Search Results

Search found 12926 results on 518 pages for 'security risks'.

Page 217/518 | < Previous Page | 213 214 215 216 217 218 219 220 221 222 223 224  | Next Page >

• how can i get the file permission of a directory with java

  - by user571652

  i try to check the permission granted to a directory in linux, i mean i have a directory with permission 755 berty@berty-laptop:~$ ls -l / |grep directory drwxr-xr-x 3 root root 4096 2011-01-10 12:33 directory how can i read that permission with java? I've tried using FilePermission but though i have a directory with all the permissions (777) the FilePermission class always returns an exception java.security.AccessControlException: Access denied (java.io.FilePermission /home/directory read) at java.security.AccessController.checkPermission(AccessController.java:103) at com.snippets.Check4DirectoryPermission.checker(Check4DirectoryPermission.java:50) at com.snippets.Check4DirectoryPermission.main(Check4DirectoryPermission.java:70) is there another way to do this?

  Read the article

• Why is it safe to use copy & paste in Flash but not in Javascript?

  - by Lenni

  I'm trying to use copy'n paste in one of my web apps and have read a few articles/SO questions about it. Most people say that using Flash is the only option since most browsers don't allow access to the system clipboard because of security concerns. I can understand this but I wonder why it is okay for Flash do this, but not for the browser. Or has it got nothing to do with security and it is simply to complicated to implement this for cross-platform browser vendors?

  Read the article

• How do I send/receive windows messages between VB6 and c#?

  - by cabgef

  I know I can receive messages with the code below in c#, how do I send to vb6, and receive in vb6, and send from vb6? [System.Security.Permissions.PermissionSet(System.Security.Permissions.SecurityAction.Demand, Name = "FullTrust")] protected override void WndProc(ref Message m) { int _iWParam = (int)m.WParam; int _iLParam = (int)m.LParam; switch ((ECGCardioCard.APIMessage)m.WParam) { // handling code goes here } base.WndProc(ref m); }

  Read the article

• PHP/CGI: Portable and safe way to get PATH_INFO

  - by LiraNuna

  I'm seeking a portable way to receive the (handy) $_SERVER['PATH_INFO'] variable. After reading a while, it turns out PATH_INFO is originated from CGI/1.1, and my not always be present in all configuration. What is the best (mostly security-wise) way to get that variable - apart from extracting it manually (security concern).

  Read the article

• Shared Hudson installation - how to enable access to git over ssh?

  - by tputkonen

  We are trying to set up a Hudson server and share it between different projects. Hudson authenticates users against our Windows domain AD, and the project based security matrix makes it easy to manage who can access which projects. Remaining issue is, that most of the projects use git over ssh. Is there a way to make shared Hudson access git so that each project could create their and manage their own jobs without compromising security?

  Read the article

• Getting path of file copied after deployment in a unit test C#

  - by amitchd

  Hi, The connection string in my app.config for my C# project looks like Data Source=.\SQLEXPRESS;AttachDbFilename='|DataDirectory|\EIC.mdf';Integrated Security=True;User Instance=True" I am writing unit tests for the project and have the set the test run configuration to copy the EIC.mdf, but I do am not able to reference the Deployed copy of EIC.mdf to be referenced by the app.config I created for the test project. If I set it to Data Source=.\SQLEXPRESS;AttachDbFilename='EIC.mdf';Integrated Security=True;User Instance=True" It still does not find the mdf file.

  Read the article

• Authenticating users in iPhone app

  - by Myron

  I'm developing an HTTP api for our web application. Initially, the primary consumer of the API will be an iPhone app we're developing, but I'm designing this with future uses in mind (such as mobile apps for other platforms). I'm trying to decide on the best way to authenticate users so they can access their accounts from the iPhone. I've got a design that I think works well, but I'm no security expert, so I figured it would be good to ask for feedback here. The design of the user authentication has 3 primary goals: Good user experience: We want to allow users to enter their credentials once, and remain logged in indefinitely, until they explicitly log out. I would have considered OAuth if not for the fact that the experience from an iPhone app is pretty awful, from what I've heard (i.e. it launches the login form in Safari, then tells the user to return to the app when authentication succeeds). No need to store the user creds with the app: I always hate the idea of having the user's password stored in either plain text or symmetrically encrypted anywhere, so I don't want the app to have to store the password to pass it to the API for future API requests. Security: We definitely don't need the intense security of a banking app, but I'd obviously like this to be secure. Overall, the API is REST-inspired (i.e. treating URLs as resources, and using the HTTP methods and status codes semantically). Each request to the API must include two custom HTTP headers: an API Key (unique to each client app) and a unique device ID. The API requires all requests to be made using HTTPS, so that the headers and body are encrypted. My plan is to have an api_sessions table in my database. It has a unique constraint on the API key and unique device ID (so that a device may only be logged into a single user account through a given app) as well as a foreign key to the users table. The API will have a login endpoint, which receives the username/password and, if they match an account, logs the user in, creating an api_sessions record for the given API key and device id. Future API requests will look up the api_session using the API key and device id, and, if a record is found, treat the request as being logged in under the user account referenced by the api_session record. There will also be a logout API endpoint, which deletes the record from the api_sessions table. Does anyone see any obvious security holes in this?

