Search Results

Search found 43347 results on 1734 pages for 'php security'.

Page 26/1734 | < Previous Page | 22 23 24 25 26 27 28 29 30 31 32 33 | Next Page >

Spring security with GAE

- by xybrek

I'm trying to implement Spring security for my GAE application however I'm getting this error: No bean named 'springSecurityFilterChain' is defined I added this configuration on my application web.xml: <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> And in the servlet-context:  <security:http auto-config="true"> <security:intercept-url pattern="/**" access="ROLE_USER" /> </security:http> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider> <security:user-service> <security:user name="jimi" password="jimi" authorities="ROLE_USER, ROLE_ADMIN" /> <security:user name="bob" password="bob" authorities="ROLE_USER" /> </security:user-service> </security:authentication-provider> </security:authentication-manager> What could be causing the error?

Read the article
Could someone explain Spring Security BasePermission.Create?

- by Matthew Sowders

I am working on a project that involves Spring Security ACL and I came across the create permission BasePermission.CREATE. Would someone please explain how this is supposed to work or what it allows someone to do? It is my understanding that each object has an acl, and each acl has many ace's, and each ace has an sid and a permission. How can you grant permission on an object to create it, if it must be created in order to attach the acl to it?

Read the article
Can't work out security

- by user215351

I installed Ubuntu on puter I am the only user I alone use. I was trying a to find out how to repair hardware faults. Surprised to find I was not the owner and that there is a password that locks me out. I only set one password during set up so what is this mysterious password. As far as I'm concerned it is overdone on security, Im sick of authenticating every 3 seconds. I need a simpler system

Read the article
How to get PHP command line to work with PDO?

- by Sabya

I want to work with PDO, through PHP command line. It works perfect through the PHP web API, but not through the command line. But when I execute the command: php test.php, it says unknown class PDO. I think it has something to do with the thread-safety difference. Because, when I execute the above command, the following warnings come: - F:\shema\htdocs>php test.php PHP Warning: PHP Startup: soap: Unable to initialize module Module compiled with module API=20060613, debug=0, thread-safety=0 PHP compiled with module API=20060613, debug=0, thread-safety=1 These options need to match in Unknown on line 0 PHP Warning: PHP Startup: sockets: Unable to initialize module Module compiled with module API=20060613, debug=0, thread-safety=0 PHP compiled with module API=20060613, debug=0, thread-safety=1 These options need to match in Unknown on line 0 PHP Warning: PHP Startup: mysql: Unable to initialize module Module compiled with module API=20060613, debug=0, thread-safety=0 PHP compiled with module API=20060613, debug=0, thread-safety=1 These options need to match in Unknown on line 0 PHP Warning: PHP Startup: pdo_mysql: Unable to initialize module Module compiled with module API=20060613, debug=0, thread-safety=0 PHP compiled with module API=20060613, debug=0, thread-safety=1 These options need to match in Unknown on line 0 PHP Warning: PHP Startup: pdo_pgsql: Unable to initialize module Module compiled with module API=20060613, debug=0, thread-safety=0 PHP compiled with module API=20060613, debug=0, thread-safety=1 These options need to match in Unknown on line 0 PHP Fatal error: Class 'PDO' not found in F:\shema\htdocs\test.php on line 2 PHP version: 5.2.9-2, downloaded from here. OS: Windows Vista If the problem is with the modules, where do I get the thread safe modules for those modules?

Read the article
Worst security hole you've seen?

- by Si

Subject says it all, probably a good idea to keep details basic to protect the guilty. FWIW, here's a question about what to do if you find a security hole, and another with some useful answers if a company doesn't (seem to) respond.

Read the article
Security risks posed by specifying technologies used

- by SabreWolfy

I am developing online tools for non-commercial use, which are hosted on dedicated hardware. I would like to include logos indicating the technologies I used (Apache or Python for example), at the bottom of the page. What are the security risks/implications, if any, of "advertizing" this information? It is better not to reveal that the web server is Apache, and that I used Pyhton and jQuery, for example?

