Search Results

Search found 25503 results on 1021 pages for 'browser security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 179/1021 | < Previous Page | 175 176 177 178 179 180 181 182 183 184 185 186  | Next Page >

  • login connection problem using SimpleTest

    - by Cedric
    Hi everyone. I am using SimpleBrowser from SimpleTest (http://www.simpletest.org) to login a webmin (http://www.webmin.com/). This login uses https. I've tried two different ways, both fail. $browser = new SimpleBrowser(); $browser->useCookies(); $browser->useFrames(); //echoes the login page, where it should echo the landing page from a logged user echo $browser->post('https://address/','user=User&pass=Secret')); And also : $browser = new SimpleBrowser(); $browser->useCookies(); $browser->useFrames(); $browser->get('https://address/'); $browser->setField('user', 'User'); $browser->setField('pass', 'Secret'); //echoes the login page, where it should echo the landing page from a logged user echo $browser->clickSubmit('Login'); Do you have any clue why it doesn't work ?

    Read the article

  • jParallax : rendering problem on Chrome/Safari

    - by Bastienald
    Hello, URL : http://jaimelesbeauxsites.com/labs/ Browser : Firefox 4 beta 11 OS : Mac 10.6.6 I'm using jParallax to create a new homepage for my folio. I've set the first elements and tested it on Firefox 4 beta 11, everything was working fine. ! But when I've opened the page on Chrome/Safari, none of the elements were where it was supposed to be. Is there something I've missed ? Maybe it's only due to the fact that I'm using a beta...

    Read the article

  • Frameset frame cached by Firefox

    - by dragonfly
    Hi, I have a html page which contains nested frameset (don't ask why, I'm only servicing the app ;) ). What bothers me, is why FF caches Header.htm file constantly. I had to use clear cache to force browser to download it again. ctrl+f5 didn't help. <frameset rows="68,*" border="0" frameborder="no" framespacing="0"> <frame name="header" src="/Header.htm" scrolling="no" noresize> <frame name="footer" src="/Login.aspx?w=<% =company %>&amp;loc=<% =ccdom %>"> </frameset> Any ideas what is responsible for that behaviour? On the other hand, IE downloads the file without a hassle. Thanks, Pawel

    Read the article

  • When should I observe javascript events on window vs. document vs. document.body?

    - by brahn
    I'm using prototype.js for my web app, and I have everything running on chrome, safari, and firefox. I am now working on IE8 compatibility. As I've been debugging in IE, I've noticed that there are javascript events for which I have previously set an observer on the window, e.g. Event.observe(window, eventType, function () {...}); (where eventType might be "dom:loaded", "keypress", etc.) and it works just fine in Chrome/Safari/Firefox. However, in IE the observer never fires. In at least some cases I could get this to work on IE by instead placing the observer on something other than window, e.g. document (in the case of "dom:loaded") or document.body (in the case of "keypress"). However, this is all trial-and-error. Is there some more systematic way to determine where to place these observers such that the results will be cross-browser compatible? Thanks!

    Read the article

  • How to secure authorization of methods

    - by Kurresmack
    I am building a web site in C# using MVC.Net How can I secure that no unauthorized persons can access my methods? What I mean is that I want to make sure that only admins can create articles on my page. If I put this logic in the method actually adding this to the database, wouldn't I have business logic in my data layer? Is it a good practise to have a seperate security layer that is always in between of the data layer and the business layer to make? The problem is that if I protect at a higher level I will have to have checks on many places and it is more likely that I miss one place and users can bypass security. Thanks!

    Read the article

  • Custom certificate as proof of transaction

    - by Andy
    I'm developing a site where a user conducts a given transaction and once completed, the user is issued with a 'secure certificate'. The certificate serves as proof of the transaction and the user is able to upload the certificate at a later stage, to view the details of the transaction. At the moment I'm using a custom XML document with encrypted fields. It works perfect, but I would like a standardized approach, such as an X.509 certificate. I'm no encryption expert, but from what I gather, X.509 is more geared towards SSL issued by a CA. Is it possible to create your own valid valid CRT file? As a test, I created a CRT file with the example provided on WikiPedia. However, when I open the file in Windows I get this warning: Invalid Public Key Security Object File - This file is invalid as the following: Security Certificate. Not having much luck here, so time to ask the experts. What direction should I be heading in? Any guidance would be greatly appreciated.

