Search Results

Search found 25872 results on 1035 pages for 'document security'.

Page 190/1035 | < Previous Page | 186 187 188 189 190 191 192 193 194 195 196 197  | Next Page >

  • Is php fileinfo sufficient to prevent upload of malicious files?

    - by Scarface
    Hey guys, I have searched around a bit, and have not really found a professional type response to how to have secure fileupload capability so I wanted to get the opinion of some of the experts on this site. I am currently allowing upload of mp3s and images, and while I am pretty confident in preventing xss and injection attacks on my site, I am not really familiar with fileupload security. I basically just use php fileinfo and check an array of accepted filetypes against the filetype. For images, there is the getimagesize function and some additional checks. As far as storing them, I just have a folder within my directory, because I want the users to be able to use the files. If anyone could give me some tips I would really appreciate it.

    Read the article

  • measuring similarity between documents using jaccard coefficient

    - by jaskirat
    hi i m finding similarity between documents ....nd to measure that i used jaccard coefficient...i did like dis D1=(8,0,0,1) where 8,0,0,1 are the tf-idf scores of the terms t1, t2, t3 , t4 D2=(7,0,0,0) jaccard coefficient= dotproduct(d1,d2) / |d1|+|d2|-dotproduct(d1,d2) and the answer comes out to be " -1.367931 "...what does it signify about the similarity between the documents...pls do reply..please...thank u..

    Read the article

  • Websphere exception handling

    - by Benjamin
    Hi all, From a security standpoint, what is the best solution to handle application errors with Websphere? I've been thinking of creating a class that is called every time an application error is generated, log the error and display a generic error message to the users. In PHP this can be achieved using the set_exception_handler() function. Is there something similar for websphere that could be configured in the web.xml? I've found codes like this on the internet: <error-page> <error-code>500</error-code> <location>/servlet/ExceptionHandlerServlet</location> </error-page> But that would only work with "500" HTTP error codes. I really want something generic that catches everything. Something like a class that implements a certain interface which can have access to all information about the error. Thanks for your time.

    Read the article

  • Secure database connection. DAL .net architecture best practice

    - by Andrew Florko
    We have several applications that are installed in several departments that interact with database via Intranet. Users tend to use weak passwords or store login/password written on a shits of paper where everybody can see them. I'm worried about login/password leakage & want to minimize consequences. Minimizing database-server attack surface by hiding database-server from Intranet access would be a great idea also. I'm thinking about intermediary data access service method-based security. It seems more flexible than table-based or connection-based database-server one. This approach also allows to hide database-server from public Intranet. What kind of .net technologies and best practices would you suggest? Thank in you in advance!

    Read the article

  • session is lost after successful login?

    - by sword101
    greetings all um using spring security 3.0.2,all the application pages are secured to see them you must be authenticated um using https protocol i have a strange problem that after successful login and got to the requested page when try to open any link to other pages in the application the session is invalidated or lost or what happened i don't know and the user become anonymous,and redirected to the login page and i got this from debugging: No HttpSession currently exists No SecurityContext was available from the HttpSession: null. A new one will be created. after reviewing the coe many times,nothing in the code is invalidating the session,any ideas why something like this might happen?

    Read the article

  • Detect IE setting: check for newer versions of stored pages "never"

    - by xx
    I understand there isn't a way to interrogate a users IE settings directly due to security reasons, but is there a way to derive this answer with some other mechanism? I would like to stop a user from using my site if the setting "Check for newer versions of stored pages" is set to "Never". Any suggestions? Is there a way I could test for this using javascript? An example of what I am trying to accomplish is this: While it is not possible to check IE settings to see if you are running a popup blocker, that is a way to "test" for a popup blocker via javascript. I am looking for something similiar but for the cache setting, not the popup blocker.

