Search Results

Search found 14771 results on 591 pages for 'security policy'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 197/591 | < Previous Page | 193 194 195 196 197 198 199 200 201 202 203 204  | Next Page >

  • Hosting SQL at remote location?

    - by Syd
    Hey guys, My OSCommerce site includes a separately programmed feature for which I use SQL tables. I've decided to host its tables on a remote site offering free SQL accounts. I'd like to know if there could be any disadvantages to this approach. Thanks Syd

    Read the article

  • Should I sanitize EVERY form variable passed along?

    - by Camran
    I have a form with many fields... The action is set to a php page which queries mysql... Should I sanitize with mysql_real_escape_string every single variable? Or can I ignore sanitizing drop-lists and radios for instance? Also, besides mysql_real_escape_string, what else should I do to prevent attacks? Thanks

    Read the article

  • How can I securely check if a username is already taken?

    - by Geo
    I have a form where someone can create a new user. I'd like to add some AJAX to check if a username is taken, as soon as the input field loses focus. I'm not really sure how to go about this, as this could pave the way to bruteforce attack, since you could check for any username and see whether or not it exists. Any suggestions?

    Read the article

  • Exists a replacement for the command-line-tool CASPOL.exe?

    - by tantran
    When trying to execute a .NET-App, it throws a "PolicyException", because "only one group is allowed". The tool should list existing settings, and allow to delete selected settings. Using caspol to list is not helpful, it is cruel. I've seen there is a simple gui-frontend, which allows to define NEW settings, but it does not allow to list or delete existing settings. Caspol is a nightmare, no wonder anyone uses it by choice. With .NET 1.1 Microsoft delivered a configuration-utility, but for .NET 2.0 i've found nothing.

    Read the article

  • How secure is .htaccess protected pages

    - by Steven smethurst
    Are there any known flaws with htaccess protected pages? I know they are acceptable to brute force attacks as there is no limit to the amount of times someone can attempt to login. And a user can uploaded and execute a file on the server all bets are off... Anything other .htaccess flaws?

    Read the article

  • Password verification; Is this way of doing it safe?

    - by Camran
    I have a classifieds website, where everybody may put ads of their products. For each classified, the user has to enter a password (so that they can delete the classified whenever they wish). So basically, when somebody wants to delete a classified, they click on the classified, click on the delete button, and enter the pass. I use MySql as a database. I use this code basically: if ($pass==$row['poster_password']) where row[poster_password] is fetched from MySql... What do you think? Thanks

    Read the article

  • Ensure that my C# desktop application is making requests to my ASP .NET MVC action?

    - by Mathias Lykkegaard Lorenzen
    I've seen questions that are almost identical to this one, except minor but important differences that I would like to get detailed. Let's say that I have a controller and an action method in MVC which therefore accepts requests on the following URL: http://example.com/api/myapimethod?data=some-data-here. This URL is then being called regularly by 1000 clients or more spread out in the public. The reason for this is crowdsourcing. The clients around the globe help feed a global cache on my server, which makes it faster for the rest of the clients to fetch the data. Now, if I'm sneaky (and I am), I can go into Fiddler, Ethereal, Wireshark or any other packet sniffing tool and figure out which requests the program is making. By figuring that out, I can also replicate them, and fill the service with false corrupted data. What is the best approach to ensuring that the data received in my ASP .NET MVC action method is actually from the desktop client application, and not some falsely generated data that the user invented? Since it is all based on crowdsourcing, would it be a good idea for my users to be able to "vote" if some data is falsified, and then let an automatic cleanup commence if there are enough votes? I do not have access to a tool like SmartAssembly, so unfortunately my .NET program is fully decompilable. I realize this might be impossible to accomplish in an error-proof manner, but I would like to know where my best chances are.

    Read the article

  • Hiding "Print to file" in a Java print dialog

    - by Carl Smotricz
    I'm maintaining this Swing app that has a "print" option. Users need to be kept from interacting in any way with the underlying file system, but the print dialog offers "print to file" as one printer, and that of course allows selecting a directory and file from the file system. Is there a painless way to override/modify the print dialog to hide the "to file" printer from this dialog? I understand the API will let me do this piecemeal but I'd rather not have to re-create most of the dialog GUI and functionality to do this.

    Read the article

  • What are the downside of not having an index.html file to some directories

    - by Pennf0lio
    Hi, I'm curious what are some effects/downside of not putting an index.html file to your directories (e.g images). I know when an index file is not present to a directory, files inside that directory are no longer private and will be visible to the browsers when point (eg yoursite.com/images/). Aside from that what are some big effects to consider? and how to properly secure them. thanks!

    Read the article

  • Forcibly clear memory in java

    - by MBennett
    I am writing an application in java that I care about being secure. After encrypting a byte array, I want to forcibly remove from memory anything potentially dangerous such as the key used. In the following snippet key is a byte[], as is data. SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES"); Cipher cipher = Cipher.getInstance("AES"); cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec); byte[] encData = cipher.doFinal(data, 0, data.length); Arrays.fill(key, (byte)0); As far as I understand, the last line above overwrites the key with 0s so that it no longer contains any dangerous data, but I can't find a way to overwrite or evict secretKeySpec or cipher similarly. Is there any way to forcibly overwrite the memory held by secretKeySpec and cipher, so that if someone were to be able to view the current memory state (say, via a cold boot attack), they would not get access to this information?

