ssl vpn - Page 185 - Developer IT

What are best practices for securing the admin section of a website?

- by UpTheCreek

I'd like to know what people consider best practice for securing the Admin sections of websites, specifically from an authentication/access point of view. Of course there are obvious things, such as using SSL and logging all access, but I'm wondering just where above these basic steps people consider the bar to be set. For example: Are you just relying on the same authentication mechanism that you use for normal users? If not, what? Are you running the Admin section in the same 'application domain'? What steps do you take to make the admin section undiscovered? (or do you reject the while 'obscurity' thing)

Read the article

Android:How to avoid XML verification failed error and Upgrading to 2.x SDK successfully?

- by user187532

Hi, I have setup for Android development with 1.5 SDK on Mac O.S X - Eclipse 3.5. I want to upgrade the SDK, so as i followed to choose Window-Android SDK and AVD Manager from Eclipse. But it throws error as follows: XML verification failed for https://dl-ssl.google.com/android/repository/repository.xml. Error: cvc-elt.1: Cannot find the declaration of element 'sdk:sdk- repository'. Failed to fetch URL I tried "http" instead of https, but still getting the same error. I don't know why such crap error comes. If i see Android website, http://developer.android.com/intl/zh-CN/sdk/index.html its confusing. Could someone guide me easily to update Android SDK to 2.x or later without uninstalling my current setup environment. Thanks. I appreciate your kind suggestions.

Read the article

How to communicate/share a session between pages over HTTP and HTTPS

- by spirytus

What is common practice for coding web applications where part of the site has to be secured (e.g. checkout section) and part not necessarily, let's say homepage? As far as I know sharing sessions in between HTTP and HTTPS parts of the site is not easily possible (or is it?). What would be common approach if I wanted to display on HTTP page like homepage, shopping cart data (items) that users ordered on HTTPS pages? How those two parts of the site would communicate if necessary? Also isn't it security flaw in popular shopping carts as it seems that many of these have only checkout pages secured (SSL) and the rest not? I'm using PHP if it makes any difference.

Read the article

What's the role of the parentheses in the following piece of code?

- by Emanuil

This is the tracking code for Google Analytics: var _gaq = _gaq || []; _gaq.push(["_setAccount", "UA-256257-21"]); _gaq.push(["_trackPageview"]); (function() { var ga = document.createElement("script"); ga.type = "text/javascript"; ga.async = true; ga.src = ("https:" == document.location.protocol ? "https://ssl" : "http://www") + ".google-analytics.com/ga.js"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(ga, s); })(); You can see that the function is inside parentheses. Why do you think is that?

Read the article

cannot access localhost using ip

- by Robert

I have done a small web development project using eclipse. It runs well when I try running it on browser with url localhost:8080/myproject/home.html. But if I want to access it on another machine (laptop, mobile, etc. using the same wifi) it is not possible; it is not able to connect. After Googling for a while found out that I have to use the IP address instead of 'localhost'. So I tried 10.0.0.4:8080/myproject/home.html, but still does not work. In fact i am unable to open that url on the same machine (where localhost:8080/myproject/home.html works fine). I also added a new Inbound rule in control panel firewall settings, allowing access to all ports for protocol TCP. Still have problem in running application with the url 10.0.0.4:8080/myproject/home.html (both on same machine as well as laptop and mobile). FYI i am using Eclipse Indigo, Apache tomcat 6.0 and server.xml file contents is as below: <?xml version="1.0" encoding="UTF-8"?> <Server port="8005" shutdown="SHUTDOWN">  <Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>  <Listener className="org.apache.catalina.core.JasperListener"/>  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"/> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>  <GlobalNamingResources>  <Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase"/> </GlobalNamingResources>  <Service name="Catalina">    <Connector port="8080" protocol="HTTP/1.1" address="10.0.0.4" connectionTimeout="20000" redirectPort="8443" />      <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>   <Engine defaultHost="localhost" name="Catalina">      <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>  <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true" xmlNamespaceAware="false" xmlValidation="false">     <Context docBase="myproject" path="/myproject" reloadable="true" source="org.eclipse.jst.jee.server:myproject"/></Host> </Engine> </Service> </Server>

Read the article

Send post to a different domain using JS

- by Lior

Hello, I'd like a post request to be sent once a certain text input field is changed, using javascript. So here is my current code: <input name="message" onchange="$.ajax({type: \"POST\", url: \"http://example.com/example.php\", data: \"message=\" + document.getElementsByName(\"message\")[0].value});" /> Now, it's working on a regular connection, but it's not working on a secured connection (SSL). I mean, the page is secured, but the request is sent to a non secured page. Is there a solution?