  Read the article

• Passing windows credentials through web application, to WCF

  - by IP

  I've checked other questions, but I can't find a working answer I have a .Net web application which successfully takes on the callers windows credentials (Thread.CurrentPrincipal is my windows user). Within that app, I call to a WCF service, but my windows identity isn't passed up. Regardless of what I put in the binding: NetTcpBinding binding = new NetTcpBinding(); binding.Security.Mode = SecurityMode.Transport; binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Windows;

  Read the article

• Android: Unable to access a local website over HTTPS

  - by user1253789

  I am trying to access a locally hosted website and get its HTML source to parse. I have few questions: 1) Can I use "https://An IP ADDRESS HERE" as a valid URL to try and access. I do not want to make changes in the /etc/hosts file so I want to do it this way. 2) I cannot get the html, since it is giving me Handshake exceptions and Certificate issues. I have tried a lot of help available over the web , but am not successful. Here is the code I am using: public class MainActivity extends Activity { private TextView textView; String response = ""; String finalresponse=""; /** Called when the activity is first created. */ @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_main); textView = (TextView) findViewById(R.id.TextView01); System.setProperty("javax.net.ssl.trustStore","C:\\User\\*" ); System.setProperty("javax.net.ssl.trustStorePassword", "" ); } private class DownloadWebPageTask extends AsyncTask<String, Void, String> { @Override protected String doInBackground(String... urls) { TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { } public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { } } }; try { SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); } catch (Exception e) { } try { URL url = new URL("https://172.27.224.133"); HttpsURLConnection con =(HttpsURLConnection)url.openConnection(); con.setHostnameVerifier(new AllowAllHostnameVerifier()); finalresponse=readStream(con.getInputStream()); } catch (Exception e) { e.printStackTrace(); } return finalresponse; } private String readStream(InputStream in) { BufferedReader reader = null; try { reader = new BufferedReader(new InputStreamReader(in)); String line = ""; while ((line = reader.readLine()) != null) { response+=line; } } catch (IOException e) { e.printStackTrace(); } finally { if (reader != null) { try { reader.close(); } catch (IOException e) { e.printStackTrace(); } } } return response; } @Override protected void onPostExecute(String result) { textView.setText(finalresponse); } } public void readWebpage(View view) { DownloadWebPageTask task = new DownloadWebPageTask(); task.execute(new String[] { "https://172.27.224.133" }); } }

  Read the article

• Is there is software license for code review (read-) only?

  - by Horace Ho

  I am going to development a product related to security. It's my personal belief that any security related product should release it's source code for review. However, I also want to sell it as a commercial product and keep the code ownership to myself and don't expect deviated work. Is there a software license for this purpose? Thanks.

  Read the article

• Published software not displayed in Add/Remove Programs

  - by vikramsjn

  I just followed How to use Group Policy to remotely install software in Windows Server 2003 to try publishing a software (MSI file). I could follow all the steps, but the supposedly successfully published software does not appear on client/user machine's Add/Remove Programs. Could some help figure why this may not be working. Update: On reading this question on Experts-Exchange, tried gpresults. Output extract follows: COMPUTER SETTINGS The following GPOs were not applied because they were filtered out XADistribution Filtering: Denied (Security) Default Domain Policy Filtering: Denied (Security)

  Read the article

• What components have you built that you are reusing over and over again for your desktop application

  - by Jason

  We are building our internal library of components up, and was wondering what everybody has in their library of reusable components for your organization, for desktop applications. Our list currently includes only a couple of components: Logon, Security and User Group functionality System Tray / Service Framework Component for Internet Communications (to handle proxies, security, etc...) Billing What else do you have, that we should add to our list? If you have reusable web components, save your answers... I will open a different question if this one is successful.

  Read the article

• Storing images above or below the web root?

  - by JGDev

  I'm working on a web app where users can upload images which are associated with their account. I'm trying to figure out the best way to store these images in the filesystem taking into account organization and security. I'm using a JavaScript-based file uploader which has to save the images within the web root, but I'm wondering if it would be better to move the images above the web root for better security? Any thoughts on the matter would be appreciated.

