverflow attacks Logic errors Any kind of Malwares Covert Channels ... ... thanks

    Read the article

  • Need advice to design 'crack-proof' software

    - by alee
    I am currently working on a project where i need to create some architecture, framework or any standards by which i can "at least" increase the cracking method for a software, i.e, to add to software security. There are already different ways to activate a software which includes online activation, keys etc. I am currently studying few research papers as well. But there are still lot of things that i want to discuss. Could someone guide me to some decent forum, mailing list or something like that? or any other help would be appreciated.

    Read the article

  • Web Services: Secure? Asp.net

    - by Jacques
    Hey there, Something I can't wrap my head around is how secure web services are. For example we're writing a desktop application that will interact with data on one of our websites as well as local data. This data is sensitive though and the last thing we want is anybody calling the web services. I've not yet found anything that says web services has some kind of authentication methods and the only security I've seen people talk about is using certificates to encrypt the message. I'm no guru on this and would appreciate anyone's input and perhaps a link to somewhere that will explain this in simple terms. Thanks Jacques

    Read the article

  • Crossdomain file edit

    - by Misiur
    Hi there. I need to know, where from is my script used (it's for sale, and i don't want any thiefs). I want to write on my server in file, IP of user, domain where from script has been runned, date, etc. I've tried fopen, fwrite, but is_file_writable returned that it isn't. File CHmods are 777, it parent catalog has too 777 chmods. Now i'm trying something like that: <?php $file = 'http://www.misiur.com/security/seal.txt'; $data = date("Y-m-d H:i:s"); $ip = $_SERVER['REMOTE_ADDR']; $svr = $_SERVER['SERVER_NAME']; $str = "[$data] Loaded by $ip at $svr\r\n"; $current = file_get_contents($file); $current .= $str; file_put_contents($file, $current); ?> However - nothing happens. What i've got to do?

    Read the article

  • How dangerous can javascript be?

    - by CrazyJugglerDrummer
    I have recently started using noscript (in addition to ABP). It took a little while to get used to it and can occasionally require some clicking when visiting a new site to investigate why the site's not working and where I need to allow javascript from. Is the extra security worth it? Some of the controversy is discussed here. I suppose it boils down to a matter of whether javascript is a genuine threat to your computer or not. Any thoughts on this?

    Read the article

  • How dangerous can javascript be? (is noscript worth the trouble)?

    - by CrazyJugglerDrummer
    I have recently started using noscript (in addition to ABP). It took a little while to get used to it and can occasionally require some clicking when visiting a new site to investigate why the site's not working and where I need to allow javascript from. Is the extra security worth it? Some of the controversy is discussed here. I suppose it boils down to a matter of whether javascript is a genuine threat to your computer or not. Any thoughts on this?

    Read the article

  • How to create Encryption Key for Encryption Algorithms?

    - by Akash Kava
    I want to use encryption algorithm available in .Net Security namespace, however I am trying to understand how to generate the key, for example AES algorithm needs 256 bits, that 16 bytes key, and some initialization vector, which is also few bytes. Can I use any combination of values in my Key and IV? e.g. all zeros in Key and IV are valid or not? I know the detail of algorithm which does lots of xors, so zero wont serve any good, but are there any restrictions by these algorithms? Or Do I have to generate the key using some program and save it permanently somewhere?

    Read the article

  • Is Rails default CSRF protection insecure

    - by schickb
    By default the form post CSRF protection in Rails creates an authenticity token for a user that only changes when the user's session changes. One of our customers did a security audit of our site and flagged that as an issue. The auditor's statement was that if we also had a XSS vulnerability that an attacker could grab another user's authenticity token and make use of it for CSRF attacks until the user's session expired. But is seems to me that if we had an XSS vulnerability like that an attacker could just as easily grab another user's session cookie and login as that user directly. Or even just make call to our REST Api as the user being attacked. No secondary CSRF attack needed. Have I missed something? Is there a real problem with the default CSRF protection in Rails?