Read the article
Microsoft Blacklists Google, Windows 8 Integrated Security

According to researcher Brian Krebs, millions of surfers were affected by the error which was caused by two of Microsoft's antivirus solutions in the form of Microsoft Security Essentials and the business-related Microsoft Forefront. Both received updates as part of Microsoft's traditional Patch Tuesday on February 14, and those patches are believed to be the cause behind Google's incorrect blacklisting. The false positive alert specifically tagged the search site as being infected with the infamous Blackhole Exploit Kit, which reportedly gives cybercriminals the power to create their own bo...

Read the article
WordPress injection?

- by saul

I don't really know how to express my problem, so bear with me. This is a bit hard to explain. I have a Wordpress installation, the latest, and often (once a day) my site redirects users to the /wp-admin/install.php file. Asking for my login credentials of course. I have tried reinstalling WordPress and still have not been able to figure what they are doing. That happens regularly. Also, a few hours later, I am able to see my site normally. Hope this makes sense. I suspect there myst be some database DoS that allows them to inject a redirect of some sort into my admin area, thus redirecting the user to said directory (install.php). But that's just me. I really have no clue what else could they be doing. I looked at the source code from several php files and noted some of them don't include a ? tag. Could that be an issue? My hosting company is iPage, I've contacted them and they say there's nothing wrong with my files. Anyone have a clue? I can paste the code to any source file.

Read the article
.htaccess Redirect Loop, adding multiple .php extensions

- by Ryan Smith

I have sort of a small parent/teacher social network set up for my school. I use my .htaccess file to make the links to teacher profiles cleaner and to add a trailing slash to all urls. I get this problem when going to /teachers/teacher-name/ the link (sometimes) redirects to /teachers/teacher-name.php.php.php.php.php.php.php.php... Below is my .htaccess file. Sometimes if I clear my browser cache in Chrome it temporarily fixes it. I can't exactly wright .htaccess syntax, but I'm pretty familiar with it. Any suggestions are appreciated! RewriteEngine on RewriteBase / #remove php ext RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME}\.php -f RewriteRule ^([^/]+)/$ $1.php RewriteRule ^([^/]+)/([^/]+)/$ $1/$2.php #force trailing slash/ RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)([^/])$ /$1$2/ [L,R=301] #other rewrites RewriteRule ^teachers/([^/\.]+)/$ /teachers/profile.php?u=$1 RewriteRule ^teachers/([^/\.]+)/posts/$ /teachers/posts.php?u=$1 RewriteRule ^teachers/([^/\.]+)/posts/([^/\.]+)/$ /teachers/post.php?u=$1&p=$2 RewriteRule ^gallery/([^/\.]+)/$ /gallery/album.php?n=$1 RewriteRule ^gallery/([^/\.]+)/slideshow/$ /gallery/slideshow.php?n=$1 RewriteRule ^gallery/([^/\.]+)/([^/\.]+)/([^/\.]+)/$ /gallery/photo.php?a=$1&p=$2&e=$3 EDIT:I have attached a screenshot of exactly what I'm talking about.

Read the article
Why is this PHP loop rendering every row twice?