Read the article

Implementing a 'Send Feedback' feature in a Java desktop application

- by William

I would like to implement a 'Send Feedback' option in a Java desktop application. One which will pop up a box for the user to enter a comment, then send it to us along with a screenshot of the application window. How would be the best way to communicate the data to us? Two obvious solutions spring to mind: Email - I'm thinking that the application would connect to an SMTP server set-up by us, with the username/password somehow hidden in the code. SMTP over SSL for security (not of the data being sent, but of the SMTP username/password). Web service - pretty self explanatory. Which of these would be best, or is there a better alternative?

Read the article

how can I send messages to/from a Websphere Message Broker from an embedded C client (no JVM)?

- by queBurro

What are my options for pubsubing (or point to point but pubsub is better) messages to and from an IBM message broker from an embedded headless C/C++ linux client that doesn't have a JVM? Ideally we want large file transfer (2GB once per day off of the client) encryption (SSL) reliable ('assured' delivery / QoS2, maybe QoS1 would do) The client in question currently only has exes and some bash scripts, I've been playing with MQTTv3 and RSMB, but for that I'd have to chomp the large files up (and reassemble back home) and I don't want to get into that if there's a transport that will do this for me? I've looked at MQTTv5 (but our client's got no JVM); JMS (no JVM) and XMS? which again looks like it gives me a C API but then needs the JVM to be installed on the client (or am I wrong?) any clues or hints would be appreciated, cheers

Read the article

nginx improperly forwards to https, adds two trailing slashes when rewriting

- by Kevin

I'm using nginx as a proxy for a django project on mod_wsgi and to serve the static content. I have two domain names for it: asdf-example.com and asdfexample.com. I want to use rewrites to redirect everything to www.asdf-example.com They're not quite working the way they should: asdf-example.com forwards to https:// www.asdf-example.com, which fails because I'm not using SSL. Though asdf-example.com/search forwards to http://.... asdfexample.com and www.asdfexample.com both forward to www.asdf-example.com//, which looks weird. My config file: server { listen 80; server_name asdf-example.com asdfexample.com; if ($host ~* ^asdf-example\.com){ rewrite ^(.*)$ http://www.asdf-example.com/$1 permanent; } if ($host ~* ^asdfexample\.com){ rewrite ^(.*)$ http://www.asdf-example.com/$1 permanent; } if ($host ~* ^www\.asdfexample\.com){ rewrite ^(.*)$ http://www.asdf-example.com/$1 permanent; } ... Thanks

Read the article

Web services Authentication Jungle

- by redben

I have been doing some research lately about best approaches to authenticating web services calls (REST SOAP or whatever). But none of the Approaches convinced me... But i still can't a make a choise... Some talk about SSL and http basic authentication -login/password- which just seems weird for a machine (i mean having to assign a login/password to a machine, or is it not ?). Some others say API keys (seems like these scheme is more used for tracking and not realy for securing). Some say tokens (like session IDs) but shouldn't we stay stateless (especially if in REST style) ? In my use case, when a remote app is calling one of our web services, i have to authenticate the calling application obviously, and the call must - if applicable - tell me which user it impersonates so i can deal with authorization later. Any thoughts ?

Read the article

What goes between SQL Server and Client?

- by worlds-apart89

This question is an updated version of a previous question I have asked on here. I am new to client-server model with SQL Server as the relational database. I have read that public access to SQL Server is not secure. If direct access to the database is not a good practice, then what kind of layer should be placed between the server and the client? Note that I have a desktop application that will serve as the client and a remote SQL Server database that will provide data to the client. The client will input their username and password in order to see their data. I have heard of terms like VPN, ISA, TMG, Terminal Services, proxy server, and so on. I need a fast and secure n-tier architecture. P.S. I have heard of web services in front of the database. Can I use WCF to retrieve, update, insert data? Would it be a good approach in terms of security and performance?

Read the article

Paypal Payflow pro library

- by John Stewart

I already have an express checkout integrated with my Codeigniter application. Now I want to integrate seamless paypal where I collect the CC information and pass it to Paypal (via backend) and once everything is approved, my application shows that to the user. All this with out ever going to Paypal's website. I know that Paypal gives a bunch of sample code but they have so many different products that advertise to do the same thing. Is there any wrapper library in PHP that I can use for handling all this? What sort of design decision is involved in migrating to such system? Would I need SSL certificates for this?

Read the article

Should we create Virtual Machine environment so a consultant can develop in similiar environment?

