Search Results

Search found 25503 results on 1021 pages for 'browser security'.

Page 237/1021 | < Previous Page | 233 234 235 236 237 238 239 240 241 242 243 244 | Next Page >

Are there cross-platform tools to write XSS attacks directly to the database?

- by Joachim Sauer

I've recently found this blog entry on a tool that writes XSS attacks directly to the database. It looks like a terribly good way to scan an application for weaknesses in my applications. I've tried to run it on Mono, since my development platform is Linux. Unfortunately it crashes with a System.ArgumentNullException deep inside Microsoft.Practices.EnterpriseLibrary and I seem to be unable to find sufficient information about the software (it seems to be a single-shot project, with no homepage and no further development). Is anyone aware of a similar tool? Preferably it should be: cross-platform (Java, Python, .NET/Mono, even cross-platform C is ok) open source (I really like being able to audit my security tools) able to talk to a wide range of DB products (the big ones are most important: MySQL, Oracle, SQL Server, ...)

Read the article
Prevent Method call without Exception using @PreAuthorize Annotation

- by Chepech

Hi all. We are using Spring Security 3. We have a custom implementation of PermissionEvaluator that has this complex algorithm to grant or deny access at method level on the application. To do that we add a @PreAuthorize annotation to the method we want to protect (obviously). Everything is fine on that. However the behavior that we are looking for is that if a hasPermission call is denied, the protected method call only needs to be skipped, instead we are getting a 403 error each time that happens. Any ideas how to prevent that? You can find a different explanation of the problem here; AccessDeniedException handling during methodSecurityInterception

Read the article
Wordpress won't load in chrome but other browsers?

- by Chris J. Lee

I have a website where chrome doesn't even load at all on wordpress. Any ever had this happen to them? site: egore.globerunnerseo.com

Read the article
user agent checking for ios6

- by Akash Saikia

I am trying to check whether client opening the page is using iOS6 or not. var startIndex = navigator.userAgent.search(/OS/i) + 2; var endIndex = navigator.userAgent.search(/like/i); var iOSVersion = parseInt(navigator.userAgent.substr(startIndex,endIndex - startIndex).trim()); this.iOSVersion = true; if(!isNaN(iOSVersion)){ this.iOSVersion = iOSVersion; } else if(Ext.is.Desktop){ this.iOSVersion = true; } The above code works well for all the versions of browsers. But incase of using it in iOS6, it shows as iOS5. Searched for the same thing, but I didn't find a solution. May be I am still not done with searching for this, doing side by side search and hoping if some one has faced this issue before. Any suggestions or updations?

Read the article
How can one make a web-site accessible only when someone has a dongle?

- by Brian M. Hunt

Suppose you want to add an extra layer of credentials on top of a SSL-encrypted login/password, but you don't want to increase complexity to the user. Is there a way to add the requirement of the possession of a dongle to web-server authentication schemes with existing cross-platform browser capabilities? In other words, to get access to the web-site, you would need a username, password, and a USB dongle that has been plugged into the client computer. The dongle would presumably do some sort of challenge/response. It'd be ideal if this dongle solution worked with Firefox automatically or with the simple addition of a plugin. Thoughts and suggestions are appreciated.

Read the article
Internet Explorer to Firefox javascript migration library - does one exist?

- by Brad

I am working on a legacy ASP.NET web site that is highly dependent on Internet Explorer. I would like to migrate it to non-IE browsers. I know there are a large amount of differences (as detailed at quirksmode.org, etc.), so I'm searching for a javascript library that can help minimize the amount of source I'd have to change. I'm hoping that my lack of success in finding such a beast so far means that I'm just a bad google-er, and not that I'm just going to have to slog through coming up with replacements/workarounds for all of IE's proprietary functionality that this site currently uses (it uses quite a bit). Any help you can provide will be greatly appreciated. Thanks!