- by Christopher

I'm working on a real frankensite here not of my own design. There's a rudimentary CMS and one of the pages shows customer records from a MySQL DB. For some reason, it has no probs picking up the data from the DB - there's no duplicate records - but it renders each row twice. <?php $limit = 500; $area = 'customers_list'; $prc = 'customer_list.php'; if($_GET['page']) { include('inc/functions.php'); $page = $_GET['page']; } else { $page = 1; } $limitvalue = $page * $limit - ($limit); $customers_check = get_customers(); $customers = get_customers($limitvalue, $limit); $totalrows = count($customers_check); ?>  <table border="0" width="100%" cellpadding="0" cellspacing="0" style="float: left; margin-bottom: 20px;"> <tr> <td class="col_title" width="200">Name</td> <td></td> <td class="col_title" width="200">Town/City</td> <td></td> <td class="col_title">Telephone</td> <td></td> </tr> <?php for ($i = 0; $i < count($customers); $i++) { ?> <tr> <td colspan="2" class="cus_col_1"><a href="customer_details.php?id=<?php echo $customers[$i]['customer_id']; ?>"><?php echo $customers[$i]['surname'].', '.$customers[$i]['first_name']; ?></a></td> <td colspan="2" class="cus_col_2"><?php echo $customers[$i]['town']; ?></td> <td class="cus_col_1"><?php echo $customers[$i]['telephone']; ?></td> <td class="cus_col_2"> <a href="javascript: single_execute('prc/customers.prc.php?delete=yes&id=<?php echo $customers[$i]['customer_id']; ?>')" onClick="return confirmdel();" class="btn_maroon_small" style="margin: 0px; float: right; margin-right: 10px;"><div class="btn_maroon_small_left"> <div class="btn_maroon_small_right">Delete Account</div> </div></a> <a href="customer_edit.php?id=<?php echo $customers[$i]['customer_id']; ?>" class="btn_black" style="margin: 0px; float: right; margin-right: 10px;"><div class="btn_black_left"> <div class="btn_black_right">Edit Account</div> </div></a> <a href="mailto: <?php echo $customers[$i]['email']; ?>" class="btn_black" style="margin: 0px; float: right; margin-right: 10px;"><div class="btn_black_left"> <div class="btn_black_right">Email Customer</div> </div></a> </td> </tr> <tr><td class="col_divider" colspan="6"></td></tr> <?php }; ?> </table>    <div class="pagination_holder"> <?php if($page != 1) { $pageprev = $page-1; ?> <a href="javascript: change('<?php echo $area; ?>', '<?php echo $prc; ?>?page=<?php echo $pageprev; ?>');" class="pagination_left">Previous</a> <?php } else { ?> <div class="pagination_left, page_grey">Previous</div> <?php } ?> <div class="pagination_middle"> <?php $numofpages = $totalrows / $limit; for($i = 1; $i <= $numofpages; $i++) { if($i == $page) { ?> <div class="page_number_selected"><?php echo $i; ?></div> <?php } else { ?> <a href="javascript: change('<?php echo $area; ?>', '<?php echo $prc; ?>?page=<?php echo $i; ?>');" class="page_number"><?php echo $i; ?></a> <?php } } if(($totalrows % $limit) != 0) { if($i == $page) { ?> <div class="page_number_selected"><?php echo $i; ?></div> <?php } else { ?> <a href="javascript: change('<?php echo $area; ?>', '<?php echo $prc; ?>?page=<?php echo $i; ?>');" class="page_number"><?php echo $i; ?></a> <?php } } ?> </div> <?php if(($totalrows - ($limit * $page)) > 0) { $pagenext = $page+1; ?> <a href="javascript: change('<?php echo $area; ?>', '<?php echo $prc; ?>?page=<?php echo $pagenext; ?>');" class="pagination_right">Next</a> <?php } else { ?> <div class="pagination_right, page_grey">Next</div> <?php } ?> </div>    I'm not the world's best PHP expert but I think I can see an error in a for loop when there is one... But everything looks ok to me. You'll notice that the customer name is clickable; clicking takes you to another page where you can view their full info as held in the DB - and for both rows, the customer ID is identical, and manually checking the DB shows there's no duplicate entries. The code is definitely rendering each row twice, but for what reason I have no idea. All pointers / advice appreciated.

