Search Results

Search found 22139 results on 886 pages for 'security testing'.

Page 189/886 | < Previous Page | 185 186 187 188 189 190 191 192 193 194 195 196  | Next Page >

• WebService authentication via default MembershipProvider

  - by Mickel

  What is the best practice when you need to authenticate specific OperationContracts, while using the default MembershipProvider for security (FormsAuthentication). I guess that doing Membership.ValidateUser and Membership.GetUser just won't cut it when using WebServices, right?

  Read the article

• why jsessionid is appended to each url?

  - by sword101

  greetings all i am deploying an app using spring framework on the apache tomcat when running the application from the tomcat directly,there's no jsessionid appended to any url at all but after mapping the application to the domain,and trying to run it i got a jsessionid appended to each url in the application,i tried the spring security attribute disable-url-rewriting but it doesn't work,it removes the jsessionid from the url but the application doesn't work no more,the user cannot login. so i guess it's another problem,any ideas why this happens,how to solve it? thanks.

  Read the article

• URLScan and percent signs

  - by Hobbes

  So I just ran into a stupid problem in which users could not download files that had a percent sign in it. It wound up being URLScan. I had to un-set two things in urlscan.ini: 1) Set VerifyNormalization to 0 (disabled) 2) Remove the percent sign from the "DenyUrlSequences" section Do an iisreset, and it problem solved. But the big question is: How much of a security risk is this?

  Read the article

• MD5 hash with salt for keeping password in DB in C#

  - by abatishchev

  Could you please advise me some easy algorithm for hashing user password by MD5, but with salt for increasing reliability. Now I have this one: private static string GenerateHash(string value) { var data = System.Text.Encoding.ASCII.GetBytes(value); data = System.Security.Cryptography.MD5.Create().ComputeHash(data); return Convert.ToBase64String(data); }

  Read the article

• How can I provide an ASP.NET Forms Authentication UX while using Active Directory Role and Authentic

  - by Nate Bross

  Is it possible to use this Role Provider AspNetWindowsTokenRoleProvider with ASP.NET FORMS Authentication (via this MembershipProvider System.Web.Security.ActiveDirectoryMembershipProvider)? It seems to only work with <authentication mode="Windows">, is it possible to use it with FORMS? background -- The objective here is to provide an ASP.NET Forms UX while using Active Directory as the back-end authentication system. If there is another, easy way to do this using built-in technologies, that's great and I'd like to hear about that as well.

  Read the article

• Problem making local copy of a webpage

  - by Claudiu

  I want to run this chrome experiment locally. I copied the .html and .js files, along with the two .jpgs that the demo uses. However, when I run it off my local drive, Chrome gives this error: light.js:89 - Uncaught Error: SECURITY_ERR: DOM Exception 18 Line 89 returns the image data from the canvas after drawing the image to it. What's causing this security exception? It seems to not be Chrome-specific, as Firefox gives the same error.

  Read the article

• Change Browser settings by script

  - by jAndy

  Hi Folks, Afaik, you can change/manipulate browser settings in Mozilla/Netscape browsers. For Instance "netscape.security.PrivilegeManager.enablePrivilege('someprivilege');" Of course the user gets informed about that and needs to verify the action. My question is, do other browser have similar functionality? IE, Safari/Chrome ? Kind Regards --Andy

  Read the article

• prevent generating new jsessionid?

  - by mr.lost

  greetings all my application uses spring framework,spring security 3.0.2 we use apache tomcat as app server the problem is that with each new request to the application a new jsessionid is generated and a new session is created so the user is logged out and that's weird,why generating new jsessionid,how to stop that? i reviewed the code,nothing is creating a new session? is it a framework problem or app server problem or what? your help is very appreciated. thank you.

  Read the article

• best way to escape and create a slug

  - by Mac Taylor

  hey guys im somehow confused in using proper functions to escape and create a slug i used this : $slug_title = mysql_real_escape_string()($mtitle); but someone told me not to use it and use urlencode() which one is better for slugs and security as i can see in SO , it inserts - between words : http://stackoverflow.com/questions/941270/validating-a-slug-in-django thanx in advanced

  Read the article

• ASP.NET ascx.cs via GET

  - by Heavy Bytes

  Say I have this url: http://site.example/dir/ In this folder I have these files: test.ascx.cs and test.ascx Just to be clear, I am not a .NET developer. From a security point of view - why can't I access http://site.example/dir/test.ascx.cs and how secure is it to keep those files there? I assume IIS filters out request that query these kind of files, but can someone explain me this? Thank you.

  Read the article

• Is using js.erb files in conjunction with rails and jquery safe?

  - by Yak

  Hi, I have seen many resources on using jQuery with rails where people recommend having callback functions in .js.erb files, however I have also heard that passing data this way leaves me vulnerable to man in the middle attacks. Is this true? What are the security concerns and is there a way to do it safely? Thanks

  Read the article

• Process limit for user in Linux

  - by BrainCore

  This is the standard question, "How do I set a process limit for a user account in Linux to prevent fork-bombing," with an additional twist. The running program originates as a root-owned Python process, which then setuids/setgids itself as a regular user. As far as I know, at this point, any limits set in /etc/security/limits.conf do not apply; the setuid-ed process may now fork bomb. Any ideas how to prevent this?