    Read the article

  • List DOM Documents attributes and methods using Javascript

    - by EddyR
    Just wondering if it's possible to print and list all methods and attributes available to the DOM document itself using Javascript? So I would get something like so: Document.doctype Document.implementation Document.documentElement Document.createElement Document.createDocumentFragment Document.createTextNode Document.createComment Document.createProcessingInstruction etc... etc... I want to do this to test on different browsers and not have to wade through mountains technical documents from each vendor to get accurate information.

    Read the article

  • Is there an application that can help someone create an XML document based on the Relax NG schema?

    - by meowsqueak
    I've spent a bit of time creating a Relax NG schema for use within our team to validate XML documents we use for exchanging information. The schema is not complicated, but it is reasonably large. I am wondering if there exists a tool that can read in such a Relax NG schema and assist a user in creating a corresponding instance document, using the schema as a template. Perhaps an application with a GUI that creates fields and drop-down selections for each part of the document? For example, the tool might create an outline XML document and prompt the user to select multiples of certain elements, fill in each field, perhaps with permitted values read directly from the schema. It might also show the user via visual feedback when their document is 'complete', or highlight validation problems as they come up. I could anticipate writing a custom GUI tool to create such an XML document, but I'd really like changes to the schema to be automatically reflected by the GUI - and I really wonder if this hasn't already been done. I know some editors can automatically validate an XML document against a schema as it's being written, but I would really like to get my users one step away from the XML so they don't have to worry about the details of the XML syntax.

    Read the article

  • Sanitizing CSS in Rails

    - by Erik
    Hello! I want to allow the users of a web app that I'm building to write their own CSS in order to customize their profile page. However I am aware of this opening up for many security risks, i e background: url('javascript:alert("Got your cookies! " + document.cookies'). Hence I am looking for a solution to sanitize the CSS while still allowing as much CSS functionality as possible for my users. So my questions if anyone anyone knows of a gem or a plugin to handles this? I've googled my brains out already so any tips would be really appreciated!

    Read the article

  • Accepting bank account information in a form

    - by jeffthink
    What security concerns are there when accepting a user's bank account information (account number and routing number) via a form on a page that is using SSL, and posting it back to the server where I then curl off a HTTPS request to send that information to an ACH service like First ACH or ACH Direct via their API? We wouldn't be saving the bank account information in our database. I know another option is to use Paypal's Mass Pay API, but they think it's unprofessional (at least for their business) to require customers to have a paypal account to get paid. Thoughts?

    Read the article

  • php Form to Email sanitizing

    - by Jacob
    Hi, im using the following to send a contact us type form, iv looked into security and only found that you need to protect the From: bit of the mail function, as ive hardcoded this does that mean the script is spamproof / un-hijackable $tenantname = $_POST['tenan']; $tenancyaddress = $_POST['tenancy']; $alternativename = $_POST['alternativ //and a few more //then striptags on each variable $to = "[email protected]"; $subject = "hardcoded subject here"; $message = "$tenantname etc rest of posted data"; $from = "[email protected]"; $headers = "From: $from"; mail($to,$subject,$message,$headers);

    Read the article

  • How do I check for the existence of an external file with XSL?

    - by LOlliffe
    I've found a lot of examples that reference Java and C for this, but how do I, or can I, check for the existence of an external file with XSL. First, I realize that this is only a snippet, but it's part of a huge stylesheet, so I'm hoping it's enough to show my issue. <!-- Use this template for Received SMSs --> <xsl:template name="ReceivedSMS"> <!-- Set/Declare "SMSname" variable (local, evaluates per instance) --> <xsl:variable name="SMSname"> <xsl:value-of select=" following-sibling::Name"/> </xsl:variable> <fo:table font-family="Arial Unicode MS" font-size="8pt" text-align="start"> <fo:table-column column-width=".75in"/> <fo:table-column column-width="6.75in"/> <fo:table-body> <fo:table-row> <!-- Cell contains "speakers" icon --> <fo:table-cell display-align="after"> <fo:block text-align="start"> <fo:external-graphic src="../images/{$SMSname}.jpg" content-height="0.6in"/> What I'd like to do, is put in an "if" statement, surronding the {$SMSname}.jpg line. That is: <fo:block text-align="start"> <xsl:if test="exists( the external file {$SMSname}.jpg)"> <fo:external-graphic src="../images/{$SMSname}.jpg" content-height="0.6in"/> </xsl:if> <xsl:if test="not(exists( the external file {$SMSname}.jpg))"> <fo:external-graphic src="../images/unknown.jpg" content-height="0.6in"/> </xsl:if> </fo:block> Because of "grouping", etc., I'm using XSLT 2.0. I hope that this is something that can be done. I hope even more that it's something simple. As always, thanks in advance for any help. LO