Read the article
can't load big files to server with php [closed]

- by yozhik

Hi all! I can't load big files to server. The problem is in that file $_FILES["filename"]["tmp_name"] is empty if file a little more bigger then 2mb. I tried to change variables in php.ini upload_max_filesize = 700M post_max_size = 16M but not working to. Also tried to add this variables to my .httaccess file - but 500 error appears. Error code while uploading=1. UPLOAD_ERR_INI_SIZE Value: 1; The uploaded file exceeds the upload_max_filesize directive in php.ini. Here is my uppload.php page, please anwer what I doing wrong? Thanx! <?php if(strlen($_FILES["filename"]["name"])) { $folder = "uploads/"; echo $folder; $error = ""; if($_FILES["filename"]["size"] > 1024*700*1024) { $error .= "<b><p class=ErrorMessage>?????? ????? ????????? 5Mb</p></b><br>"; header("Location: upload.php?error=".$error, true, 303 ); } if(!file_exists($folder.="hh/")) { if(!mkdir($folder, 0700)) $error .= "<b><p class=ErrorMessage>Folder not created</p></b><br>"; } //echo "<br>".$_FILES["filename"]["tmp_name"]."<br>"; echo $folder.$_FILES["filename"]["name"]."<br>"; echo $_FILES["filename"]["error"]."<br>"; if(move_uploaded_file($_FILES["filename"]["tmp_name"], $folder.$_FILES["filename"]["name"])) { echo("???? ??????? ???????? <br>"); echo("?????????????? ?????: <br>"); echo("??? ?????: "); echo($_FILES["filename"]["name"]); echo("<br>?????? ?????: "); echo($_FILES["filename"]["size"]); echo("<br>??????? ??? ????????: "); echo($folder.=$_FILES["filename"]["name"]); echo("<br>??? ?????: "); echo($_FILES["filename"]["type"]); } else { $error .= "<b><p class=ErrorMessage>?????? ???????? ?????</p></b><br>"; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>???????? ??? ????????</title> </head> <body> <?php if(isset($_REQUEST["error"])) { echo $_REQUEST["error"]; } ?> <h2><p><b> ????? ??? ???????? ?????? </b></p></h2> <form action="upload.php" method="post" enctype="multipart/form-data"> <input type="file" name="filename" READONLY><br> <input name="Upload" type="submit" value="Upload"><br> </form> </body> </html>

Read the article
Please Help - PHP Form, when no text is entered [migrated]

- by Joe Turner

I'm creating a mobile landing page and I have also created a form that allows me to create more, by duplicating a folder that's host to a template file. The script then takes you to a page where you input the company details one by one and press submit. Then the page is created. My problem is, when a field is left out (YouTube for instance), the button is created and is blank. I would like there to be a default text for when there is no text. I've tried a few things and have been struggling to make this work for DAYS! <?php $company = $_POST["company"]; $phone = $_POST["phone"]; $colour = $_POST["colour"]; $email = $_POST["email"]; $website = $_POST["website"]; $video = $_POST["video"]; ?> <div id="contact-area"> <form method="post" action="generate.php"><br> <input type="text" name="company" placeholder="Company Name" /><br> <input type="text" name="slogan" placeholder="Slogan" /><br> <input class="color {required:false}" name="colour" placeholder="Company Colour"><br> <input type="text" name="phone" placeholder="Phone Number" /><br> <input type="text" name="email" placeholder="Email Address" /><br> <input type="text" name="website" placeholder="Full Website - Include http://" /><br> <input type="text" name="video" placeholder="Video URL" /><br> <input type="submit" value="Generate QuickLinks" style="background:url(images/submit.png) repeat-x; color:#FFF"/> </form> That's the form. It takes the variables and post's them to the file below. <?php $File = "includes/details.php"; $Handle = fopen($File, 'w'); ?> <?php $File = "includes/details.php"; $Handle = fopen($File, 'w'); $Data = "<div id='logo'> <h1 style='color:#$_POST[colour]'>$_POST[company]</h1> <h2>$_POST[slogan]</h2> </div> <ul data-role='listview' data-inset='true' data-theme='b'> <li style='background-color:#$_POST[colour]'><a href='tel:$_POST[phone]'>Phone Us</a></li> <li style='background-color:#$_POST[colour]'><a href='mailto:$_POST[email]'>Email Us</a></li> <li style='background-color:#$_POST[colour]'><a href='$_POST[website]'>View Full Website</a></li> <li style='background-color:#$_POST[colour]'><a href='$_POST[video]'>Watch Us</a></li> </ul> \n"; fwrite($Handle, $Data); fclose($Handle); ?> and there is what the form turns into. I need there to be a default link put in incase the field is left blank, witch it is sometimes. Thanks in advance guys.