Read the article
Highstock Chrome/Firefox/Opera

- by Matthias

Is there any particular reason that this HighStock chart: var chart; $(function() { chart = new Highcharts.StockChart({ chart: { renderTo: 'container' }, title: { text: 'Total balance over time' }, xAxis: { type: 'datetime', maxZoom: 7 * 24 * 3600000, // one week title: { text: null } }, yAxis: { title: { text: 'Balance' }, startOnTick: false, showFirstLabel: false }, tooltip: { shared: true }, series: [{ type: 'area', name: 'Account balance', pointInterval: 14 * 3600 * 1000, pointStart: Date.UTC(2012, 3, 11), data: [ 0.7809, 0.7827, 0.7848, 0.785, 0.7873, 0.7894, 0.7907, 0.7909, 0.7947, 0.7987, 0.799, 0.7927, 0.79, 0.7878, 0.7878, 0.7907, 0.7922, 0.7937, 0.786, 0.787, 0.7838, 0.7838, 0.7837, 0.7836, 0.7806, 0.7825, 0.7798, 0.777, 0.777, 0.7772, 0.7793, 0.7788, 0.7785, 0.7832, 0.7865, 0.7865, 0.7853, 0.7847, 0.7809, 0.778, 0.7799, 0.78, 0.7801, 0.7765, 0.7785, 0.7811, 0.782, 0.7835, 0.7845, 0.7844, 0.782, 0.7811, 0.7795, 0.7794, 0.7806, 0.7794, 0.7794, 0.7778, 0.7793, 0.7808, 0.7824, 0.787, 0.7894, 0.7893, 0.7882, 0.7871, 0.7882, 0.7871, 0.7878, 0.79, 0.7901, 0.7898, 0.7879, 0.7886, 0.7858, 0.7814, 0.7825, 0.7826, 0.7826, 0.786, 0.7878, 0.7868, 0.7883, 0.7893, 0.7892, 0.7876, 0.785, 0.787, 0.7873, 0.7901, 0.7936, 0.7939, 0.7938, 0.7956, 0.7975, 0.7978, 0.7972, 0.7995, 0.7995 ] }] }); }); is rendered without any problems in Opera, but not working in Chrome or Firefox? I'm also using some HighChart pie charts. Those are rendered without any issues on all browsers. All of the demos on the HighStock Demo Gallery are working without problems.

Read the article
Find text position

- by serhiyiv

Hi. Could you please help me !!!! For example, I load some page into opera/Firefox etc., there is a text on the page (which is a link). What I need is to find position of the text on the screen and send mouse click to that position. Is it possible to do? If you can, give an example please!!!!

Read the article
Do we need to differntiate anything for this in IE8?

- by kumar

I have this code in my application var checked = $('#fieldset input[type=checkbox]:checked'); var ids= checked.map(function() { return $(this).val(); }).get().join(','); in firefox I am getting all the checked Ids something like this.. 123,234,443.. but same code in IE8 its showing only first Id not all checked id's even its checked? Even if I uncheck the first checkbox if I check second checkbox second checkbox value showing as null? can anybody help me out? thanks

Read the article
What is the sense of permiting the user to use no passwords longer than xx chars?

- by reox

Its more like a usability question or maybe database, or even maybe security (consider injection attacks) but what is the sense of permiting the user's password to a be not longer than xx chars? It does not make any sense to me, because longer passwords are mostly considered better and even harder to crack, and some users use password safes, so the password length should not matter. I understand that passwords with more than 20 chars are hardly to remember, but if you use diceware or password safe you dont have any problem with that. I really cant understand why there are sites that say "your password need to be between 5 and 8 chars"... also should the password saved as hash, so the length of the field in the database is fixed, so where is the problem? i think that most of the sites where the password is has to be a fixed length are not even using any hashing method...

Read the article
@font-face and CSS3 working locally but not on hosting

- by iamfriendly

Hello chaps and chapettes, I've got a bit of a strange one for you (so to speak). I've devised a little 'coming soon' page for my site which, locally, (on a WAMP setup) is working flawlessly - in capable browsers (i.e. Chrome and Safari), the page looks fine and has a nice little CSS3 transition effect upon hover. And in other browsers, the page visibly looks (practically) identical and the hover effect still works, just without the transition. After uploading to my hosting, the site still looks fine and works fine in Chrome and Safari, but for some reason in Firefox, the @font-face declarations don't seem to have worked and in IE the layout is slightly different. I'm massively puzzled! The files are identical on my hosting to what I have locally. The URL is http://iamfriendly.com/ The CSS Files are visible at: http://iamfriendly.com/wp-content/themes/iamfriendly_comingsoon/css/screen.css and http://iamfriendly.com/wp-content/themes/iamfriendly_comingsoon/css/typography.css Any suggestions would be greatly appreciated! Richard

Read the article
Use Tomcat with Java SecurityManager?