    Read the article

  • How do I tell which account is trying to access an ASP.NET web service?

    - by Andrew Lewis
    I'm getting a 401 (access denied) calling a method on an internal web service. I'm calling it from an ASP.NET page on our company intranet. I've checked all the configuration and it should be using integrated security with an account that has access to that service, but I'm trying to figure out how to confirm which account it's connecting under. Unfortunately I can't debug the code on the production network. In our dev environment everything is working fine. I know there has to be a difference in the settings, but I'm at a loss with where to start. Any recommendations?

    Read the article

  • Cycling tabs graphically

    - by abernier
    Mac OS X's window manager is composed of: Applications Windows Tabs By default on OS X, you can cycle over applications with the famous ?? shortcut. In addition to this, I use a little utility called Witch which enables cycling (graphically) over windows too(I've defined it on ??). Unfortunately, it does not currently support tabs cycling... Would you have any suggestion for this? I know I already can ^? for this, but I'm looking for a graphical utility where you are not blind during cycling. Thank you.

    Read the article

  • Reason to use more cookies than just a session hash for authentication?

    - by dierre
    I usually hang out in a community using vBulletin as its bulletin board. I was looking at what this software saves as cookie in my browser. As you can see it saves 6 cookies. Amongst them, what I consider to be important for authentification are: ngivbsessionhash: hash of the current session ngivbpassword: hash of the password ngivbuserid: user's id Those are my assumptions of course. I don't know for sure if ngilastactivity and ngilastvisit are used for the same reason. My question is: why use all these cookie for authentication? My guess would be that maybe generating a session hash would be to easy so using the hashedpassword and userid adds security but what about cookie spoofing? I'm basically leaving on the client all fundamental informations. What do you think?

    Read the article

  • Reliably detect caller domain over cURL request?

    - by Utkanos
    OK so server-side security is not my forte. Basically, I'm building a service which users may use (via an SDK) only on the domain they stipulated when they signed up. The SDK calls my web service over cURL in PHP. Would I be right in thinking I cannot reliably detect the caller domain, i.e. enforce that it is the same domain they stipulated when signing up? cURL of course sends this over headers, but headers can always (?) be faked. Is there a better course of action to enforce domain for this sort of thing? (NB I'm already using an API key, too - it's just I wanted to restrict domain, too) Thanks in advance

    Read the article

  • How are CD Keys generated?

    - by The Rook
    CD Keys are the defacto-standard as an anti-piracy measure. To be honest this strikes me as Security Though Obscurity, although I really have no idea how CD Keys are generated. What is a good (secure) example of CD Key generation? What cryptographic primitive (if any) are they using? Is it a message digest? If so what data would they be hashing? What methods do developers employ to make it difficult for crackers to build their own key generators?

    Read the article

  • How can I do printing in Java with layouts instead of low level coordinates?

    - by Jonas
    I need to to some printing from my Java Swing application. I have tried to use Java Tutorials, but everything is very low level, and time-consuming. I have to specify the coordinates for every line that I want to print. It it also very lowlevel to use text, because I have to use FontMetrics and calculate what space all text fills up. Is there any easier way to to printing in Java? I would like to design the documents with something like layout managers instead. Any good library or API?