Read the article
Apache 2.4 + PHP-FPM + ProxyPassMatch

- by apfelbox

I recently installed Apache 2.4 on my local machine, together with PHP 5.4.8 using PHP-FPM. Everything went quite smoothly (after a while...) but there is still a strange error: I configured Apache for PHP-FPM like this: <VirtualHost *:80> ServerName localhost DocumentRoot "/Users/apfelbox/WebServer" ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/Users/apfelbox/WebServer/$1 </VirtualHost> It works, for example if I call http://localhost/info.php I get the correct phpinfo() (it is just a test file). If I call a directory however, I get a 404 with body File not found. and in the error log: [Tue Nov 20 21:27:25.191625 2012] [proxy_fcgi:error] [pid 28997] [client ::1:57204] AH01071: Got error 'Primary script unknown\n' Update I now tried doing the proxying with mod_rewrite: <VirtualHost *:80> ServerName localhost DocumentRoot "/Users/apfelbox/WebServer" RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/Users/apfelbox/WebServer/$1 [L,P] </VirtualHost> But the problem is: it is always redirecting, because on http://localhost/ automatically http://localhost/index.php is requested, because of DirectoryIndex index.php index.html Update 2 Ok, so I think "maybe check whether there is a file to give to the proxy first: <VirtualHost *:80> ServerName localhost DocumentRoot "/Users/apfelbox/WebServer" RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} -f RewriteRule ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/Users/apfelbox/WebServer/$1 [L,P] </VirtualHost> Now the complete rewriting does not work anymore... Update 3 Now I have this solution: ServerName localhost DocumentRoot "/Users/apfelbox/WebServer" RewriteEngine on RewriteCond /Users/apfelbox/WebServer/%{REQUEST_FILENAME} -f RewriteRule ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/Users/apfelbox/WebServer/$1 [L,P] First check, that there is a file to pass to PHP-FPM (with the full and absolute path) and then do the rewriting. This does not work when using URL rewriting inside a subdirectory, also it fails for URLs like http://localhost/index.php/test/ So back to square one. Any ideas?

Read the article
Apache2, FastCGI, PHP-FPM, APC on virtualmin panel with nginx front end reverse proxy

- by Ünsal Korkmaz

My dream setup: php 5.3.6 + mysql 5.5.10 on Apache2, FastCGI, PHP-FPM, APC with nginx 1.0 front end reverse proxy. And as free server management panel: Virtualmin GPL on centos 5.6 In a new centos 5.6 setup. Using this code for installing virtualmin: wget http://software.virtualmin.com/gpl/scripts/install.sh chmod +x install.sh ./install.sh After setup, i see php is 5.1 and mysql is 5.0 version. And system not supporting php-fpm but supporting fcgid wrapper. I did following changes: wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/x86_64/ius-release-1.0-6.ius.el5.noarch.rpm wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/x86_64/epel-release-1-1.ius.el5.noarch.rpm rpm -Uvh ius-release*.rpm epel-release*.rpm yum install yum-plugin-replace yum remove mysql.i386 yum replace mysql --replace-with mysql55 service mysqld restart chkconfig mysqld on mysql_upgrade --password=1234 yum replace php --replace-with php53u yum install php53u-fpm php53u-pecl-apc service httpd restart chkconfig php-fpm on service php-fpm start I am not sure why virtualmin installing both mysql.i386 and 64 bit version together but needed to remove one of them for using yum replace. So i had php 5.3.6 + mysql 5.5.10 with PHP-FPM, APC installed. But virtualmin not supporting PHP-FPM + fastcgi and its still running on fcgid. I am ultra newbie on server management so i couldnt find workaround after this. I want to switch fcgid wrapper to PHP-FPM + fastcgi at least for 1 virtual server. And if i can find a fix for this section, i want to setup nginx 1.0 as front end reverse proxy for serving static files and passing php files to apache. http://nginxcp.com/ is what i want but its for cpanel.

