Search Results

Search found 15441 results on 618 pages for 'ssl security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 170/618 | < Previous Page | 166 167 168 169 170 171 172 173 174 175 176 177  | Next Page >

  • How to secure a WCF service using NetNamedPipesBinding so that it can only be called by the current

    - by Samuel Jack
    I'm using a WCF service with the NetNamedPipesBinding to communicate between two AppDomains in my process. How do I secure the service so that it is not accessible to other users on the same machine? I have already taken the precaution of using a GUID in the Endpoint Address, so there's a little security through obscurity, but I'm looking for a way of locking the service down using ACL or something similar.

    Read the article

  • Passing Certificate to Svcutil to generate proxy for OSB Service

    - by webwires
    We are wanting to implement Two-Way SSL security from WCF to OSB Services. We have successfully deployed the certificates so that when you browse to the service with IE you get the appropriate prompt for certificate and then it takes you immediately to the WSDL. But, when you attempt to generate a proxy using svcutil as defined in steps 8 and 9 in this MSDN article. http://msdn.microsoft.com/en-us/library/cc949005.aspx I get the error: A reply message was received for operation 'Get' with action 'http://schemas.xmlsoap.org/ws/2004/09/transfer/Get'. However, your client code requires action 'http://schemas.xmlsoap.org/ws/2004/09/transfer/GetResponse'. The OSB services are set to use Soap 1.2 and the svcutil.exe.config we use is identicle to the article except for the findValue and x509FindType. Instead we used the FindByThumbprint pointing to the "My" store name and "CurrentUser" store location. The cert is there and is the same cert we select from the IE prompt.

    Read the article

  • How to grant AllPermission to not extracted war file in tomcat

    - by André
    Hello, I'm developing a web application and have created a war file. If I deploy it to my tomcat server, it is used without being unpacked (which is the setting I want to have for this server). For unpacked web apps I have a policy file to grant AllPermission to my application grant codeBase "file:${catalina.base}/webapps/tc/-" { permission java.security.AllPermission; }; But what has the codeBase to be for unpacked war files? Thanks, André

    Read the article

  • Penetration testing tools

    - by Shoban
    We have 100s of websites which were developed in asp, .net and java... and we are paying lot of money for an external agency to do a penetration testing for our sites to check for security loop holes. Are there any (good) software (paid or free) to do this? or.. are there any tehnical articles which can help me develop this tool.

    Read the article

  • Is there anyway to make a Rails / Rack application tell the web server to drop the connection

    - by dasil003
    There are many security reasons why one would want to drop an HTTP connection with no response (eg. OWASP's SSL best practices). When these can be detected at the server level then it's no big deal. However, what if you can only detect this condition at the application level? Does Rails, or more generally Rack, have any standard way of telling the server to drop the connection without a response? If not, are there some standard headers to pass in that will accomplish that in common web servers (I'm thinking Nginx or Apache)? Even if there is not a standard header is there a reasonable way to configure that behavior? Is this a fool's errand?

    Read the article

  • Is it possible for double-escaping to cause harm to the DB?

    - by waiwai933
    If I accidentally double escape a string, can the DB be harmed? For the purposes of this question, let's say I'm not using parametrized queries For example, let's say I get the following input: bob's bike And I escape that: bob\'s bike But my code is horrible, and escapes it again: bob\\\'s bike Now, if I insert that into a DB, the value in the DB will be bob\'s bike Which, while is not what I want, won't harm the DB. Is it possible for any input that's double escaped to do something malicious to the DB assuming that I take all other necessary security precautions?

    Read the article

  • Important Question, Please give response if u have any idea....

    - by Sumit Kr Singh
    Hi i an developing an iphone application, it is basically a security application based on "Thief Buster"(available on Appstore URL: http://itunes.apple.com/app/thief-buster-antitheft-alarm/id327463179?mt=8# ) my problem is: * Volume Control Blocking * Automatic application restart Please provide the application logic to resolve the problem. Thanks in advance..

    Read the article

  • why jsessionid is appended to each url?

    - by sword101
    greetings all i am deploying an app using spring framework on the apache tomcat when running the application from the tomcat directly,there's no jsessionid appended to any url at all but after mapping the application to the domain,and trying to run it i got a jsessionid appended to each url in the application,i tried the spring security attribute disable-url-rewriting but it doesn't work,it removes the jsessionid from the url but the application doesn't work no more,the user cannot login. so i guess it's another problem,any ideas why this happens,how to solve it? thanks.

    Read the article

  • URLScan and percent signs

    - by Hobbes
    So I just ran into a stupid problem in which users could not download files that had a percent sign in it. It wound up being URLScan. I had to un-set two things in urlscan.ini: 1) Set VerifyNormalization to 0 (disabled) 2) Remove the percent sign from the "DenyUrlSequences" section Do an iisreset, and it problem solved. But the big question is: How much of a security risk is this?

