Search Results

Search found 29513 results on 1181 pages for 'microsoft security essent'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 247/1181 | < Previous Page | 243 244 245 246 247 248 249 250 251 252 253 254  | Next Page >

  • How do I find Microsoft APIs?

    - by Stephen
    I'm a java programmer, and if I see something that: I don't know about or just want to find a method description without opening an ide or am on support I type java [classname] into google, and there it is. If I try this crazy stunt for C# I'll come up with a whole heap of tutorials (how do I use it etc). If I manage to get to MSDN, I have to wade through a page describing every .net technology to see how their syntax references the same object, and then I have to find the appropriate page from there ([class name] Constructor) for example. This is even more pronounced, because I don't have Visual Studio, so I've got nothing to make it easier. There must be something I'm missing or don't know... how does this situation work for Microsoft developers? how can I make my life easier/searches better? are there techniques that work no matter what computer I'm on (e.g. require no computer setup/downloads) Notes It could be thought that java is just "java", but it's just that the java apis are only referenced/defined in the core language. For all the other languages on the JVM, it's assumed that you will just learn the correct syntax to use the java apis. I presume that .Net only lists a whole heap of languages as the api classes are actually different and have different interfaces capabilities (or some approximation of this presumption). Edit While searching msdn works... in the java space I can type 'java [anyclass]' and it will generally be found... whether it's a java core api or a third party library

    Read the article

  • What's the difference between the 'DES' class and The 'DESCryptoServiceProvider' class?

    - by IbrarMumtaz
    All I can make out is that one of them is the BC for all 'DES' algorithms to be derived from and the later is a wrapper for the Cryptographic service provider implementation of the DES algorithm. The reason why I ask is that I am going over .Net Security and the MS official training book simply refers to the DES class but the another official MS book refers to the DESCrypto' class. What's the difference between these two? When would you use either of them? What do I need to know as far as the 70-536 exam is concerned. I am asking my question from an educational P.O.V as far as the 70-536 exam is concerned. Thanks In Advance. Ibrar

    Read the article

  • Django with custom authentication backends, is Csrf middleware really required ?

    - by Hellnar
    Hello, Under Django 1.1.1, I am using several authentication backends such as social-registration for facebook connect and django-emailauth for email based authentication instead of user names. I am curious if the Csrf middleware is an essential security measure as it seems like it sometimes generates problems, especially with facebook connect. My project is rather simple. Each user have a profile which they can fill and a purchase page where they fill the payment for to do purchases. Either of these pages are protected via @login_required.

    Read the article

  • piece of php code for prevent hacking.

    - by artmania
    Hi friends, I have a php file at my site, and I connect to db, get some records and list them in same file. mysql_connect("localhost", "blabla", "blabla") or die(mysql_error()); mysql_select_db("blabla") or die(mysql_error()); $blabla1 = mysql_query("SELECT * FROM gallery WHERE id_cat=1"); $blabla2 = mysql_query("SELECT * FROM gallery WHERE id_cat=2"); $blabla3 = mysql_query("SELECT * FROM gallery WHERE id_cat=3"); So, is there anything I need to do for security? :/ like sql-injection or anything else. there is nothing going to url. it is just www.blabla.com/gallery.php appreciate advises!!! thanks a lot!

    Read the article

  • Use DLL and have it be as trusted as my own application is

    - by Binary255
    Hi, I am using a port of GNU GetOpts, to be specific I am using the one at: http://getopt.codeplex.com I have added the DLL as a reference. But when I run my application I receive an exception: System.IO.FileLoadException was unhandled Message="Could not load file or assembly 'Gnu.Getopt, Version=0.9.1.24287, Culture=neutral, PublicKeyToken=d014b4ccdc53511a' or one of its dependencies. Failed to grant permission to execute. (Exception from HRESULT: 0x80131418)" If it is possible I would like my application to say, "trust this DLL as much as you trust me". Is there a way to do that so I won't have to fiddle with security settings? And if there is not. What is the cleanest way to get the DLL working?

    Read the article

  • How can I monitor if a cookie is being sent to a domain other than the one it originated from?

    - by Brendan Salt
    I am trying to write a program that will verify that all cookies sent out from the machine are in fact going to the domain they came from. This is part of a larger security project to detect cookie based malicious attacks (such as XSS). The main snag for this project is actually detecting the out-going cookies. Can someone point me in the right direction for monitoring out-going HTTP traffic for cookie information? Other information about the project: This is a windows application written in C and numerous scripting languages. Thanks so much for the help.

