Search Results

Search found 3707 results on 149 pages for 'secure'.

Page 22/149 | < Previous Page | 18 19 20 21 22 23 24 25 26 27 28 29  | Next Page >

  • La pénurie d'adresses IPv4 cacherait d'autres enjeux selon une analyse de F-secure, qui y voit surtout un facteur de spéculation

    La pénurie d'adresses IPv4 cacherait d'autres enjeux Selon une analyse de F-secure, qui y voit surtout un facteur de spéculation La pénurie d'adresses IPv4, prévue pour l'an prochain, se confirme. Un calcul démontre que toutes les adresses IPv4 seront allouées d'ici fin février 2011. Depuis le dimanche 12 décembre, nous sommes même passés sous la barre des 100 millions d'adresses disponibles. Bien loin des analyse alarmistes livrées jusqu'ici sur la situation, Era Erikson, senior Researcher pour l'édit...

    Read the article

  • What is the Best Practice for creating a secure login in a client - server appllication?

    - by Karamafrooz
    It's been a while I have been thinking on what could be the best scenario for creating a secure login in a client-server application running on internet or any other networks ! So I became with the idea to ask this question on programmers and I hope that this question will make awareness of new aspects of threads and security here by some kind of brain storming , I am really interested in good and new anseawres . Thanks in advance for your participation .

    Read the article

  • Is there a secure web-shell for my server?

    - by Stefano Palazzo
    Following the security principle of trust no one, I can't use a service like http://www.serfish.com/. Is there a free software program that I can install on my Ubuntu server to give me secure shell access via a web-interface? I would prefer a small and light-weight solution, so that I can do at least a rudimentary audit of the source code. I would also prefer something that is in the 'main' repository, so that I get the benefit of stable release upgrades.

    Read the article

  • Is having sensitive data in a PHP script secure? [closed]

    - by tkbx
    Possible Duplicate: What attributes of PHP make it insecure? I've heard that PHP is somewhat secure because Apache won't allow the download of raw PHP. Is this reliable, though? For example, if you wanted to password protect something, but didn't want to create a database, would something like $pass = "123454321"; be safe? Bottom line, is it safe to assume that nobody has access to the actual .php file?

    Read the article

  • Which browser is the most secure? (research and practically based)

    - by wag2639
    I was wondering which browser is the most secure today, Firefox, Internet Explorer, Chrome, or Safari on a Windows machine with the user running as a Power User/Administrator account. This is not a question about which browser is the best because its the most usable, but more of a question if asked for security, which browser is the most secure given an everyday user's experience (JavaScript, Flash, Ads, etc). Also, would the choice for most secure change if the user was running as a restricted user? To clarify, I'm looking for an answer that's based in research on potential and common exploits and how long it takes for critical problems to be patched.