  Read the article

• Oracle Announces New Oracle VM Template for MySQL Enterprise Edition

  - by Zeynep Koch

   Oracle announces new Oracle VM template for MySQL Enterprise Edition enabling more efficient and lower cost deployments of virtualized MySQL environments. Here are some of the details and benefits: The new Oracle VM Template for MySQL helps eliminate manual configuration efforts and risks by providing a pre-installed, pre-configured and certified software stack that includes Oracle VM Server for x86, Oracle Linux with the Unbreakable Enterprise Kernel and MySQL Enterprise Edition. By pre-integrating the world’s most popular open source database with Oracle Linux and Oracle Virtualization technologies, enterprise users and ISVs can quickly and easily deploy and manage a virtualized MySQL database server for Web and cloud-based applications. Backed by Oracle’s world-class support organization and the result of extensive integration and quality assurance testing, the Oracle VM Template for MySQL Enterprise Edition further demonstrates Oracle’s investment in MySQL and allows users to benefit from a single point of contact for 24/7 technical support for all pre-configured components. Read more in this white paper. 

  Read the article

• Why aren't we all doing model driven development yet ?

  - by KeesDijk

  I am a true believer in Model Driven Development, I think it has the possibility to increase productivity, quality and predictability. When looking at MetaEdit the results are amazing. Mendix in the Netherlands is growing very very fast and has great results. I also know there are a lot of problems versioning of generators, templates and framework projects that just aren't right for model driven development (not enough repetition) higher risks (when the first project fails, you have less results than you would have with more traditional development) etc But still these problems seem solvable and the benefits should outweigh the effort needed. Question: What do you see as the biggest problems that make you not even consider model driven development ? I want to use these answers not just for my own understanding but also as a possible source for a series of internal articles I plan to write.

  Read the article

• Oracle’s new release of Primavera P6 Enterprise Portfolio Management

  It is estimated that projects totaling more than $6 trillion in value have been managed with Primavera products. Companies turn to Oracle's Primavera project portfolio management solutions to help them make better portfolio management decisions, evaluate the risks and rewards associated with projects, and determine whether there are sufficient resources with the right skills to accomplish the work. Tune into this conversation with Yasser Mahmud, Director of Product Strategy, for the Oracle Primavera Global Business Unit, to learn how P6 revolutionized project management, the new features in the release of Oracle Primavera P6 version 7 and how this newest release helps project-intensive businesses manage their entire project portfolio lifecycle, including projects of all sizes.

  Read the article

• Take Steps to Mitigate the Threat of Insiders

  - by Troy Kitch

  Register now for our upcoming Feb 23 Webcast The Insider Threat, Understand and Mitigate Your Risks. Insiders, by virtue of legitimate access to their organizations' information and IT infrastructure, pose a significant risk to employers. Employees, motivated by financial problems, greed, revenge, the desire to obtain a business advantage, or the wish to impress a new employer, have stolen confidential data, proprietary information, or intellectual property from their employers. Since this data typically resides in databases, organizations need to consider a database security defense in depth approach that takes into account preventive and detective controls to protect their data against abuse by insiders. Register now and learn about: Actual cases of insider cyber crimes Three primary types of insider cyber crimes: IT sabotage, theft of intellectual property (e.g. trade secrets), and employee fraud Lack of controls around data that allow these crimes to be successful Solutions to help secure data and database infrastructure

  Read the article

• Accenture Launches Smart Grid Data Management Platform

  - by caroline.yu

  Accenture announced today it has launched the Accenture Intelligent Network Data Enterprise (INDE), a data management platform to help utilities design, deploy and manage smart grids. INDE's functionality can be enabled by an array of third party technologies. In addition, Accenture plans to offer utilities the option of implementing the INDE solution based on a pre-configured suite of Oracle technologies. The Oracle-based version of INDE will accelerate the design of smart grids and help reduce the costs and risks associated with smart grid implementation. Stephan Scholl, Senior Vice President and General Manager of Oracle Utilities said, "Oracle and Accenture share a common vision of how the smart grid will enable more efficient energy choices for utilities and their customers. Our combined expertise in delivering mission-critical smart grid applications, security, data management and systems integration can help accelerate utilities toward a more intelligent network now and as future needs arise." For the full press release, click here.

  Read the article

• Ubuntu Touch Official Hardware? [duplicate]

  - by user1628

  This question already has an answer here: Where can I get a device with 'Ubuntu for phones' pre-installed? 1 answer I really like the look of Ubuntu touch and I want it ASAP, however, I am NOT willing to buy a device simply to port ubuntu touch on it. I don't want to void all warranties and take any risks. Therefore, I am really just waiting for official ubuntu touch hardware (devices made for ubuntu touch). I can't find any rumours or estimated release dates online, in fact, I can't find out anything at all. Can anyone? If so, what and where? When do you think they'll be official hardware? What price do you think it'll be? Do you think canonical/ubuntu will manufacture it themselves? Thanks, Zach

  Read the article

• Physical effects of long term keyboard use- what does the science say and what factors affect it?