    Read the article

  • LocalUser access for WCF hosted in IIS

    - by Eugarps
    I have tried every combination to allow unauthenticated access to WCF as in "LocalUser" accounts, in IIS without success. Here is what I've most recently tried: wsHttpBinding with Message security and mode set to "None". IIS anonymous access enabled, all others disabled, folder level access at default (but granted read access to "Users" which is all users in our domain). I understand I may not have provided enough information to solve the issue, but perhaps somebody can point me in the right direction - is this likely to be a IIS configuration issue or a WCF configuration issue... if WCF, is it likely to be a client level or server level issue? The error I get when attempting to access here is "User is not authenticated". We have ASMX services in the domain which are behaving properly, I am the first developer using WCF here.

    Read the article

  • Flash not interacting with Javascripts in browser inside my app

    - by Shivaprasad
    Hi , I have an application which embeds a xulrunner based browser. I have to load some flash content in it which talks to some javascripts to update the browser title. The flash content works fine when launched from Firefox but not inside my app. I tried a sample html file which has some javascripts and they work fine. It even works when I have the flash content on a server. It is only when I try to run js through flash present on my local machine that I see this problem. I guess it must have something to do with some security settings in xulrunner. Could somebody help me figure out what the problem might be? Thanks jbsp72

    Read the article

  • How to manually query LDAP through Acegi's beans?

    - by Veggen Skrikk
    I have an application using Acegi (earlier version of Spring Security) and LDAP for logins. Now, a specific scenario requires me to discover user's LDAP groups at arbitrary time (not at login time). Is it possible to use already set up Acegi to handle this situation? I'm thinking of using the configured LdapAuthProvider (or LdapAuthPopulator or whatever's appropriate) to get all the groups associated with a given username. Is this possible? If yes, please, please, give some hints how it should be done...

    Read the article

  • Verify my form workflow

    - by Shackrock
    I have a form, with some sensitive info (CC numbers). My work flow is: One page to take all form items Upon submission, values are validated. If all is well, all data is stored in a session variable, and the page reloads and displays this info from the session variable. If everything is ok on the review page, the user clicks submit and the session variable is sent to another form for processing (sending payment). Upon success, the session is destroyed. Upon failure (bad CC number, for example) - the user is sent back to the form, with all of the fields filled in just like before, so that they can check for errors and try again (session is NOT destroyed). Does anyone see anything wrong with this, from a security or best practices stand point? UPDATE I'm thinking I can get rid of a step - storing the info in a session EVER. Just have a one page checkout, no review page... makes sense.

    Read the article

  • Centralized Credentials Service For Various Apps

    - by Vlad
    We are researching the possibility to build a centralized credentials storage for internal applications. These apps (vb6, vb.net, web apps in asp.net, etc) are using various instances of SQL servers and iSeries. We want to implement a central credentials facility that would act as a security broker. Basically it should work like this: Client app supplies AppID (I am Sales Application) and EnvironmentID (I am running in QA environment) and in return will get either a connection object (preferred) or encrypted connection string that will allow said application to connect to resources it needs. There will be cases when application needs to connect to two (or more) database resources (i.e. to SQL and iSeries). What are looking at DP API at the moment, but I am not convinced that DP API is the solution as it tied in with machine key. In our case using machine key isn't feasible, so I want to know if there are other approaches available.

    Read the article

  • Saving data to server with user accounts.

    - by AKRamkumar
    Ok, so for an app I am making, I want the user to be able to save data online. On my website, I will provide a web server with tables of UserName/Password/SaveData. How can I do this without crashing the server load? How can I guarantee security ? Is there a Design Pattern for this?Is there a better way of doing this? This is going to be a free application, available to the public and I would like for their settings to be available, no matter the computer they are using. Is there a better way of doing this? I am using MEF for plugins so is there a way I can save plugin data as well?