    Read the article

  • nginx - 403 Forbidden

    - by michell90
    I've trouble to get aliases working correctly on nginx. When i try to access the aliases, /pma and /mba (see secure.example.com.conf), i get a 403 Forbidden but the base url works correctly. I read a lot of posts but nothing helped, so here i am. Nginx and php-fpm are running as www-data:www-data and the permissions for the directories are set to: drwxrwsr-x+ 5 www-data www-data 4.0K Dec 5 22:48 ./ drwxr-xr-x. 3 root root 4.0K Dec 4 22:50 ../ drwxrwsr-x+ 2 www-data www-data 4.0K Dec 5 13:10 mda.example.com/ drwxrwsr-x+ 11 www-data www-data 4.0K Dec 5 10:34 pma.example.com/ drwxrwsr-x+ 3 www-data www-data 4.0K Dec 5 11:49 www.example.com/ lrwxrwxrwx. 1 www-data www-data 18 Dec 5 09:56 secure.example.com -> www.example.com/ Im sorry for the bulk, but i thought better too much than too little. Here are the configuration files: /etc/nginx/nginx.conf user www-data www-data; worker_processes 1; error_log /var/log/nginx/error.log; #error_log /var/log/nginx/error.log notice; #error_log /var/log/nginx/error.log info; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; keepalive_timeout 65; include /etc/nginx/sites-enabled/*; } /etc/nginx/sites-enabled/secure.example.com server { listen 80; server_name secure.example.com; return 301 https://$host$request_uri; } server { listen 443; server_name secure.example.com; access_log /var/log/nginx/secure.example.com.access.log; error_log /var/log/nginx/secure.example.com.error.log; root /srv/http/secure.example.com; include /etc/nginx/ssl/secure.example.com.conf; include /etc/nginx/conf.d/index.conf; include /etc/nginx/conf.d/php-ssl.conf; autoindex off; location /pma/ { alias /srv/http/pma.example.com; } location /mda/ { alias /srv/http/mda.example.com; } } /etc/nginx/ssl/secure.example.com.conf ssl on; ssl_certificate /etc/nginx/ssl/secure.example.com.crt; ssl_certificate_key /etc/nginx/ssl/secure.example.com.key; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; /etc/nginx/conf.d/index.conf index index.php index.html index.htm; /etc/nginx/conf.d/php-ssl.conf location ~ \.php$ { try_files $uri =404; fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; fastcgi_index index.php; fastcgi_param HTTPS on; fastcgi_param SCRIPT_FILENAME $request_filename; include fastcgi_params; } /var/log/nginx/secure.example.com.error.log 2013/12/05 22:49:04 [error] 29291#0: *2 directory index of "/srv/http/pma.example.com" is forbidden, client: 176.199.78.88, server: secure.example.com, request: "GET /pma/ HTTP/1.1", host: "secure.example.com" EDIT: forgot to mention, i'm running CentOS 6.4 x86_64 and nginx 1.0.15 Thanks in advance!

    Read the article

  • Friday Tips #6, Part 1

    - by Chris Kawalek
    We have a two parter this week, with this post focusing on desktop virtualization and the next one on server virtualization. Question: Why would I use the Oracle Secure Global Desktop Secure Gateway? Answer by Rick Butland, Principal Sales Consultant, Oracle Desktop Virtualization: Well, for the benefit of those who might not be familiar with client connections in Oracle Secure Global Desktop (SGD), let me back up and briefly explain. An SGD client connects to an SGD server using two distinct protocols, which, by default, require two distinct TCP ports. The first is the HTTP protocol, used by the web browser to connect to the SGD webserver on TCP port 80, or if secure connections are enabled (SSL/TLS), then TCP port 443, commonly identified as the "HTTPS" port, that is, "SSL encrypted HTTP." The second protocol from the client to the server is the Adaptive Internet Protocol, or AIP, which is used for displaying applications, transferring drive mapping data, print jobs, and so on. By default, AIP uses the TCP port 3104, or port 5307 when SSL is enabled. When SGD clients need to access SGD over a firewall, the ports that AIP requires are typically "closed"; and most administrators are reluctant, to put it mildly, to change their firewall configurations to allow AIP traffic on 3144/5307.   To avoid this problem, SGD introduced "Firewall Forwarding", a technique where, in effect, both http and AIP traffic are "multiplexed" onto a single "well-known" TCP port, that is port 443, the https port.  This is also known as single-port firewall traversal.  This technique takes advantage of the fact that, as a "well-known service", port 443 is usually "open",   allowing (encrypted) traffic to pass. At the target SGD server, the two protocols are de-multiplexed and routed appropriately. The Secure Gateway was developed in response to requirements from customers for SGD to support multi-stage DMZ's, and to avoid exposing SGD servers and the information they contain directly to connections from the Internet. The Secure Gateway acts as a reverse-proxy in the first-tier of the DMZ, accepting, authenticating, and terminating incoming client connections, and then re-encrypting the connections, and proxying them, routing them on to SGD servers, deeper in the network. The client no longer needs to know the name/IP address of the SGD servers in their network, they connect to the gateway, only. The gateway takes care of those internal network details.     The Secure Gateway supports the same "single-port firewall" capability as does "Firewall Forwarding", but offers the additional advantage of load-balancing incoming client connections amongst SGD array members, which could be cumbersome without a forward-deployed secure gateway. Load-balancing weights and policies can be monitored and tuned using the "Balancer Manager" application, and Apache mod_proxy_balancer directives.   Going forward, our architects recommend the use of the Secure Gateway over "Firewall Forwarding" for single-port firewall traversal, due to its architectural advantages, its greater flexibility and enhanced features.  Finally, it should be noted that the Secure Gateway is not separately priced; any licensed SGD customer may use the Secure Gateway component at no additional cost.   For more information, see the "Secure Gateway Administrator's Guide".