    Read the article

  • Html encoding in MVC input

    - by fearofawhackplanet
    I'm working through NerdDinner and I'm a bit confused about the following section... First they've added a form for creating a new dinner, with a bunch of textboxes delcared like: <%= Html.TextArea("Description") %> They then show two ways of binding form input to the model: [AcceptVerbs(HttpVerbs.Post)] public ActionResult Create() { Dinner dinner = new Dinner(); UpdateModel(dinner); ... } or: [AcceptVerbs(HttpVerbs.Post)] public ActionResult Create(Dinner dinner) { ... } Ok, great, that all looks really easy so far. Then a bit later on they say: It is important to always be paranoid about security when accepting any user input, and this is also true when binding objects to form input. You should be careful to always HTML encode any user-entered values to avoid HTML and JavaScript injection attacks Huh? MVC is managing the data binding for us. Where/how are you supposed to do the HTML encoding?

    Read the article

  • folder structure for project documentation

    - by Qiulang
    Hi all, I saw some questions raised about the folder structure of source codes, but I never see the question about folder structure of project documentation. I googled it and still do not see many articles talk about. Here is one http://www.projectperfect.com.au/downloads/Info/info_project_folder_structure.pdf To quote some of its words: "There are two broad approaches: Organize by phase so that each top directory is a phase. For example, you might have directories for Feasibility, Business Analysis, Design etc. or whatever your phases are called. Organize by function so that the top directory level are functions. For example, Risks, Requirements, Scope, Change Control, Development. Most times a mix of both are used..." So any thought about it? I believe this is also an important issue!

    Read the article

  • does it make sense to send password information during email communication from websites

    - by Samuel
    Most of the online sites on registration do send a link to activate the site and on any further correspondence with the end user they provide information about the site and also provide the login credentials with password in clear text (as given below) Username - [email protected] Password - mysecretpassword What would you do in such a case? From a usability perspective does it make sense to send the password information in clear text or should you just avoid sending this information. I was under the impression that most of the passwords are MD5 hashed before storing in the database and hence the service provider will not have any access to clear text passwords, is this a security violation?

    Read the article

  • WYSIWYG-editor with "add custom html feature" and secure (validated) html output?

    - by Tom
    I've been looking into some of the WYSIWYG editors (TinyMCE, FCKEditor, etc.) and they all seem to offer a lot of options. However, one vital feature that seems to lack is a simple "add custom html" option which would allow the user to input any of these embed-snippets you find all around the web these days, for example a youtube video. This is different than a "edit html/source" feature as that requires actual knowledge of html and there is the risk of the user writing invalid code. Another issue that I couldn't find much about is the output html. How would I make sure that this output causes no security invulnerabilities? Even when the user has the ability to add his own html? So, basically, is there an open source WYSIWYG editor which covers these 2 features?

    Read the article

  • URIs vs Hidden Forms

    - by NateDogg
    I'm working in the Codeigniter framework, and want to send requests to my controller/model that have several variables involved. Is there a difference between passing those variables via a hidden form (i.e. using "post") as opposed to passing them through URIs (e.g. 'travel/$month/$day/')? What about security concerns? e.g. URIs: http://www.example.com/travel/$month/$day/ Hidden Form: form_hidden('month',$month); form_hidden('day',$day);

    Read the article

  • Securing an ajax request

    - by asdasdsa
    i have a website that uses session cookies for security. it works fine and all, but any ajax requests right now are not secure. example being lets say a user is on a page. they can only get to this page if they are logged in with a session - so far so good. but now the ajax request they ask for is ajaxpages/somepage.php?somevar=something&anothervar=something if any other user decides to just go to that link themselves (without a session) they still get the same ajax output that was meant for logged in people. so obviously im going to have to pass session data across when i send an ajax request. anyone have any tips for the best way of doing this? ive never done this before and would rather use trusted methods than make up my own.

    Read the article

< Previous Page | 186 187 188 189 190 191 192 193 194 195 196 197  | Next Page >