    Read the article

  • What happens to my web application if Javascript is disabled?

    - by Richard77
    Hello, I'm learning JQuery and am about to write some pages using intensively that library. I just learned that some user disable javascript on their browser (I didn't even know that was possible and/or necessary). Now, here's my question: What happens to my web application if a user disable Javascript? For instance, I'd like to display some screens using Ajax and commands such as 'InsertBefore' to bring in live a DIV that will display the result. So, if Javascript is disabled, I wonder what going to happen to all this work that relies on Javascript? I'm kind of lost. Thanks for helping

    Read the article

  • Good articles to read on SSL and HTTPS?

    - by Igor Romanov
    I had a problem with accepting invalid SSL certificate in my iPhone program. That problem is solved now, however I came to understanding that I have very abstract idea on how exactly the whole thing is working: how web browser is verifying that received certificate is really for host it communicates to and not faked by same party in the middle? if browser talks to some 3rd party (CA?) to do certificate check? and many other questions... Would someone please recommend good source of information with in-depth enough description of how all parts click together?

    Read the article

  • Can an Aspect conditionally render parts of a JSP page ?

    - by Scott The Scot
    At present the jsp pages have normal authorize tags to conditionally render links and information etc. The website is on the intranet, and we're using Spring Security 2.0.4. Ive now got a business user who wants to allow all roles to access everything for the first few weeks, then gradually add the security back in as feedback is gathered from the business. Rather than go through every page, removing the authorize tags, only to have to put them back in, is is possible to configure these through an aspect, or is there any other way to externalize this into a config file ? I've found Spring's MethodSecurityInterceptor and the meta data tags, but these wouldn't give me the externalization. I've been on google for the last hour, and am now pretty sure this can't be done, but would love to find out I haven't been asking the right questions. Advice appreciated

    Read the article

  • Why can XSLT not parse this XML?

    - by Matt W
    Taking the XSLT and XML from this page as an example: http://www.w3schools.com/xsl/xsl_transformation.asp I have an xml file which contains (above example modified): <?xml version="1.0" encoding="ISO-8859-1"?> <?xml-stylesheet type="text/xsl" href="cdcatalog.xsl"?> <catalog xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://tempuri.org/"> <cd> In my case, the output contains nothing when the XSLT/XML is processed by the browser. The moment I remove the attributes from the element, it works. Problem is, I don't really have the option of pre-processing those attributes out of the file. Can anyone explain how to force the XSLT to work with the XML as is, please? After all, those attributes seem fairly standard. Many thanks, Matt.

    Read the article

  • is JsonP working with Opera, Chrome & Safari ?

    - by Tom
    Hi, On a web site that I am building , when you log in (because the database is on an other server), I use json padding to check if the user as the right credentials. It's working flawlessly (ie7,ie8 & FF), until I tried it on chrome, safari & opera where it's a complete disaster. $.ajax({ type: "GET", dataType: "jsonp", url: "http://someurl.com", data: aRequestData, cache: false, error: function (XMLHttpRequest, textStatus, errorThrown) { // typically only one of textStatus or errorThrown // will have info alert("Error occured textStatus=" + textStatus + " errorThrown=" + errorThrown); }, success: function(data) { alert('success'); } }); Plain and simple and it works in browser window, however, to my big surprise it did not work in chrome, safari & opera, never got to the success alert. Does anyone know how to solve this issue? Thanks.

    Read the article

  • How to not run function if its a mobile device?

    - by Deshiknaves
    I have a modal pop up function on my website, but i don't want this to run if the browser is smaller than 480px. I have found that if I put an if statement such as: if (window.innerWidth && window.innerWidth > 480) { run function() } Then it should run only if the browsers innerWidth is 480. However its not working and I think its because I have page scaling on this website. Can any one help me with a conditional statement if page scaling is on? Thanks.