- by ChrisNel52

This is a large project and currently there are only 3 developers working on it. We have some money in the budget to contract development help from a software consulting firm. However, because the location of our business it would be beneficial if the consultant could do their development off-site. Also, our company policy doesn't allow contract help to VPN into our network, so that is not an option. My question is, would it be a good idea to create a Virtual Machine that copies our internal environment (particularly our database and WCF service) and give the consultant the Virtual Machine image so that they can replicate the environment at their place of work? I haven't worked much with Virtual Machines, so I'm not sure if this is a good idea or if there are huge obstacles that I'm not thinking of. If anyone has ever done anything like this, it would be great to hear the pros/cons. Any help would be appreciated.

Read the article

OpenSSL: SessionTicket TLS extension problem

- by rursw1

Hello, I'm using an application which uses OpenSSL for client TLS side. We upgrade the OpenSSL version from 0.9.8e to 0.9.8k. And then TLS doesn't work... Wireshark shows that the new version (with OpenSSL 0.9.8k) sends the client hello packet with a SessionTicket extension - and the server side responds with a fatal internal error. The previous version sends an almost identical hello packet, but without the SessionTicket ext. When I replaced TLSv1_client_method with SSLv23_client_method, everything worked fine - the sent client hello packet was a SSLv2 one (In the sniffer) without any extension (as it wasn't TLS but SSL?) Is there a better way to disable this extension or to solve the problem in another way? Thanks in advance, rursw1

Read the article

changing src reference based upon https

- by spody

I'm adding a facebook comment widget to a website. I'm placing this widget in a file that is included on everypage. The navigation is relatively linked so it switches back and forth from http and https. But for some reason the comment widget only shows up if both the src linked file and webpage is secure or both the src linked file and webpage is NOT secure. The widget does not display of the src file is secure and the webpage is not secure. So... I've tried this but doesn't work. if (window.location.protocol == 'https:') script.setAttribute('src', 'https://ssl.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php'); } else { script.setAttribute('src', 'http://static.ak.connect.facebook.com/connect.php/en_US') }

Read the article

How to send news letters in zend

- by Sherif

i am trying to send something like news letter Via Zend_Mail but after 12 mail i got this message Fatal error: Maximum execution time of 30 seconds exceeded in C:\Program Files\Zend\Apache2\htdocs\forga\library\Zend\Mail\Protocol\Abstract.php on line 321 my Code is like: $smtpHost = 'smtp.gmail.com'; $smtpConf = array( 'auth' = 'login', 'ssl' = 'tls', 'port' = '587', 'username' ='[email protected]', 'password' = 'xxxxxxxx' ); $transport = new Zend_Mail_Transport_Smtp($smtpHost, $smtpConf); foreach($users as $user) { $mail = new Zend_Mail(); $mail-setFrom("[email protected]", 'Forga'); $mail-setSubject($subject); if($html=='on') $mail-setBodyHtml($message); else $mail-setBodyText($message); $mail-addto($user); $transport-send($mail); }

Read the article

Accessing Securised Web Service

- by Xstahef

Hi, I need to connect to a provider's web service with a Windows Form application. He gives me a certificate to access it but I have a security problem. I have done these following steps : Add certificate to personal store (on IE & Firefox) Generate a proxy with the remote wsdl (no problem) Use this code to call a method : `using (service1.MessagesService m = new service1.MessagesService()) { X509Certificate crt = new X509Certificate(@"C:\OpenSSL\bin\thecert.p12",string.Empty); m.ClientCertificates.Add(crt); var result = m.AuthoriseTransaction(aut); this.textBox1.AppendText(result.id.ToString()); }` I have the following error : The underlying connection was closed: Could not establish trust relationship for the channel SSL / TLS. Thanks for your help

Read the article

Allowing New Users to Invite Their Gmail Contacts

- by John

Hello, For my site, I would like to give new users the option to invite all of their Gmail contacts to join. What is the basic step-by-step process to set this up? (Also, is it necessary to buy an SSL for this?) Thanks in advance, John EDIT: My site has a basic login where users set up a username and password. I would like to give users the option to invite their Gmail contacts right after they create their new profile. I would also like to give them the option to invite their Gmail contacts anytime they want.

Read the article

Linq to SQL Azure generating Error "Specified cast is not valid."

- by Rabbi

B"H I have an application that has been working for months using Linq to SQL connecting to a SQLExpress. I tried migrating it to SQL Azure. I copied the structure and data using the Sync Framework. I viewed the data in SQL Azure using SSMS 2008 R2 and it seams to be exactly what I have in my Sql Server. However when I try to use Linq to SQL against it I get an error "Specified cast is not valid." I seams to be happening any time I get child records. i.e. whenever I fill (the first time I access) an entity set. It seams to be happening after the data returns and when Linq tries to put it into the objects. Remember, the application is working perfectly against sqlexpress, even when accessed across the internet or vpn.