    Read the article

  • Why .NET ASMX web service on secure.site.com can't be called from www.site.com?

    - by user118657
    Hello, We have a web service on https://secure.site.com/service.asmx it works fine from https://secure.site.com/consumer.html but when we try to use it from https://www.site.com/consumer.html we can't do it. Getting 403 error. I'ts probably something related to webservice security (because of different subdomains) but I can't figure out what. How to make https://secure.site.com/service.asmx be accessible from https://www.site.com/consumer.html? Update: Calling webserivce using JQuery Ajax. $.ajax({ type: "POST", url: "https://secure.site.com/service.asmx/method", data: {}, dataType: "xml", success: method_result, error: AjaxFailed }) ; Thanks.

    Read the article

  • How to secure Ubuntu for a non-technical user? (your mom)

    - by Gil
    My mother will be traveling for a while and I need to provide her with a secure laptop so she can work. A windows laptop is out of the question because: she'll be logging into dodgy hotel wireless networks and conference networks price of the windows license to install on a netbook I've installed libreoffice, media players and skype on it. Also enabled SSH so I can intervene but I am worried that I might not be in a position to do so. Possible threats: web browsing USB sticks insecure networks prone to intrusions malware SSH/VNC vulnerabilites Skype vulnerabilities All the "securing Ubuntu" guides out there assume the user has a certain level of technical knowledge but this is not the case with moms in general. If a malware can gain even user level access it might compromise her files.

    Read the article

  • What is the most secure way to "Grandfather In" existing users of a paid iOS app that will go free?

    - by coneybeare
    The title pretty much says it all, but I can elaborate. I have a paid iOS app that has plenty of existing customers. I think i want to convert to a free app now, and allow full upgrade via in-app-purchase. The problem is, I don't want to make my existing customers buy the app again to use it, nor do I want to make it easy for hackers to just flip a switch and get the pro version. What is the most secure way to "Grandfather In" existing users of a paid iOS app that will go free?

    Read the article

  • Is HTML5 more secure to develop for than Silverlight?

    - by King Chan
    I'm learning Silverlight, and I know that if I master it, I can apply the same concepts to WPF, which means I can do either web or desktop development pretty easily. But I've read articles and followed the discussion online, and I understand HTML5 is gaining traction for being cross-platform, and a lot of people seem to be moving to HTML5. From my understanding, any HTML5 application would be built with HTML and JavaScript (or Flash). But is it secure? It seems like anyone can easily use their browser's "view source" option and grab your code. Is this something I should be worried about, or is there a way to protect against it?

    Read the article

  • Les éditeurs de solutions de sécurité devraient-ils bloquer les malwares gouvernementaux ? F-Secure pense que oui

    Les entreprises de sécurité informatique devraient-elles bloquer les malwares gouvernementaux ? F-Secure pense que oui De récentes révélations accusent les autorités égyptiennes d'avoir acheté puis utilisé un système de surveillance allemand (FinFinder) pour espionner ses citoyens. La société qui le commercialise, Elaman, propose divers produits sous le label de "solutions de sécurité gouvernementale", comme FinSpy qui "garantit un accès total et en temps-réel ainsi que le contrôle à distance de l'ordinateur cible", ou FinFly, un "proxy infectieux utilisé pour propager des malwares intrusifs". Des faits graves qui, bien que non encore confirmés, ont fait bondir la compagnie spécialisée en sécurité info...