    Read the article

  • Best Pratice to Implement Secure Remember Me

    - by Yan Cheng CHEOK
    Sometimes, I came across certain web development framework which doesn't provide authentication feature as in Authenication ASP.NET I was wondering what is the security measure needs to be considered, when implementing "Remember Me" login feature, by hand coding? Here are the things I usually did. 1) Store the user name in cookie. The user name are not encrypted. 2) Store a secret key in cookie. The secret key is generated using one way function based on user name. The server will verify secret key against user name, to ensure this user name is not being changed. 3) Use HttpOnly in cookie. http://www.codinghorror.com/blog/2008/08/protecting-your-cookies-httponly.html Any things else I could miss out, which could possible lead a security hole.

    Read the article

  • Is it possible to put binary image data into html markup and then get the image displayed as usual i

    - by Joern Akkermann
    It's an important security issue and I'm sure this should be possible. A simple example: You run a community portal. Users are registered and upload their pictures. Your application gives security rules whenever a picture is allowed to be displayed. For example users must be friends on each sides by the system, in order that you can view someone else's uploaded pictures. Here comes the problem: it is possible that someone crawls the image directories of your server. But you want to protect your users from such attacks. If it's possible to put the binary data of an image directly into the HTML markup, you can restrict the user access of your image dirs the user and group your web application runs of and pass the image data to your Apache user and group directly in the HTML. The only possible weakness then is the password of the user that your web app runs as. Is there already a possibility?

    Read the article

  • How to implement a good system for login/out into a webapp

    - by Brandon Wang
    I am one of the developers at PassPad, a secure password generator and username storage system. We're still working on it, but I have a few questions on the best way to implement a secure login/out system. Right now, what we plan on doing is to have the login system save a cookie with the username and a session key, and that's all that serves as authentication. The server verifies the two to match. Upon login/out a new key is created. This is a security-related webapp and while we don't actually store any information that might make the user queasy, because it is security-oriented it makes it a necessity for us to at least appear secure in a way that the user would be happy with. Is there a better way to implement a login/out system in PHP? Preferably it won't take too much coding time or server resources. Is there anything else I need to implement, like brute-force protection, etc? How would I go about that?

    Read the article

  • XSS as attack vector even if XSS data not stored?

    - by Klaas van Schelven
    I have a question about XSS Can forms be used as a vector for XSS even if the data is not stored in the database and used at a later point? i.e. in php the code would be this: <form input="text" value="<?= @$_POST['my_field'] ?>" name='my_field'> Showing an alert box (demonstrate that JS can be run) on your own browser is trivial with the code above. But is this exploitable across browsers as well? The only scenario I see is where you trick someone into visiting a certain page, i.e. a combination of CSRF and XSS. "Stored in a database and used at a later point": the scenario I understand about CSS is where you're able to post data to a site that runs JavaScript and is shown on a page in a browser that has greater/different privileges than your own. But, to be clear, this is not wat I'm talking about above.

    Read the article

  • 2 different php request at same time per user

    - by Oguz
    I have a website which has 2 pages , (home_page.php and action_page.php)Action page takes aprx. 2 minutes to completely load (server side takes 2 minutes) . But if user clicks to home page link while action page is loading , browser does not go to home page , until action page is completely loaded . First of all what is the reason of this ? (bowser ? php ? apache ?) and how can I avoid this ? Thank you

    Read the article

  • What are the weaknesses of this user authentication method?

    - by byronh
    I'm developing my own PHP framework. It seems all the security articles I have read use vastly different methods for user authentication than I do so I could use some help in finding security holes. Some information that might be useful before I start. I use mod_rewrite for my MVC url's. Passwords are sha1 and md5 encrypted with 24 character salt unique to each user. mysql_real_escape_string and/or variable typecasting on everything going in, and htmlspecialchars on everything coming out. Step-by step process: Top of every page: session_start(); session_regenerate_id(); If user logs in via login form, generate new random token to put in user's MySQL row. Hash is generated based on user's salt (from when they first registered) and the new token. Store the hash and plaintext username in session variables, and duplicate in cookies if 'Remember me' is checked. On every page, check for cookies. If cookies set, copy their values into session variables. Then compare $_SESSION['name'] and $_SESSION['hash'] against MySQL database. Destroy all cookies and session variables if they don't match so they have to log in again. If login is valid, some of the user's information from the MySQL database is stored in an array for easy access. So far, I've assumed that this array is clean so when limiting user access I refer to user.rank and deny access if it's below what's required for that page. I've tried to test all the common attacks like XSS and CSRF, but maybe I'm just not good enough at hacking my own site! My system seems way too simple for it to actually be secure (the security code is only 100 lines long). What am I missing? I've also spent alot of time searching for the vulnerabilities with mysql_real_escape string but I haven't found any information that is up-to-date (everything is from several years ago at least and has apparently been fixed). All I know is that the problem was something to do with encoding. If that problem still exists today, how can I avoid it? Any help will be much appreciated.