  - by glenatron

  This question asks about the ergonomics of a particular keyboard for long programming hours, what I would like to know is about the ergonomics of using a keyboard in general. What are the most significant risks associated with it and how can they best be mitigated? Do the "ergonomic" keyboard designs make a difference and if so which design is most effective? If not do other factors such as wrist-rests, regular exercise or having a suitable height of chair or desk make a difference? Do you have any direct experience of problems deriving from keyboard use and if so how did you resolve them? Is there any good science on this and if so what does it indicate? Edited to add: Wikipedia suggests that there are no proven advantages to "ergonomic" keyboards, but their citation seems pretty old- is that still the current state of play?

  Read the article

• Ubiquity crashes when installing from CD

  - by Ashes

  I didn't want to take any risks so I ordered a CD from Canonical to get Ubuntu. Thing is, another CD was given to me about 2 days before the CD from Canonical got to me, so I installed Ubuntu 10.10 but there was a problem with the login screen (When the Ubuntu logo should be displayed, it wasn't, instead it would just say "Ubuntu 10.10") so I decided to reinstall Ubuntu 10.10 with the CD that arrived a few days later. Whenever it's finishing the installation, the installer (ubiquity) crashes, or sometimes it gets to the part where the boot loader should be installed and for some reason it is unable to install the boot loader (if I choose not to install it, I don't get how to start Ubuntu, since you have to reboot my laptop after the installation is over). I'm currently running Ubuntu 10.10 from the CD I ordered, since I have no other OS on this laptop.

  Read the article

• how to ask questions about bad practices in stackoverflow ( or other technical forums) [migrated]

  - by Nahum Litvin

  I had a case when I needed to do something in code that I knew is a bad practice. but because of a unique situation and after considering the risks thoroughly decided that is worth it. I cannot start explaining all my considerations that include buisness secrets over the internet but I do need technical assistance. when I tried to ask at SA I got heated responses why it is a bad practice instead of answeres to how to do this. poeple are so conserned about what is the right way to write code that they forget that there are other considerations as well. can anyone provide insight of how to correctly ask such a question in order to avoid "this is a bad practice" answers and get real answers?

  Read the article

• Ubiquity crashes when installing Ubuntu 10.10 from CD

  - by Ashes

  I didn't want to take any risks so I ordered a CD from Canonical to get Ubuntu. Thing is, another CD was given to me about 2 days before the CD from Canonical got to me, so I installed Ubuntu 10.10 but there was a problem with the login screen (When the Ubuntu logo should be displayed, it wasn't, instead it would just say "Ubuntu 10.10") so I decided to reinstall Ubuntu 10.10 with the CD that arrived a few days later. Whenever it's finishing the installation, the installer (ubiquity) crashes, or sometimes it gets to the part where the boot loader should be installed and for some reason it is unable to install the boot loader (if I choose not to install it, I don't get how to start Ubuntu, since you have to reboot my laptop after the installation is over). I'm currently running Ubuntu 10.10 from the CD I ordered, since I have no other OS on this laptop.

  Read the article

• How do you balance documentation requirements with Agile developments

  - by Jeremy

  In our development group there is currently discussions around agile and waterfal methodology. No-one has any practical experience with agile, but we are doing some reading. The agile manifesto lists 4 values: Individuals and interactions over processes and tools Working software over comprehensive documentation Customer collaboration over contract negotiation Responding to change over following a plan We are an internal development group developing applications for the consumption of other units in our enterprise. A team of 10 developers builds and releases multiple projects simultanously, typically with 1 - maybe 2 (rarely) developer on each project. It seems to be that from a supportability perspective the organization needs to put some real value on documentation - as without it, there are serious risks with resourcing changes. With agile favouring interactions, and software deliverables over processes and documentation, how do you balance that with the requirements of supportable systems and maintaining knowledge and understanding of how those systems work? With a waterfall approach which favours documentation (requirements before design, design specs before construction) it is easy to build a process that meets some of the organizational requirements - how do we do this with an agile approach?

  Read the article

• How do you make comp.sci students and future programmers aware of the various software licenses and the nuances of it ?

  - by Samyak Bhuta

  To be specific How would you include it as part of curriculum ? Would it be too boring to just introduce them as a pure law subject ? Are there any course structure available or can we derive one ? What are the books that could be used ? I would like to see that - after going through the course - candidate is well aware of "what software licenses are and what they are good for". Various implications of not knowing it in it's proper sense. What licenses they should use for their own code. What to consider when they are trying to use certain libraries or tools in their project and gauge risks/rewards associated with it. The idea is to let them make informed choices when they are professionals/practitioners in field of programming and not make them substitute for a lawyer or even a paralegal who is going to fight the case or draft things.

  Read the article

< Previous Page | 213 214 215 216 217 218 219 220 221 222 223 224  | Next Page >