    Read the article

  • How to create Large resumable download from a secured location .NET

    - by Kelvin H
    I need to preface I'm not a .NET coder at all, but to get partial functionality, I modified a technet chunkedfilefetch.aspx script that uses chunked Data Reading and writing Streamed method of doing file transfer, to get me half-way. iStream = New System.IO.FileStream(path, System.IO.FileMode.Open, _ IO.FileAccess.Read, IO.FileShare.Read) dataToRead = iStream.Length Response.ContentType = "application/octet-stream" Response.AddHeader("Content-Length", file.Length.ToString()) Response.AddHeader("Content-Disposition", "attachment; filename=" & filedownload) ' Read and send the file 16,000 bytes at a time. ' While dataToRead 0 If Response.IsClientConnected Then length = iStream.Read(buffer, 0, 16000) Response.OutputStream.Write(buffer, 0, length) Response.Flush() ReDim buffer(16000) ' Clear the buffer ' dataToRead = dataToRead - length Else ' Prevent infinite loop if user disconnects ' dataToRead = -1 End If End While This works great on files up to 2GB and is fully functioning now.. But only one problem it doesn't allow for resume. I took the original code called it fetch.aspx and pass an orderNUM through the URL. fetch.aspx&ordernum=xxxxxxx It then reads the filename/location from the database occording to the ordernumber, and chunks it out from a secured location NOT under the webroot. I need a way to make this resumable, by the nature of the internet and large files people always get disconnected and would like to resume where they left off. But any resumable articles i've read, assume the file is within the webroot.. ie. http://www.devx.com/dotnet/Article/22533/1954 Great article and works well, but I need to stream from a secured location. I'm not a .NET coder at all, at best i can do a bit of coldfusion, if anyone could help me modify a handler to do this, i would really appreciate it. Requirements: I Have a working fetch.aspx script that functions well and uses the above code snippet as a base for the streamed downloading. Download files are large 600MB and are stored in a secured location outside of the webroot. Users click on the fetch.aspx to start the download, and would therefore be clicking it again if it was to fail. If the ext is a .ASPX and the file being sent is a AVI, clicking on it would completely bypass an IHTTP handler mapped to .AVI ext, so this confuses me From what I understand the browser will read and match etag value and file modified date to determine they are talking about the same file, then a subsequent accept-range is exchanged between the browser and IIS. Since this dialog happens with IIS, we need to use a handler to intercept and respond accordingly, but clicking on the link would send it to an ASPX file which the handeler needs to be on an AVI fiel.. Also confusing me. If there is a way to request the initial HTTP request header containing etag, accept-range into the normal .ASPX file, i could read those values and if the accept-range and etag exist, start chunking at that byte value somehow? but I couldn't find a way to transfer the http request headers since they seem to get lost at the IIS level. OrderNum which is passed in the URL string is unique and could be used as the ETag Response.AddHeader("ETag", request("ordernum")) Files need to be resumable and chunked out due to size. File extensions are .AVI so a handler could be written around it. IIS 6.0 Web Server Any help would really be appreciated, i've been reading and reading and downloading code, but none of the examples given meet my situation with the original file being streamed from outside of the webroot. Please help me get a handle on these httphandlers :)

    Read the article

  • How to protect web site against hackers?

    - by Adi barda
    Hi Guys, Like everyone of us, I have my own dreams about developing the next cool product that will be adopted by many users and become industry standard. Surprisingly, I find that the most challenging task is to keep my website up & running. My site is being hacked again and again no matter what I do - I blocked the FTP connections, changed the Joomla (CMS) database table names, installed all latest patches and what not. The web site supports the product (over 1800 users now...) by generating licenses, support forums, documentation, galleries etc. The product which is a winforms application cannot be marketed without this web site. My question: Do you have any innovative idea about securing joomla based web sites or what is the best secured web hosting you know. currently i'm hosting my site at ixwebhosting and i like them very much but obviously i can't do any serious marketing being hacked over and over again Thank you very much, Adi Barda

    Read the article

  • Get JS file via HTTPS from a HTTP page

    - by Mike
    Okay, so what are the ramifications of getting a JS file via an HTTPS call while on a HTTP page. I assume it would just be a little bit of extra overhead. Would there be any warnings about this call from any certain browser? Don't ask why. It's just hypothetical.