    Read the article

  • How to secure authiorization of methods

    - by Kurresmack
    I am building a web site in C# using MVC.Net How can I secure that no unauthorized persons can access my methods? What I mean is that I want to make sure that only admins can create articles on my page. If I put this logic in the method actually adding this to the database, wouldn't I have business logic in my data layer? Is it a good practise to have a seperate security layer that is always in between of the data layer and the business layer to make? The problem is that if I protect at a higher level I will have to have checks on many places and it is more likely that I miss one place and users can bypass security. Thanks!

    Read the article

  • Time to ignore IE?

    - by Delan Azabani
    In this answer: http://stackoverflow.com/questions/2781013/does-anyone-have-a-easy-to-use-png-fix-for-ie/2781041#2781041 which got voted down considerably, I point out the need to ignore Internet Explorer, or at least its old version 6, for the following reasons: It is hard to hack for, and some features don't exist at all The more you hack for IE, the longer people blindly use it (vicious cycle) My website, azabani.com, doesn't hack for IE at all. The layout looks somewhat broken in the browser, and most of my projects require features not present in IE's codebase. I would like to know if you support my view, or if you share views with those who downvoted my answer.

    Read the article

  • Dealing with passwords securely

    - by Krt_Malta
    Hi I have a Java web service and a Java web client making use of this service. One of the functions is to create a new user account. My two concerns are: How will I send the user's password securely from the client. How will I store the user's password securely on the server. How can I achieve these? I know the theory basically behind security, security algorithms etc but can anyone give me some advice on how I should go about in coding? Could anyone point me to some good (and if possible not complicated) examples to follow since I found some examples on the Internet very contorted? Thanks a lot and regards, Krt_Malta

    Read the article

  • How to test my application on older version of IE?

    - by Rakesh Juyal
    I have installed IE8 on my system. I usually test my application on this browser, but the problem arises when i got to know that the client is using IE7. Now how can i test my application on IE7? One possible solution is to have dual booting on my system. So on version of Windows i can have IE7 and on another i can have IE8. But i really don't want to use this solution. Another possible solution is to use PC Emulator [ Don't know what is this, just heard about these ]. Using which i can have multiple IE version simultaneously. Have you ever tried this solution? Please name any good FREE emulator. Please let me know if there is any other better solution.

    Read the article

  • Using WCF HttpBindings on a LAN

    - by dcw
    We have a WCF-based client server that operates over a LAN. We've been getting along ok by using the NetTcpBinding, chosen because we couldn't get either HttpBinding to work between hosts. (Within a single host works fine, but is not useful for the production environment.) We're now back at the point where we want to explore using either BasicHttpBinding or WsHttpBinding, but we simply can't see the server from the client: even putting in the path to the endpoint into IE fails to see the server. Is there something simple we've overlooked? We're not specifying any security settings (or anything else, for that matter). Should we be doing so (e.g. explicitly setting security settings to None)?

    Read the article

  • How to implement Gradient Opacity (Mask) using html css javascript

    - by brz dot net
    I have to show 25% right screen in such way that the text looks appeared from right. For this I need to set opacity from 0 to 100 at 25% right side screen means rightmost opacity would be 0 and at 75% the opacity would be 100. For this, I took a Div and set opacity but It looks bad because of border. I need to gray out text. It looks a block. Let me know how I can implement cross browser compatible gradient opacity mask for right screen text. What is the best way to do this?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 175 176 177 178 179 180 181 182 183 184 185 186  | Next Page >