Read the article

classic asp & .net 2 site not working on windows 7

- by alexander2116

I am receiving the following error message: An error occurred on the server when processing the URL. Please contact the system administrator. If you are the system administrator please click here to find out more about this error. I have my site in the inetpub directory in a subfolder called website. I have also gone to add/remove windows compononents and had asp installed. In iss manager I have asp listed with defult settings. The initial website page is a classic asp page Has anyone else encountered this issue? Please help! I'm having to develop through vpn/remote desktop combo which is painfully slow!! thanks so much for anyone who can help!

Read the article

Microsoft Access to SQL Server - synchronization

- by David Pfeffer

I have a client that uses a point-of-sale solution involving an Access database for its back-end storage. I am trying to provide this client with a service that involves, for SLA reasons, the need to copy parts of this Access database into tables in my own database server which runs SQL Server 2008. I need to do this on a periodic basis, probably about 5 times a day. I do have VPN connectivity to the client. Is there an easy programmatic way to do this, or an available tool? I don't want to handcraft what I assume is a relatively common task.

Read the article

Using java class HttpsURLConnection

- by KB22

Hi all, I have a small piece of code which basically impements a HTTP-Client, i.e. it POSTS request and works with re RESPONSE. As long as HTTP is concenerned everthing work well. For some reason I now have to support HTTPS too. So here is briefly what I do in order to get a connection opened: URL url = new URL(serverAddress); HttpsURLConnection httpsConn = (HttpsURLConnection) url.openConnection(); This fails, stating: sun.net.www.protocol.https.HttpsURLConnectionImpl cannot be cast to com.sun.net.ssl.HttpsURLConnection I guess this is kinda trivial, but I just don't get what I'm doing wrong in this one... Googled it, and the code just looks right - not? any ideas are appreciated! thanks, K

Read the article

What to keep in mind when creating your own custom web services API?

- by John Conde

I have created a website which allows users to sign up for, and use, an online service. To help promote the website we will be have resellers who will be offering their own branded services through us. The initial plan is to allow resellers to place registration, login, and lost password forms on their own website and use an API created by us to handle these requests. I have begun outlining how I expect the API to work (and starting documenting it as well) and I want to make sure I get it right, or as close to right, as I can from the beginning as I know once you have declared a public API you want to avoid changing that API at all costs. So far I have decided: To have the user pass their account credentials with each request To require SSL for all requests What else should I be keeping in mind?

Read the article

.NET Web Service Proxy is adding special characters in XML

- by xkingpin

My web service proxy seems to be adding special characters like "*" and "#" etc. within the xml nodes. My proxy created lists using arrays of objects. I am trying to create a generic list and then doing list.ToArray() to set the proxy MyProxyObject[] object. Is this the cause of the problem I am having? I plan on running fiddler on the request later but it is over SSL and I do not have access to the URL at the moment. Here is an example of the XML that is generated: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> * <soap:Body> o I'm a little concerned because the special characters are even occuring before the array nodes

Read the article

Can you create a HIPAA compliant Amazon S3 Web Application?

- by xkingpin

I am facing some questions when trying to design an S3 application using ASP.NET MVC and trying to stay HIPAA compliant. My initial plan was to require an SSL connection to my web server, encrypt the images on my server, then send them to s3 using my private keys. Here's my obvious concerns: You cannot store unencrypted images in any temporary file cache when client views images within the browser. Even if I setup an ashx to generically handle the image in memory, couldn't this get stored in cache? Saying the images will be encrpyted because you will be connecting to my server via https still does not guarantee all browsers will not cache data. It's not possible to even consider the "Query String" with expiration option since data will be encrypted before being stored on disk at s3, and will again be decrypted at my server in memory. I think my only option would be to write/purchase some sort of ActiveX component that will not expose the image as a simple html image source or write my app as a client side WinForm application.

Search Results

Search found 5390 results on 216 pages for 'ssl vpn'.

Page 185/216 | < Previous Page | 181 182 183 184 185 186 187 188 189 190 191 192 | Next Page >

- by UpTheCreek

- by user187532

- by spirytus

- by Emanuil

- by Robert

- by Lior

- by William

- by queBurro

- by Kevin

- by redben

- by worlds-apart89

- by John Stewart

- by ChrisNel52

- by rursw1

- by spody

- by Sherif

- by Xstahef

- by John

- by Rabbi

- by alexander2116

- by David Pfeffer

- by KB22

- by John Conde

- by xkingpin

- by xkingpin

< Previous Page | 181 182 183 184 185 186 187 188 189 190 191 192 | Next Page >