    Read the article

  • IIS reveals internal IP address in content-location field - fix

    - by saille
    Referring: http://support.microsoft.com/kb/q218180/, there is a known issue in IIS4/5/6 whereby it will reveal the internal IP of a web server in the content-location field of the HTTP header. We have IIS 6. I have tried the fix suggested, but it has not worked. The website is configured to send all requests to ASP.NET, and I am wondering if this is why the fix, which addresses IIS configuration, has not worked for us. If this is the case, how would we fix this in ASP.NET? We need to fix this issue in order to pass a security audit.

    Read the article

  • Is there any benefit to encrypting twice using pgp?

    - by ojblass
    I am asking from a "more secure" perspective. I can imagine a scenario with two required private keys needed for decryption scenarios that may make this an attractive model. This is to settle an argument. My vote is that it is not adding any additional security other than having to compromise two different private keys. I think that if it was any more secure than encrypting it one million times would be the best way to secure informaiton and I don't buy it. So I guess my question becomes is a two locking mechanism equivalent to another one locking mechanism with a single key? Update: Forgive me if the answer is obvious but my bread goes dead as I read books on the topic.

    Read the article

  • Why Shouldn't I Programmatically Submit Username/Password to Facebook/Twitter/Amazon/etc?

    - by viatropos
    I wish there was a central, fully customizable, open source, universal login system that allowed you to login and manage all of your online accounts (maybe there is?)... I just found RPXNow today after starting to build a Sinatra app to login to Google, Facebook, Twitter, Amazon, OpenID, and EventBrite, and it looks like it might save some time. But I keep wondering, not being an authentication guru, why couldn't I just have a sleek login page saying "Enter username and password, and check your login service", and then in the background either scrape the login page from say EventBrite and programmatically submit the form with Mechanize, or use an API if there was one? It would be so much cleaner and such a better user experience if they didn't have to go through popups and redirects and they could use any previously existing accounts. My question is: What are the reasons why I shouldn't do something like that? I don't know much about the serious details of cookies/sessions/security, so if you could be descriptive or point me to some helpful links that would be awesome. Thanks!

    Read the article

  • Are there cross-platform tools to write XSS attacks directly to the database?

    - by Joachim Sauer
    I've recently found this blog entry on a tool that writes XSS attacks directly to the database. It looks like a terribly good way to scan an application for weaknesses in my applications. I've tried to run it on Mono, since my development platform is Linux. Unfortunately it crashes with a System.ArgumentNullException deep inside Microsoft.Practices.EnterpriseLibrary and I seem to be unable to find sufficient information about the software (it seems to be a single-shot project, with no homepage and no further development). Is anyone aware of a similar tool? Preferably it should be: cross-platform (Java, Python, .NET/Mono, even cross-platform C is ok) open source (I really like being able to audit my security tools) able to talk to a wide range of DB products (the big ones are most important: MySQL, Oracle, SQL Server, ...)

    Read the article

  • Detecting if a browser is using Private Browsing mode

    - by Steve
    I'm building an extranet for a company paranoid about security. They want to make sure that (among other things) their users are browsing the site with the Private Browsing mode switched on in their web browser so that no cookies or history is kept. I found only this http://jeremiahgrossman.blogspot.com/2009/03/detecting-private-browsing-mode.html and http://serverfault.com/questions/18966/force-safari-to-operate-in-private-mode-and-detect-that-state-from-a-webserver The ideal solution would use no or minimal javascript. Would attempting to set a unique cookie work for all browsers and platforms? Anyone done this before? thanks!

    Read the article

  • Prevent Method call without Exception using @PreAuthorize Annotation

    - by Chepech
    Hi all. We are using Spring Security 3. We have a custom implementation of PermissionEvaluator that has this complex algorithm to grant or deny access at method level on the application. To do that we add a @PreAuthorize annotation to the method we want to protect (obviously). Everything is fine on that. However the behavior that we are looking for is that if a hasPermission call is denied, the protected method call only needs to be skipped, instead we are getting a 403 error each time that happens. Any ideas how to prevent that? You can find a different explanation of the problem here; AccessDeniedException handling during methodSecurityInterception

    Read the article

  • Use Tomcat with Java SecurityManager?

    - by pauline
    I'm writing a web application that is supposed to run on Tomcat on Ubuntu. On Ubuntu, Tomcat is per default configured to run with the Java SecurityManager. Besides my own web application, there will only be some well known third party web applications related to my own, like the BIRT report engine. If one of the web applications fails or gets compromised, it may take down all the others without harm, because they all belong together. What I don't wont to happen is that a compromised web app compromises the system itself, like calling rm -r / Do I need to use the java security manager to achieve this? Or is it only necessary to protect one web app from the other? I'd really like to prevent the effort to create .policy files for all the 3rd party web applications I intend to use.