Read the article
Setting up Apache 2.2 + FastCGI + SuExec + PHP-FPM on Centos 6

- by mr1031011

I'm trying to follow this very detailed instruction here, I simply changed from www-data user to apache user, and is using /var/www/hosts/sitename/public_html instead of /home/user/public_html However, I spent the whole day trying to figure out why the php file content is displayed without being parsed correctly. I just cant's seem to figure this out. Below is my current config: /etc/httpd/conf.d/fastcgi.conf User apache Group apache LoadModule fastcgi_module modules/mod_fastcgi.so # dir for IPC socket files FastCgiIpcDir /var/run/mod_fastcgi # wrap all fastcgi script calls in suexec FastCgiWrapper On # global FastCgiConfig can be overridden by FastCgiServer options in vhost config FastCgiConfig -idle-timeout 20 -maxClassProcesses 1 # sample PHP config # see /usr/share/doc/mod_fastcgi-2.4.6 for php-wrapper script # don't forget to disable mod_php in /etc/httpd/conf.d/php.conf! # # to enable privilege separation, add a "SuexecUserGroup" directive # and chown the php-wrapper script and parent directory accordingly # see also http://www.brandonturner.net/blog/2009/07/fastcgi_with_php_opcode_cache/ # FastCgiServer /var/www/www-data/php5-fcgi #AddType application/x-httpd-php .php AddHandler php-fcgi .php Action php-fcgi /fcgi-bin/php5-fcgi Alias /fcgi-bin/ /var/www/www-data/ #FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /tmp/php5-fpm.sock -pass-header Authorization #DirectoryIndex index.php # <Location /fcgi-bin/> # Order Deny,Allow # Deny from All # Allow from env=REDIRECT_STATUS SetHandler fcgid-script Options +ExecCGI </Location> /etc/httpd/conf.d/vhost.conf <VirtualHost> DirectoryIndex index.php index.html index.shtml index.cgi SuexecUserGroup www.mysite.com mygroup Alias /fcgi-bin/ /var/www/www-data/www.mysite.com/ DocumentRoot /var/www/hosts/mysite.com/w/w/w/www/ <Directory /var/www/hosts/mysite.com/w/w/w/www/> Options -Indexes FollowSymLinks AllowOverride None Order allow,deny allow from all </Directory> </VirtualHost> PS: 1. Also, with PHP5.5, do I even need FPM or is it already included? 2. I'm using mod_fastcgi, not sure if this is the problem and it I should switch to mod_fcgid? There seems to be conflicting records on the internet considering which one is better. I have many virtual hosts running on the machine and hope to be able to provide each user with their own opcache