    Read the article

  • Scriptable testing/debugging HTTP/HTTPS cookies and redirects

    - by Peter Boughton
    I need to setup some automated testing of HTTP requests, to check cookies are doing the right thing, with (manual) debugging when there is a problem. So far I've been muddling along with Firebug, but it's quite a bit of effort using that, and I would prefer some form of scriptable tool, both to make it easier for me and to allow an automated regression test. Any recommendations?

    Read the article

  • How to protect applications ?

    - by haansi
    My Boss have given me assignment to find how a web based application developed in dot net can be protected. As per agreement products developed in our company are asset of company and even not developers can gave the code. But still he wants to know how he can protect products in case a developer theft code and try to launch it from his home ? Please guide how this can be controlled.

    Read the article

  • How do I program a hyperlink to include a username and password to the target site?

    - by Fred Griffith
    We have a website with a section restricted to members only. They log in and can view the website. Some of the information is stored on another server. We want that information to ONLY be accessible to those who have logged into the main website. What would be the best way to link the two sites, without making members log in again? Seems like there must be some way to send an encrypted username and password along with the URL in the hyperlink. Any ideas? Thank you in advance. Fred G.

    Read the article

  • Flex/Air: Sending data with a certificate

    - by BS_C3
    Hello Community, I need to send data from an Air application, using a certificate. This certificate is to be provided by the user through a USB Key. I've got a lot of questions regarding this. Is it possible to do what I'm looking for? If yes, is it possible to do that only with the Flex/Air sdk or should I use Java or some other language to load the certificate? Would anyone have a link where I can learn some more about this? I've been looking through the web, but haven't really found anything useful... Thanks for any help you can provide. Regards. BS_C3

    Read the article

  • Is there a secure way to add a database troubleshooting page to an application?

    - by Josh Yeager
    My team makes a product (business management software) that our customers install on their own servers. The product uses a SQL database for data storage and app configuration. There have been quite a few cases where something strange happened in the customer's database (caused by bugs in our app and also sometimes admins who mess with the database). To figure out what is wrong with the data, we have to send SQL scripts to the customer and tell them how to run them on the database server. Then, once we know how to fix it, we have to send another script to repair the data. Is there a secure way to add a page in our application that allows an application admin to enter SQL scripts that read and write directly to the database? Our support team could use that to help customers run these scripts, without needing direct access to the SQL server. My big concerns are that someone might abuse this power to get data they shouldn't have and maybe to erase or modify data that they shouldn't be able to modify. I'm not worried about system admins, because they could find another way to do the same thing. But what if someone else got access to the form? Is there any way to do this kind of thing securely?

    Read the article

  • Corliss Expert Group Home Security: How to Secure Your Home without Spending Too Much?

    - by Mika Esmond
    HOME SECURITY: HOW TO SECURE YOUR HOME WITHOUT SPENDING TOO MUCH Imagine if there were no burglar or criminals who threaten the safety of our homes; we will be surprised how much savings we would have on several things we do to secure ourselves and our loved ones. We would not need fences, gates with locks, doors locks, window grills, CCTV cams, perimeter lighting, shotguns and baseball bats. The cost of maintaining these things can run up to the entire cost of building another room or, in some cases, a whole new house. The rationale for home security is the same for national security. A nation maintains an army whether it has enemies or not; so, whether burglars will come or not, we have to prepare for the eventuality. Hence, we end up spending for something we might never put into the actual use it was intended for. You buy a pistol and when a burglar breaks in you fire the gun either to scare or disable the intruder. We hope we will never have to use these things; but we still buy them for the peace of mind that comes from knowing we can secure or protect our family and home.

    Read the article

< Previous Page | 18 19 20 21 22 23 24 25 26 27 28 29  | Next Page >