    Read the article

  • 64-bit Alternative for Microsoft Jet

    - by David Robison
    Microsoft has chosen to not release a 64-bit version of Jet, their database driver for Access. Does anyone know of a good alternative? Here are the specific features that Jet supports that I need: Multiple users can connect to database over a network. Users can use Windows Explorer to copy the database while it is open without risking corruption. Access currently does this with enough reliability for what my customers need. Works well in C++ without requiring .Net. Alternatives I've considered that I do not think could work (though my understanding could be incorrect): SQLite: If multiple users connect to the database over a network, it will become corrupted. Firebird: Copying a database that is in use can corrupt the original database. SQL Server: Files in use are locked and cannot be copied. VistaDB: This appears to be .Net specific. Compile in 32-bit and use WOW64: There is another dependency that requires us to compile in 64-bit, even though we don't use any 64-bit functionality.

    Read the article

  • What is the sense of permiting the user to use no passwords longer than xx chars?

    - by reox
    Its more like a usability question or maybe database, or even maybe security (consider injection attacks) but what is the sense of permiting the user's password to a be not longer than xx chars? It does not make any sense to me, because longer passwords are mostly considered better and even harder to crack, and some users use password safes, so the password length should not matter. I understand that passwords with more than 20 chars are hardly to remember, but if you use diceware or password safe you dont have any problem with that. I really cant understand why there are sites that say "your password need to be between 5 and 8 chars"... also should the password saved as hash, so the length of the field in the database is fixed, so where is the problem? i think that most of the sites where the password is has to be a fixed length are not even using any hashing method...

    Read the article

  • When do you trust the data / variables

    - by Wizzard
    We all know that all user data, GET/POST/Cookie etc etc needs to be validated for security. But when do you stop, once it's converted into a local variable? eg if (isValidxxx($_GET['foo']) == false) { throw InvalidArgumentException('Please enter a valid foo!'); } $foo = $_GET['foo']; fooProcessor($foo); function fooProcessor($foo) { if (isValidxxx($foo) == false) { throw Invalid...... } //other stuff } To me thats over the top. But what if you load the value from the database... I hope I make sense :)

    Read the article

  • How to make an Asp.net MVC 2 website have a Private Beta Mode.

    - by Mark Kitz
    I am creating an ASP.Net MVC website that I am launching soon in private beta. What I am using. ASP.NET MVC 2 ASP.NET Sql Membership Provider Authorization Attributes on ActionMethods. ex. [EditorsOnly] What I am trying to accomplish: During the private Beta period of my website, I want no anonymous users to access my site. Only Beta Testers of my site should be able to login and use my site as normal. After the private beta period people can access it using the security structure I already have set up. I am hoping I do not have to recompile but can have a setting in the webconfig to switch between Private Beta mode to Normal mode. Thanks for your suggestions.

    Read the article

  • Is php fileinfo sufficient to prevent upload of malicious files?

    - by Scarface
    Hey guys, I have searched around a bit, and have not really found a professional type response to how to have secure fileupload capability so I wanted to get the opinion of some of the experts on this site. I am currently allowing upload of mp3s and images, and while I am pretty confident in preventing xss and injection attacks on my site, I am not really familiar with fileupload security. I basically just use php fileinfo and check an array of accepted filetypes against the filetype. For images, there is the getimagesize function and some additional checks. As far as storing them, I just have a folder within my directory, because I want the users to be able to use the files. If anyone could give me some tips I would really appreciate it.

    Read the article

  • Update or Insert Row depending on whether row is present in Microsoft SQL Server 2005

    - by Srikanth
    Hi, I am passing a XML document as a input to a stored procedure in Microsoft SQL Server 2005. This is the sample XML being passed as input <Strategy StrategyID="0" TOStrategyID="8" ShutdownQtySell="1" ShutdownQtyBuy="1"> <ParameterRange ParameterSetID="6" ParameterRangeID="1" ParameterRangeFrom="0" ParameterRangeTo="20" ParameterAutoTakeOut="False"> </ParameterRange> <ParameterRange ParameterSetID="6" ParameterRangeID="4" ParameterRangeFrom="21" ParameterRangeTo="40" ParameterAutoTakeOut="False"> </ParameterRange> <ParameterRange ParameterSetID="6" ParameterRangeID="5" ParameterRangeFrom="41" ParameterRangeTo="60" ParameterAutoTakeOut="False"> </ParameterRange> <ParameterRange ParameterSetID="6" ParameterRangeID="6" ParameterRangeFrom="61" ParameterRangeTo="80" ParameterAutoTakeOut="False"> </ParameterRange> <ParameterRange ParameterSetID="6" ParameterRangeID="7" ParameterRangeFrom="81" ParameterRangeTo="100" ParameterAutoTakeOut="False"> </ParameterRange> </Strategy> I am able to retrieve the data using OpenXML functionality in SQL server I am using this to get the data corresponding to ParameterRange rows SELECT ParameterRangeID as iRangeID, ParameterSetID as iSetID, ParameterRangeFrom as fRangeFrom, ParameterRangeTo as fRangeTo, ParameterAutoTakeOut as bTakeoutEnabled FROM OPENXML(@idoc, '/Strategy/ParameterRange', 1) WITH (ParameterSetID int,ParameterRangeID int,ParameterRangeFrom float,ParameterRangeTo float,ParameterAutoTakeOut bit) Now, I need to insert/update these rows into a table TempRanges which has (iRangeID,iSetID) as the primary key. If there is a row with the primary key, I want to update it the latest values and If there is no row with that primary key, I need to insert into the table. How can I accomplish this inside the Stored Procedure ? Thanks, Sri