- by pauline

I'm writing a web application that is supposed to run on Tomcat on Ubuntu. On Ubuntu, Tomcat is per default configured to run with the Java SecurityManager. Besides my own web application, there will only be some well known third party web applications related to my own, like the BIRT report engine. If one of the web applications fails or gets compromised, it may take down all the others without harm, because they all belong together. What I don't wont to happen is that a compromised web app compromises the system itself, like calling rm -r / Do I need to use the java security manager to achieve this? Or is it only necessary to protect one web app from the other? I'd really like to prevent the effort to create .policy files for all the 3rd party web applications I intend to use.

Read the article
What does IUrlHistoryStg::BindToObject Method do ?

- by BHOdevelopper

I'm looking for a way to access the address bar search so that i can append some personnal url at the end of the current list, and i found 'IUrlHistoryStg::BindToObject' but there is no documention linked to it. Anyone knows what this method does ? On msdn: http://msdn.microsoft.com/en-us/library/aa767718%28VS.85%29.aspx

Read the article
When do you trust the data / variables

- by Wizzard

We all know that all user data, GET/POST/Cookie etc etc needs to be validated for security. But when do you stop, once it's converted into a local variable? eg if (isValidxxx($_GET['foo']) == false) { throw InvalidArgumentException('Please enter a valid foo!'); } $foo = $_GET['foo']; fooProcessor($foo); function fooProcessor($foo) { if (isValidxxx($foo) == false) { throw Invalid...... } //other stuff } To me thats over the top. But what if you load the value from the database... I hope I make sense :)

Read the article
Check if there are any AJAX request alive

- by Thomas

I do a lot of AJAX Requests at the same time. I need to know when EVERY requests are over. How do I check that? Thank you!

Read the article
ASP.net site looks completely different on IE, Firefox, and Chrome; why?

- by DavidR

I'm doing css for a website. I send the html and css to a guy, he puts it into ASP.net. The problem is that the transfer didn't end well for my code and it needs some fixing. The problem is that when I look at it in Chrome, or Firefox, or IE8, I get three completely different renderings. I spent a good amount of time trying to fix a drop-down menu that is supposed to appear while hovering over a link. The one he had in place from ASP.net worked in IE, kinda worked in Firefox, and was completely broken in Chrome (I haven't tested Safari or Opera.) Just getting it to look basically the same in firefox and chrome was a struggle. The html source is showing me two completely different pages as well. Does anyone have experience with this? I know nothing of ASP.net, and it seems like the guy is modifying my layout with a wsyiwyg (I found tables used in random places, which I did not put there.) Faced with this, what is my best option? Is this fixable, or am I in over my head?

Read the article
CSS being ignored in IE & FFox but not Chrome

- by Grant

Hi, i am styling a navigation menu using the following css. I have found that it works perfectly in chrome but absolutely none of the css is beign applied in firefox or IE. Is there something obvious that i havent done or have done here? <style type="text/css"> #ddm { margin: 0; padding: 0; } #ddm li { float: left; list-style: none; font: 8pt Tahoma, Geneva, sans-serif; } #ddm li a { display: block; padding: 5px 12px; text-decoration: none; border-right: 1px solid white; width: 70px; white-space: nowrap; color:Red; border: none; } #ddm li a:hover { color:White; background-color:#444444; } #ddm li ul { margin: 0; padding: 0; position: absolute; visibility: hidden; } #ddm li ul li { float: none; display: inline } #ddm li ul li a { width: auto; } #ddm li ul li a:hover { } </style> <ul id="ddm"> <li> <ul> <li><a href="#">test 1</a></li> <li><a href="#">test 2</a></li> </ul> </li> </ul>

Read the article
Is php fileinfo sufficient to prevent upload of malicious files?

- by Scarface

Hey guys, I have searched around a bit, and have not really found a professional type response to how to have secure fileupload capability so I wanted to get the opinion of some of the experts on this site. I am currently allowing upload of mp3s and images, and while I am pretty confident in preventing xss and injection attacks on my site, I am not really familiar with fileupload security. I basically just use php fileinfo and check an array of accepted filetypes against the filetype. For images, there is the getimagesize function and some additional checks. As far as storing them, I just have a folder within my directory, because I want the users to be able to use the files. If anyone could give me some tips I would really appreciate it.

