Search Results

Search found 13222 results on 529 pages for 'security gate'.

Page 174/529 | < Previous Page | 170 171 172 173 174 175 176 177 178 179 180 181  | Next Page >

• How do I prevent SQL injection with ColdFusion

  - by Daniel A. White

  How do I prevent SQL injection when it comes to ColdFusion? I'm quite new to the language/framework. Here is my example query. <cfquery name="rsRecord" datasource="DataSource"> SELECT * FROM Table WHERE id = #url.id# </cfquery> I see passing in url.id as a risk.

  Read the article

• Backdoor Strategy- opinion needed.

  - by the Hampster

  I'm creating an application to track publications and grants for a university. Professors will need to put they CV into the system when it is up and running. Yeah, right. The person in charge is planning on hiring someone to input all of the information, but my questions is how? The strategy I'm thinking of is to install a backdoor. The lucky undergrad can log in as any professor using the backdoor. Once all the data is removed, the backdoor can be removed. Doing so would probably be as simple as editing out a comment in the config file. The IT guys would still have access, but since they control the machines, they would have access anyway. Are there any flaws to this strategy?

  Read the article

• Is this safe on a production server?

  - by Camran

  I have a database application (or search engine) which is called Solr. I connect to it via port 8983. I do this from php code, so I add and remove records from it via php. On my server I have a firewall. I have set this firewall to only allow connections to and from this port (8983) from the ip adress of my own server. In other words, only allow servers IP to access this port. Is that safe? Or am I thinking all wrong here? Will others be able to "simulate" my ip adress and act as the server? This is because otherwise others may add/remove records as they want from their own ip adresses... Thanks

  Read the article

• How can we store password other than plain text?

  - by Eric

  I've found numerous posts on stackoverflow on how to store user passwords. However, I need to know what is the best way to store a password that my application needs to communicate with another application via the web? Currently, our web app needs to transmit data to a remote website. To upload the data, our web app reads the password from a text file and creates the header with payloads and submits via https. This password in plain text on the file system is the issue. Is there any way to store the password more securely? Thanks!

  Read the article

• How to determine if a directory path was SUBST'd

  - by petejamd

  Trying to figure out if a file is in a folder that has been subst'd or is located in a user folder using C#

  Read the article

• is it possible to stop an automated request from particular ip

  - by ramesh

  i am getting automated request from some ips i have blocked the ip now its coming from some other ip..is it possible to detect the automated request ...and block the ip programtically thanks..

  Read the article

• Nasty things user supplied ruby code in server can do

  - by nijikunai

  I'd like to run user supplied ruby code in server, what are the potentially nasty things that can happen? I mean things like deleting files etc. Can you give me more examples? Thanks in advance!

  Read the article

• REST authentication S3 like hmac sha1 signature vs symetric data encryption.

  - by coulix

  Hello stackers, I was arguing about an S3 like aproach using authorization hash with a secret key as the seed and some data on the request as the message signed with hmac sha1 (Amazon S3 way) vs an other developer supporting symetric encryption of the data with a secret key known by the emiter and the server. What are the advantage of using signed data with hmac sha1 vs symetric key other than the fact that with the former, we do not need to encrypt the username or password. What would be the hardest to break ? symetric encryption or sha1 hashing at la S3 ? If all big players are using oauth and similar without symetric key it is sure that there are obvious advantages, what are those ?

  Read the article

• Website monitoring with email alerts on file changed (hack detection)

  - by Scott B

  With the current issues with Network Solutions sites being hacked, I'm in need of a tool (preferably freeware) that I can install into my site and it will email me the second a file change/update occurs. Any recommendations welcome :) This site is on a shared server hosting package.

  Read the article

• user access management in j2ee web application

  - by kawtousse

  Hi everyone, I am working with jsp/servlet project and i have to complete the module of access management to my jsps since I have more than one user with different profile. I defined a table in my database wich resume the profil and the url permitted like that: id_profil :1 url : http://localhost/...xyz.jsp id page 1 Now I am trying to let the menu modified appropriately to the id_profil of the logged user. So there are pages allowed in one profile but must be hidden to others. I have no idea since now how to realize this and it is so important for me. thanks for your help.

  Read the article

• Authenticate User manually

  - by Sergey

  I am trying to authenticate the user after I got credentials using oAuth (with Twitter if that makes a difference). As far as I could understand it, I can directly put the Authentication object into SecurityContextHolder. Here is how I do it: Authentication auth = new TwitterOAuthAuthentication(member, userDetailsService.loadUserByUsername(member.getUsername()).getAuthorities()); SecurityContextHolder.getContext().setAuthentication(auth); This for some reason does absolutely nothing. What am I missing and what should I do to accomplish what need?

  Read the article

• Safari - showing expired .NET Page

  - by Hidayath

  We have a strange problem in Safari. When the user logs out of our Web Application we expire the forms authentication with the following FormsAuthentication.SignOut(); Session.Abandon(); This works fine in IE and Firefox (when the user hits the back button they are presented with a page expired message and are forced to login) but in Safari the last page the user was working on shows up. I tried many of the suggested thinks like setting the Response.Expires but nothing helps , Has anyone faced this problem ? Do u have any suggestion / workarounds ? Thanks

  Read the article

• How to play music on site preventing direct file download

  - by Hugo Palma

  I'm starting a blog with a hosted wordpress instance and i would like to be able to stream music using a flash player on some posts. The problem is that every player i find uses a simple param to get the file url which makes it very easy for someone to find that url and just download the file. A server side solution can be implemented as i have full access to the server.

  Read the article

• String encryption only with numbers?