Read the article
PHP files are downloaded, not executed in UserDir on Apache

- by Fabian

We're running a webserver using Debian 6.0.3 with Apache 2, we recently upgraded from Debian 5 to 6. Since then php scripts in the user directories (using mod_userdir) have stopped working, they are downloaded instead of being executed. There is also a website using php outside of the user directories, and that one continues to work fine, so PHP seems to generally work on the server. I tested it with several PHP files, among the a simple phpinfo file that works fine on the main site, but is just downloaded when copying it to one of the user directories. The php files and the directory containing them are executable for everyone. The option in the Apache php5.conf that by default disables PHP in the user directories, is commented out, so the php5.ini looks like this: <IfModule mod_php5.c> <FilesMatch "\.ph(p3?|tml)$"> SetHandler application/x-httpd-php </FilesMatch> <FilesMatch "\.phps$"> SetHandler application/x-httpd-php-source </FilesMatch> # To re-enable php in user directories comment the following lines # (from <IfModule ...> to </IfModule>.) Do NOT set it to On as it # prevents .htaccess files from disabling it. #<IfModule mod_userdir.c> # <Directory /home/*/public_html> # php_admin_value engine Off # </Directory> #</IfModule> </IfModule> We restarted Apache after changing this. I'm running out of ideas now what the problem could be, and I don't know how I could really determine which problem is preventing those php files from being executed. Any ideas on how I can solve this? Update: Strangely, PHP seems to work fine in subfolders of user directories, so if I copy a PHP file from /home/user/public_html/ to /home/user/public_html/test/ it suddenly works.

Read the article
any security tips for my first server? (complete beginner)

- by Haroldo

I'm paying for a VPS and hoping to launch my first website on it in the next few days. I'm worried there might be some glaringly obvious security holes in the standard setup, so I'm keen to get some tips About the only thing i know is turn off error reporting in PHP and create users/privilages for MySQL... any more stuff along those lines? I'm using: cpanel and WHM centos 5 php mysql google apps as mail server (so maybe i should disable built in mailer server somehow?!!) This is my first post of Server Fault (i use stack overflow alot), I hope i'm posting this in the right place, with the right tags - please feel free to edit if i'm wrong. Thanks guys!

Read the article
Managing User & Role Security with Oracle SQL Developer

- by thatjeffsmith

With the advent of SQL Developer v3.0, users have had access to some powerful database administration features. Version 3.1 introduced more powerful features such as an interface to Data Pump and RMAN. Today I want to talk about some very simple but frequently ran tasks that SQL Developer can assist with, like: identifying privs granted to users managing role privs assigning new roles and privs to users & roles Before getting started, you’ll need a connection to the database with the proper privileges. The common ROLE used to accomplish this is the ‘DBA‘ role. Curious as to what the DBA role is actually comprised of? Let’s find out! Open the DBA Console First make sure you’re connected to the database you want to manage security on with a privileged administrator account. Then open the View menu and select ‘DBA.’ Accessing the DBA panel ‘Create’ a Connection Click on the green ‘+’ button in the DBA panel. It will ask you to choose a previously defined SQL Developer connection. Defining a DBA connection in Oracle SQL Developer Once connected you will see a tree list of DBA features you can start interacting with. Expand the ‘Security’ Tree Node As you click on an object in the DBA panel, the ‘viewer’ will open on the right-hand-side, just like you are accustomed to seeing when clicking on a table or stored procedure. Accessing the DBA role If I’m a newly hired Oracle DBA, the first thing I might want to do is become very familiar with the DBA role. People will be asking you to grant them this role or a subset of its privileges. Once you see what the role can do, you will become VERY protective of it. My favorite 3-letter 4-letter word is ‘ANY’ and the DBA role is littered with privileges like this: ANY TABLE privs granted to DBA role So if this doesn’t freak you out, then maybe you should re-consider your career path. Or in other words, don’t be granting this role to ANYONE you don’t completely trust to take care of your database. If I’m just assigned a new database to manage, the first thing I might want to look at is just WHO has been assigned the DBA role. SQL Developer makes this easy to ascertain, just click on the ‘User Grantees’ panel. Who has the keys to your car? Making Changes to Roles and Users If you mouse-right-click on a user in the Tree, you can do individual tasks like grant a sys priv or expire an account. But, you can also use the ‘Edit User’ dialog to do a lot of work in one pass. As you click through options in these dialogs, it will build the ‘ALTER USER’ script in the SQL panel, which can then be executed or copied to the worksheet or to your .SQL file to be ran at your discretion. A Few Clicks vs a Lot of Typing These dialogs won’t make you a DBA, but if you’re pressed for time and you’re already in SQL Developer, they can sure help you make up for lost time in just a few clicks!