    Read the article

  • Ipad, closed environment and threat to privacy

    - by Akshay Bhat
    I had an unusual question about ipad, Since ipad environment is closed and does not allows installation of diagnostic and security related programs. How can then we be sure that any of the software installed on ipad is not infringing upon our privacy by doing stuff such as homing back information, etc. We cant install a packet tracer or any other software to check for attacks on privacy. Also given Apples poor track record (the safari browser was broken in one day), I don't think trusting apple solely would be a good idea. This might not seem to be a big issue but for business users it would be a significant concern.

    Read the article

  • Roles / Permissions framework for c#?

    - by mark smith
    Hi there, Does anyone know of a good framework to allow me design permission and roles against users. Basically allowing me to automatically check a user can do a certain thing, and then disabling or enabling menu items etc I am not really looking for asp.net security ... as i need to use it in my own service layer and clients both WEB and WPF will use it. I was hoping for something that allows me to create new roles and groups against users and then check what type of permissions a user has or a group has Any help really appreciated.. I am sure some kind of open source framework is available, well i was hoping not having to create my own Thanks

    Read the article

  • Potential for SQL injection here?

    - by Matt Greer
    This may be a really dumb question but I figure why not... I am using RIA Services with Entity Framework as the back end. I have some places in my app where I accept user input and directly ask RIA Services (and in turn EF and in turn my database) questions using their data. Do any of these layers help prevent security issues or should I scrub my data myself? For example, whenever a new user registers with the app, I call this method: [Query] public IEnumerable<EmailVerificationResult> VerifyUserWithEmailToken(string token) { using (UserService userService = new UserService()) { // token came straight from the user, am I in trouble here passing it directly into // my DomainService, should I verify the data here (or in UserService)? User user = userService.GetUserByEmailVerificationToken(token); ... } } (and whether I should be rolling my own user verification system is another issue altogether, we are in the process of adopting MS's membership framework. I'm more interested in sql injection and RIA services in general)

    Read the article

  • Windows secure pinned website tile

    - by Stijn de Voogd
    I'm currently working on a pinned website tile for my website and instead of using a static XML file i'm linking the tile to a web api that returns user specific XML. My question is: Is it possible to secure this tile so that a user needs to be logged in before the data loads? The pinned website livetile doesn't send any security request headers/ cookies: - Http: Request, GET /v1/livetile/firsttile Command: GET + URI: /v1/livetile/firsttile ProtocolVersion: HTTP/1.1 UserAgent: Microsoft-WNS/6.3 Host: 192.168.14.109:2089 Cache-Control: no-cache HeaderEnd: CRLF Sidenote: Notice how it's not even sending an accept header even though it only wants xml. Info: http://msdn.microsoft.com/en-US/library/ie/dn455106 http://msdn.microsoft.com/en-us/library/ie/hh761491.aspx# Thanks in advance!

    Read the article

  • Grails LDAP authentication failed

    - by Leo
    Hi, guys I am developing a web app by using Grails and using Grails LDAP as my Authentication mechanism. However, i always get following error: {Error 500: Cannot pass null or empty values to constructor Servlet: default URI: /ldap-app/j_spring_security_check Exception Message: Cannot pass null or empty values to constructor Caused by: Cannot pass null or empty values to constructor Class: GrailsAuthenticationProcessingFilter } My SecurityConfig.groovy file is : security { // see DefaultSecurityConfig.groovy for all settable/overridable properties active = true loginUserDomainClass = "User" authorityDomainClass = "Role" requestMapClass = "Requestmap" useLdap = true ldapRetrieveDatabaseRoles = false ldapRetrieveGroupRoles = false ldapServer = 'ldap://worf-mi.dapc.kao.au:389' ldapManagerDn = 'CN=sa-ldap-its,OU=Unix Servers for Kerberos,OU=Information Technology Services,OU=Special Accounts,DC=nexus,DC=dpac,DC=cn' ldapManagerPassword = 'Asdf1234' ldapSearchBase = 'OU=People,DC=nexus,DC=dpac,DC=cn' ldapSearchFilter = '(&(cn={0})(objectClass=user))' }

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 162 163 164 165 166 167 168 169 170 171 172 173  | Next Page >