    Read the article

  • MD5 hash with salt for keeping password in DB in C#

    - by abatishchev
    Could you please advise me some easy algorithm for hashing user password by MD5, but with salt for increasing reliability. Now I have this one: private static string GenerateHash(string value) { var data = System.Text.Encoding.ASCII.GetBytes(value); data = System.Security.Cryptography.MD5.Create().ComputeHash(data); return Convert.ToBase64String(data); }

    Read the article

  • How can I provide an ASP.NET Forms Authentication UX while using Active Directory Role and Authentic

    - by Nate Bross
    Is it possible to use this Role Provider AspNetWindowsTokenRoleProvider with ASP.NET FORMS Authentication (via this MembershipProvider System.Web.Security.ActiveDirectoryMembershipProvider)? It seems to only work with <authentication mode="Windows">, is it possible to use it with FORMS? background -- The objective here is to provide an ASP.NET Forms UX while using Active Directory as the back-end authentication system. If there is another, easy way to do this using built-in technologies, that's great and I'd like to hear about that as well.

    Read the article

  • prevent generating new jsessionid?

    - by mr.lost
    greetings all my application uses spring framework,spring security 3.0.2 we use apache tomcat as app server the problem is that with each new request to the application a new jsessionid is generated and a new session is created so the user is logged out and that's weird,why generating new jsessionid,how to stop that? i reviewed the code,nothing is creating a new session? is it a framework problem or app server problem or what? your help is very appreciated. thank you.

    Read the article

  • Problem making local copy of a webpage

    - by Claudiu
    I want to run this chrome experiment locally. I copied the .html and .js files, along with the two .jpgs that the demo uses. However, when I run it off my local drive, Chrome gives this error: light.js:89 - Uncaught Error: SECURITY_ERR: DOM Exception 18 Line 89 returns the image data from the canvas after drawing the image to it. What's causing this security exception? It seems to not be Chrome-specific, as Firefox gives the same error.

    Read the article

  • Change Browser settings by script

    - by jAndy
    Hi Folks, Afaik, you can change/manipulate browser settings in Mozilla/Netscape browsers. For Instance "netscape.security.PrivilegeManager.enablePrivilege('someprivilege');" Of course the user gets informed about that and needs to verify the action. My question is, do other browser have similar functionality? IE, Safari/Chrome ? Kind Regards --Andy

    Read the article

  • best way to escape and create a slug

    - by Mac Taylor
    hey guys im somehow confused in using proper functions to escape and create a slug i used this : $slug_title = mysql_real_escape_string()($mtitle); but someone told me not to use it and use urlencode() which one is better for slugs and security as i can see in SO , it inserts - between words : http://stackoverflow.com/questions/941270/validating-a-slug-in-django thanx in advanced

    Read the article

  • ASP.NET ascx.cs via GET

    - by Heavy Bytes
    Say I have this url: http://site.example/dir/ In this folder I have these files: test.ascx.cs and test.ascx Just to be clear, I am not a .NET developer. From a security point of view - why can't I access http://site.example/dir/test.ascx.cs and how secure is it to keep those files there? I assume IIS filters out request that query these kind of files, but can someone explain me this? Thank you.

    Read the article

  • Process limit for user in Linux

    - by BrainCore
    This is the standard question, "How do I set a process limit for a user account in Linux to prevent fork-bombing," with an additional twist. The running program originates as a root-owned Python process, which then setuids/setgids itself as a regular user. As far as I know, at this point, any limits set in /etc/security/limits.conf do not apply; the setuid-ed process may now fork bomb. Any ideas how to prevent this?

    Read the article

  • To HTMLENCODE or not to HTMLENCODE user input on web form (asp.net vb)

    - by Phil
    I have many params making up an insert form for example: x.Parameters.AddWithValue("@city", City.Text) I had a failed xss attack on the site this morning, so I am trying to beef up security measures anyway.... Should I be adding my input params like this? x.Parameters.AddWithValue("@city", HttpUtility.HtmlEncode(City.Text)) Is there anything else I should consider to avoid attacks? Thanks

    Read the article

  • C++ Professional Code Analysis Tools

    - by Voulnet
    Hello there, I would like to ask about the available (free or not) Static and Dynamic code analysis tools that can be used to C++ applications ESPECIALLY COM and ActiveX. I am currently using Visual Studio's /analyze compiler option, which is good and all but I still feel there is lots of analysis to be done. I'm talking about a C++ application where memory management and code security is of utmost importance.

    Read the article

  • Solr Multicore Admin Problem

    - by Daniel M
    Im trying to add a url based security constraint to solr deployed in websphere 6.1. If I specify the core name in the url of the constraint then the admin url for that core gives a 404. Has anyone had any success with this or any suggestions? Cheers

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 166 167 168 169 170 171 172 173 174 175 176 177  | Next Page >