    Read the article

  • Websphere exception handling

    - by Benjamin
    Hi all, From a security standpoint, what is the best solution to handle application errors with Websphere? I've been thinking of creating a class that is called every time an application error is generated, log the error and display a generic error message to the users. In PHP this can be achieved using the set_exception_handler() function. Is there something similar for websphere that could be configured in the web.xml? I've found codes like this on the internet: <error-page> <error-code>500</error-code> <location>/servlet/ExceptionHandlerServlet</location> </error-page> But that would only work with "500" HTTP error codes. I really want something generic that catches everything. Something like a class that implements a certain interface which can have access to all information about the error. Thanks for your time.

    Read the article

  • Secure database connection. DAL .net architecture best practice

    - by Andrew Florko
    We have several applications that are installed in several departments that interact with database via Intranet. Users tend to use weak passwords or store login/password written on a shits of paper where everybody can see them. I'm worried about login/password leakage & want to minimize consequences. Minimizing database-server attack surface by hiding database-server from Intranet access would be a great idea also. I'm thinking about intermediary data access service method-based security. It seems more flexible than table-based or connection-based database-server one. This approach also allows to hide database-server from public Intranet. What kind of .net technologies and best practices would you suggest? Thank in you in advance!

    Read the article

  • session is lost after successful login?

    - by sword101
    greetings all um using spring security 3.0.2,all the application pages are secured to see them you must be authenticated um using https protocol i have a strange problem that after successful login and got to the requested page when try to open any link to other pages in the application the session is invalidated or lost or what happened i don't know and the user become anonymous,and redirected to the login page and i got this from debugging: No HttpSession currently exists No SecurityContext was available from the HttpSession: null. A new one will be created. after reviewing the coe many times,nothing in the code is invalidating the session,any ideas why something like this might happen?

    Read the article

  • Detect IE setting: check for newer versions of stored pages "never"

    - by xx
    I understand there isn't a way to interrogate a users IE settings directly due to security reasons, but is there a way to derive this answer with some other mechanism? I would like to stop a user from using my site if the setting "Check for newer versions of stored pages" is set to "Never". Any suggestions? Is there a way I could test for this using javascript? An example of what I am trying to accomplish is this: While it is not possible to check IE settings to see if you are running a popup blocker, that is a way to "test" for a popup blocker via javascript. I am looking for something similiar but for the cache setting, not the popup blocker.

    Read the article

  • Microsoft Security Removal Tool détecte et éradique Renocide grâce à une mise à jour, le ver serait la quatrième plus grandes menaces actuelles

    Microsoft Security Removal Tool détecte et éradique Renocide Avec une mise à jour, le ver serait la quatrième plus grandes menaces actuelles Microsoft met en garde les utilisateurs de Windows contre le malware Win32/Renocide. Win32/Renocide est une famille de vers qui se propagent via les disques amovibles, les stockages locaux et les réseaux en utilisant les applications de partage de fichiers. Une fois installé, le malware crée des clones de lui-même en utilisant des noms de fichiers différents. Il est qualifié de ver « backdoor » (portes dérobées) et permet à un pirate distant d'exécuter des commandes sur le poste infecté pour télécharger d'autres programmes malveillants. Renoci...

    Read the article

  • Sanitizing CSS in Rails

    - by Erik
    Hello! I want to allow the users of a web app that I'm building to write their own CSS in order to customize their profile page. However I am aware of this opening up for many security risks, i e background: url('javascript:alert("Got your cookies! " + document.cookies'). Hence I am looking for a solution to sanitize the CSS while still allowing as much CSS functionality as possible for my users. So my questions if anyone anyone knows of a gem or a plugin to handles this? I've googled my brains out already so any tips would be really appreciated!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 243 244 245 246 247 248 249 250 251 252 253 254  | Next Page >