    Read the article

  • Login form to an a secured app in tomcat

    - by patricio
    I have a normal HTML page in a normal Apache http server (http://yyy.yyy.yyy.yyy/index.html ), with an authentication form, with that form I need to access with the credentials to an application located in other server with diferent IP , that server have a secured application with tomcat: here is the login form in the apache http server: <form method="POST" id="theForm" action="http://xxx.xxx.xxx.xxx:8080/securedapp/j_security_check"> <input name="j_username" type="text" class="tx_form" id="j_username" size="20" /> <input name="j_password" type="password" class="tx_form" id="textfield2" size="20" /> <input name="btn" type="submit" value="login" /> </form> the submit only works random in chrome and dont work in IE and FF. im doing something wrong?

    Read the article

  • MSV1_0 Subauthentication Package Registration

    - by BigShot
    Hi; I'm trying to register a simple MSV1_0 subauthentication package for MS Windows Server 2003. I created a dll which implements required functions described in MSDN. I copied my dll to system32 folder. After that, I created a registry key Auth255 (I also tried Auth128) with a REG_SZ value ,which specifies my dll name, to this location; HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0. I expect that it will create a test.txt file for debugging puposes when the dll is called, but it doesn't create the file. How can I make this work? MSDN Link for this topic; http://msdn.microsoft.com/en-us/library/aa374786%28VS.85%29.aspx

    Read the article

  • Using Forms authentication with remote auth system?

    - by chobo
    I am working on a website that uses a remote websites database to check for authentication (they are both share some database tables, but are separate website...) Right now I check the username and password against the remote websites account / member table, if there is a match I create a session. Questions: Is this secure? On authenticated pages I just check if a session of a specific type exists.Is it possible for someone to create an empty session or something that could bypass this? Is it possible to use Forms authentication with this setup? Right now if a user is authenticated I just get an object back with the username, email and id.

    Read the article

  • Is it possible to authenticate on another website?

    - by Blankman
    If I am on a website#1, and I enter my username/pwd for website#2 on a login page that is on website#1, and website#1, behind the scenes, makes a httpwebrequest to website#2 and posts to the login page. If I then navigate to website#2, should I be logged in? website#2 uses formsauthentication and I call a httpHandler that is on website#2 and pass it the username/password via the querystring. Should this work?

    Read the article

  • Should default passwords always be empty?

    - by mafutrct
    I'm currently designing a system that requires an admin to log in using a password. For certain reasons, it is difficult to set this password during installation, but it can be changed later. My idea is this: If I leave the default password empty, it is so horridly insecure that every admin is going to fix this as soon as possible. If I were to use some kind of predefined password instead, admins may think "ah.. nobody would think I've got 'defaultpassword' as my password so it's not very important to change." So the basic thought is to make it so terrible that even the most lazy people are going to do something about it.

    Read the article

  • j_security_check to SSO in different module under Oracle App Server?

    - by thebearinboulder
    I have an existing j2ee application running on Oracle App Server. It is targeted towards paying customers so the content is secured and a SSO module properly intercepts all requests for secured content. Now the company is adding a unbranded public-facing module with a number of unsecured pages. At one point the user is expected to register for a free account and log in to proceed further. Think doctors adding a public-facing site with information for potential patients, or lawyers adding a public-facing site with information for potential clients. There's some information on the session and the usual approach would be to authenticate the user, persist the session information using the now-known user id, invalidate the existing session (to prevent certain types of attacks), the reload the session information before returning to the user. I can't just persist it under the session id since that's about to change. The glitch is that the existing application already has an SSO module and I get a 404 error every time I try to direct to j_security_check. I've tried that, /sso/j_security_check, even http://localhost/sso/j_security_check, all without success. I noticed that an earlier question said that tomcat requires access to a secured page before j_security_check is even visible. I don't know if that's the case with Oracle AS. Ideas? Or is the best approach to continue arguing that we have a different user base so it would be better to handle authentication in our own module anyway?

    Read the article

  • EJB3.1 logout doesn't work

    - by Kevin
    Hello, I've got a problem with the authentication features of EJB3.1: With this code in a Servlet v3: log.info(""+request.getUserPrincipal()); log.info(""+request.getAuthType()); log.info("===^==="); request.logout() ; log.info(""+request.getUserPrincipal()); log.info(""+request.getAuthType()); request.authenticate(response) ; log.info("===v==="); log.info(""+request.getUserPrincipal()); log.info(""+request.getAuthType()); I would always expect to see the Username/login windows, because of the logout() function. Instead, it seems to be a 'cache' mechanism which repopulate the credential and cancel my logout ... Admin BASIC ===^=== null null ===v=== Admin BASIC is it a problem with my firefox, or something I'm missing in the Servlet code? Thanks

    Read the article

  • Where should I place a function that I want to run before the cached page is served (Drupal)

    - by kidbrax
    We have a intranet site that runs on Drupal. If an employee hits the site from outside our network they are required to login first. If they are already in our network, they can browse around freely. So we have a function that checks where they are coming from and redirects them to a login page if they are from outside. If we enable caching, they are not redirected because the cached page is rendered without running our function. The code currently exists inside of the theme_preprocess function. Where can I put it so that it always runs before the cached pages are served?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 193 194 195 196 197 198 199 200 201 202 203 204  | Next Page >