  Read the article

• To HTMLENCODE or not to HTMLENCODE user input on web form (asp.net vb)

  - by Phil

  I have many params making up an insert form for example: x.Parameters.AddWithValue("@city", City.Text) I had a failed xss attack on the site this morning, so I am trying to beef up security measures anyway.... Should I be adding my input params like this? x.Parameters.AddWithValue("@city", HttpUtility.HtmlEncode(City.Text)) Is there anything else I should consider to avoid attacks? Thanks

  Read the article

• Solr Multicore Admin Problem

  - by Daniel M

  Im trying to add a url based security constraint to solr deployed in websphere 6.1. If I specify the core name in the url of the constraint then the admin url for that core gives a 404. Has anyone had any success with this or any suggestions? Cheers

  Read the article

• Can i use Spring on GAE?

  - by n002213f

  Can i use Spring Webflow/MVC and Spring Security and Hibernate on Google App Engine? Is there a list/summary of java frameworks that can be used on the GAE?

  Read the article

• How to detect Java agents, JVMTI, etc...

  - by Andrew Westberg

  How does one secure the Java environment when running on a machine you don't control? What is to stop someone from creating a java agent or native JVMTI agent and dumping bytecode or re-writing classes to bypass licensing and/or other security checks? Is there any way to detect if any agents are running from Java code? From JNI? From a JVMTI agent?

  Read the article

• C++ Professional Code Analysis Tools

  - by Voulnet

  Hello there, I would like to ask about the available (free or not) Static and Dynamic code analysis tools that can be used to C++ applications ESPECIALLY COM and ActiveX. I am currently using Visual Studio's /analyze compiler option, which is good and all but I still feel there is lots of analysis to be done. I'm talking about a C++ application where memory management and code security is of utmost importance.

  Read the article

• deploying WAMP -> live site - any random tips?

  - by Haroldo

  In the next few weeks I'll be taking my site from the localhost (WAMP) and puting it on a new server. This will be the first site, on my first server, so basically...i'm a noob! This must be an important moment for any independent web developer / small business so i'd love to hear about some experiences, mistakes and system default security holes that one should fix straight away... I'm using php, mysql, cpanel and WHM, and looking for tips like "Turn off error reporting in PHP"

  Read the article

• Auto-creating User details with Grails and LDAP

  - by Benny Hallett

  I'm using the Acegi Security plugin for Grails, and authentication via LDAP. The application logs show that on login, we can authenticate the user and get their roles via LDAP, but the login fails because the User Details cannot be found in the application's database. Is there a way to auto create and save a basic User Details domain object if one doesn't already exit?

  Read the article

• GenericIdentity not FormsIdentity

  - by Tony

  H Regarding this URL http://www.codeproject.com/KB/aspnet/FlashUpload.aspx User.Identity as System.Web.Security.FormsIdentity is always null, because the Identity is GenericIdentity, I assumed it will be as in the tutorial FormsIdentity, what is chances. Thanks

  Read the article

• How to Consume a WebService(created by C#) using Https protocol

  - by Navaneeth A Krishnan

  I'm developing a small project, that is an C# web service, i did that but now i want to run the web service using the protocol HTTPS, for that i have installed web authentication certificate in my system and my IIS 5.1 server is running under HTTPS protocol(i have configured in that directory security) But now i want to invoke the web service using the HTTPS protocol, somebody told that, i need to modify the WSDL file for that web service but i don't know how to do it... now my service url is like this.... http://localhost:2335/SWebService.asmx here i would like to use https instead of http

  Read the article

• Heroku powered private restricted beta

  - by Ben Sand

  I'd like to run an app in a restricted private beta on heroku. We're changing the app regularly and haven't done a security audit. To stop anyone exploiting stuff, we'd like to lock down the whole site, so you need a password to access anything. Ideally similar to using .htaccess and .htpasswd files to lock an entire site on an Apache server. Is there a simple one shot way to do this for a heroku hosted app?

  Read the article

• How can I flash the taskbar from a partial trusted .NET application?

  - by Brann

  I'd like to flash the taskbar (as described here for example), but I can't P/Invoke FlashWindowEx (or anything else, for that matter) in the security context my application is running in. Is there another way to get the taskbar to flash? If not, what are my options for getting the user's attention?

  Read the article

• Copy all current system data content in memory

  - by Tom Brito

  I'm studying security, and I would like to know: in Windows or Unix based OS environment, is there a way for a malicious program to copy all the content of the computer's memory? My worry is about a program that can get my decrypted data loaded in memory. And how to avoid it.

  Read the article

• can you hack into my site? 2 [closed]

  - by user296516

  Hi guys, I have build a php authentication for my site http://www.skyeye.cc/ and wanted to make sure I didn't forget any security holes... let see if you can hack into it? Thanks! P.S. Do not close this topic, the site is really mine!

  Read the article

< Previous Page | 185 186 187 188 189 190 191 192 193 194 195 196  | Next Page >