  - by HH

  Suppose your bank clerk gives you an arbitrary password such as hel34/hjal0@# and you cannot remember it without writing it to a paper. Dilemma: you never write passwords to paper. So you try to invent an encryption, one-to-one map, where you write only a key to a paper, only numbers, and leave the rest junk to your server. Of course, the password can consist of arbitrary things. Implemention should work like hel34/hjal0#@ ---- magic ----> 3442 and to other way: 3442 ---- server magic ---> hel34/hjal0#@ [Update] mvds has the correct idea, to change the base, how would you implement it?

  Read the article

• PAC with kerberoes

  - by Varun

  I am currently working on kerberoes, and for now have this doubt on PAC in MS-KILE kerberoes extension. Can pac included in pactype strcuture withtin authorization data, is meant for client to decrypt and decode. It seems (if my understanding is correct), that PAC is encrypted with target server's encryption key, which is known only to kdc and target server, and therefore, client just needs to forward that to server when requesting a service, and isn't suppose to decrypt and extract details about its credentails. Is there a way to try to decrypt this on the fly? ( is there sufficient information available in AS-REP for me extract and decrypt this?

  Read the article

• Read/Write versus Create/Read/Update/Delete permissions difference

  - by archmeta

  From a practical standpoint, is there any real-world difference between Read/Write permissions and Create/Read/Update/Delete permissions? It would seem that if a user had the ability to 'create', he should always have the ability to 'update' or 'delete'? If this is correct, then read/write should always be sufficient, and there is no need to store separate Create/Read/Update/Delete permissions? Are there any real-world use cases in which a user should be given permissions to create but not update, or update but not delete, etc...?

  Read the article

• How to hash and salt passwords

  - by Henrik Skogmo

  I realize that this topic have been brought up sometimes, but I find myself not entirely sure on the topic just yet. What I am wondering about how do you salt a hash and work with the salted hash? If the password is encrypted with a random generated salt, how can the we verify it when the user tries to authenticate? Do we need to store the generated hash in our database as well? Is there any specific way the salt preferably should be generated? Which encryption method is favored to be used? From what I hear sha256 is quite alright. And lastly, would it be an idea to have the hash "re-salted" when the user authenticates? Thank you!

  Read the article

• MVC Serve audio files while preventing direct linking using HttpResponseBase

  - by VinceGeek

  I need to be able to serve audio files to an mvc app while preventing direct access. Ideally the page would render with a player control so the user can start/stop the audio linked to the database record (audio files are in a folder not the db). I have a controller action like this: Response.Clear(); Response.ContentType = "audio/wav"; Response.TransmitFile(audioFilename); Response.End(); return Response; and the view uses the RenderAction method <% Html.RenderAction("ServeAudioFile"); %> this works but it won't display inline on the existing view, it opens a new page with just the media control. Am I totally barking up the wrong tree or is there a way to embed the response in the existing view? works exactly as I would like but I can't control access to the file.

  Read the article

• How to sanitize this particular mysql query ?

  - by justjoe

  i got this SQL query where post_title taken from $_GET $sql = "SELECT ID FROM $wpdb-posts WHERE $wpdb-posts.post_title = '5-desain-web-colourful'"; What is the best way to sanitize this and make it more safe ?

  Read the article

• Session Fixation in ASP.NET

  - by AJM

  I'm wondering how to prevent Session fixation in ASP.NET My approach would to this would normally be to generate and issue a new session id whenever someone logs in. But is this level of control possible in ASP.NET land?

  Read the article

• Preventing dictionary attacks on a web application

  - by Kevin Pang

  What's the best way to prevent a dictionary attack? I've thought up several implementations but they all seem to have some flaw in them: Lock out a user after X failed login attempts. Problem: easy to turn into a denial of service attack, locking out many users in a short amount of time. Incrementally increase response time per failed login attempt on a username. Problem: dictionary attacks might use the same password but different usernames. Incrementally increase response time per failed login attempt from an IP address. Problem: easy to get around by spoofing IP address. Incrementally increase response time per failed login attempt within a session. Problem: easy to get around by creating a dictionary attack that fires up a new session on each attempt.

  Read the article

• Securing input of private / protected methods?

  - by ts

  Hello, normally, all sane developers are trying to secure input of all public methods (casting to proper types, validating, sanitizing etc.) My question is: are you in your code validating also parameters passed to protected / private methods? In my opinion it is not necessary, if you securize properly parameters of public methods and return values from outside (other classes, db, user input etc...). But I am constantly facing frameworks and apps (ie. prestashop to name one) where validation is often repeated in method call, in method body and once again for securize returned value - which, I think, is creating performace overhead and is also a sign of bad design.

  Read the article

• Persisting sensitve data in asp.net, odd implementation

  - by rawsonstreet

  For reasons not in scope of this question I have implemented a .net project in an iframe which runs from a classic asp page. The classic asp site persisted a few sensitive values by hitting the db on each page. I have passed there variables as xml to the aspx page, now I need to make these values available on any page of this .net site. I've looked into the cache object but we are on a web farm so I am not sure it would work. Is there a way I can can instantiate an object in a base page class and have other pages inherit from the base page to access these values? What is the best way to persist these values? A few more points to consider the site runs in https mode and I cannot use session variables, and I would like to avoid cookies if possible..

  Read the article

• Wordpress vulnerabilities test scanner

  - by systempuntoout

  Do you know any stand-alone client or web tool (like grc) that could scan, find and report Wordpress vulnerabilities, plugins included?

  Read the article

• Can a program assign the memory directly?

  - by Tattat

  Is there any really low level programming language that can get access the memory variable directly? For example, if I have a program have a variable i. Can anyone access the memory to change my program variable i to another value?

  Read the article

< Previous Page | 170 171 172 173 174 175 176 177 178 179 180 181  | Next Page >