Read the article
Presentation Issue in an Unordered List

- by phreeskier

I'm having an issue with correctly presenting items in an unordered list. The labels are floating left and the related spans that are long in length are wrapping and showing below the label. I need a solution that keeps the related spans in their respective columns. In other words, I don't want long spans to show under the labels. What property can I take advantage of so that I get the desired layout in all of the popular browsers, including IE6? Thanks in advance for the help. My code is as follows: <ul> <li> <label>Name</label> <span><%= Html.Encode(Model.Name) %></span> </li> <li> <label>Entity</label> <span><%= Html.Encode(Model.Entity) %></span> </li> <li> <label>Phone</label> <span><%= Html.Encode(Model.Phone) %></span> </li> </ul> My CSS styling is as follows: ul { display:block; list-style-type:none; margin:0; padding:0; } ul li label { float:left; width:100px; }

Read the article
Changing the image of a scroll bar without flash.

- by user352527

How can i change the appearance (not the color) of a scrollbar within a box with overflow? I know how to do it in flash, I need a way to do it without it. In fact, I want to know how they did this slider in the apple web site: http://www.apple.com/mac/ It seems they used css along with javascript, but that's all I know. Is it possible that they did it using DOM, DHTML, HTML 5, Ruby or PHP? I have no idea. If you'd be kind enough to share the answer, I thank you in advance.

Read the article
Recommanded crossbrowser testing solution

- by Kaaviar

Hi, When developing for the web, one of the saddest issue might be crossbrowser testing. Is there a great solution for testing both on IE6, IE7, IE8, Chrome, Safari and Firefox ? I tried some web-based solutions but it's not really usable when working offline. Thx Boris

Read the article
How to make an Asp.net MVC 2 website have a Private Beta Mode.

- by Mark Kitz

I am creating an ASP.Net MVC website that I am launching soon in private beta. What I am using. ASP.NET MVC 2 ASP.NET Sql Membership Provider Authorization Attributes on ActionMethods. ex. [EditorsOnly] What I am trying to accomplish: During the private Beta period of my website, I want no anonymous users to access my site. Only Beta Testers of my site should be able to login and use my site as normal. After the private beta period people can access it using the security structure I already have set up. I am hoping I do not have to recompile but can have a setting in the webconfig to switch between Private Beta mode to Normal mode. Thanks for your suggestions.

Read the article
why is internet explorer displaying my javascript pagination backwards?

- by user278457

Here's a version of the code I'm using, stripped down to just the parts that aren't working. This is all written to generate some basic pagination with jQuery. In Chrome/Safari/Moz, I generate see spans, 1,2,3,4,...,etc When I look in IE7/8, I see etc,...,4,3,2,1 The string seems to be concatenating backwards!! This seems very strange to me, because there's not a whole lot going on in the code here, I can't figure out which bit could be causing problems. Obviously, the 1,2,3,4,...,etc is what I'm aiming for here, so as well as an explanation of why this is an issue, I'd love it if someone could offer a quick fix. myVar = { arr:$.makeArray($('.my_li')) }; var str; str=''; for (s in myVar.arr){ r=parseInt(s,10)+1; str+='<span class="my_class">'+r+'</span>'; } $('#my_other_div').html(str);

Read the article
how do redirect values to other page without click event in html. Below code is fine IE. But Not in

- by karthik

I have implemented paypal in my web page. Process is 'given inputs are redirect to other page(2 nd page) which have to get that input and redirect to paypal page(third page). Here we submit data on first page. value pass to second page(in this page user interaction not allowed) after pass to third page.It works fine in IE . But Not In Mozila.Send any Solution. Code sample(second page): <%string product = Request.QueryString["productName"].ToString();% <% string amount = Request.QueryString["price"].ToString(); % " " document.all.frmpaypal.submit(); Fine in IE, Not In Mozila

Read the article
Websphere exception handling

- by Benjamin

Hi all, From a security standpoint, what is the best solution to handle application errors with Websphere? I've been thinking of creating a class that is called every time an application error is generated, log the error and display a generic error message to the users. In PHP this can be achieved using the set_exception_handler() function. Is there something similar for websphere that could be configured in the web.xml? I've found codes like this on the internet: <error-page> <error-code>500</error-code> <location>/servlet/ExceptionHandlerServlet</location> </error-page> But that would only work with "500" HTTP error codes. I really want something generic that catches everything. Something like a class that implements a certain interface which can have access to all information about the error. Thanks for your time.

Read the article

< Previous Page | 233 234 235 236 237 238 239 240 241 242 243 244 | Next Page >