Read the article
PHP SOAP Transfering Files

- by blackmage

Hey, I am new to SOAP and I am trying to learn how to transfer files (.zip files) between a client and server using PHP and SOAP. Currently I have a set up that looks something like this: enter code here require('libraries/nusoap/nusoap.php'); $server = new nusoap_server; $server-configureWSDL('server', 'urn:server'); $server-wsdl-schemaTargetNamespace = 'urn:server'; $server-register('sendFile', array('value' = 'xsd:string'), array('return' = 'xsd:string'), 'urn:server', 'urn:server#sendFile'); But I am unsure on what the return type should be if not a string? I am thinking of using a base64_encode but I am not sure how to. Any advice would be greatly appreciated.

Read the article
php security help

- by Oliver Bayes-Shelton

Hi, I believe that some one is running shell commands to my server via my site, Could any one offer any help on how the user could be doing this ? also how could I stop this?

Read the article
Database independent row level security solution

- by Filip

Hi, does anybody knows about Java/C# database independent authorization library. This library should support read, write, delete, insert actions across company organizational structure. Something like this: - user can see all documents - user can enter new document assigned to his unit - user can change all documents assigned to his unit and all subordinate units. - user can delete documents that are assigned to him I should also be able to create custom actions (besides read, write,...) connect them to certain class and assign that "security token" to user (e.g. document.expire). If there aren't any either free or commercial libraries, is there a book that could be useful in implementing this functionality? Thanks.

Read the article
Jersey, Apache HTTPD, and javax.annotation.security usage

- by Nick Klauer

So I'm having a heck of a time trying to piece together what I think is a pretty simple implementation. This is very similar to another StackOverflow question only I can't leverage Tomcat to handle role based authentication. I have an Apache httpd server in front of my app that handles authentication and then passes LDAP roles to a Jersey service through Headers. I've created a servlet filter to parse the header and tease out the roles the request came from, which works fine globally to the app, but isn't fine-grained enough to dictate what an Admin could do that a User could not. I'm thinking I could use the javax.annotation.security annotations that JAX-RS supports, but I don't know how to take what I've parsed out using a servlet filter to set or instantiate the SecurityContext necessary for the roles @RolesAllowed.

Read the article
Quick question about PayPal IPN Security

- by Alix Axel

PayPal IPN sends a POST request with a variable number of fields to the notify URL, in order to confirm that the POST request is legit we need to resubmit the same request along with a additional cmd=_notify-validate field to PayPal, which then replies SUCCESS or FAILURE. My question is, why do we need to resend the request to PayPal? Wouldn't something like this work? if (preg_match('~^(?:.+[.])?paypal[.]com$~i', gethostbyaddr($_SERVER['REQUEST_ADDR'])) > 0) { // request came from PayPal, it's legit. } Iff we can trust the server to correctly resolve IPs, I assume we can trust PayPal POST requests, no?

Read the article
Using PHP script to fill in XML

- by Yaaqov

Hi - we are all familiar with "embedding" PHP scripts in HTML pages to do tasks like displaying form results, but how can that be done in a way that displays XML? For example, if I wrote: <? xml version='1.0' ?> <Responses> <?php $body = $_GET['Body']; $fromPh = $_GET['From']; echo echo "<Msg>Your number is: $fromPh, and you typed: $body.</Msg>" ?> </Response> I get a message that states "parse error, unexpected T_STRING on line 1". Any help or tutorials would be appreciated.

Read the article
Uploading PDF or .doc and security

- by Kamo

I have a script that lets the user upload text files (PDF or doc) to the server, then the plan is to convert them to raw text. But until the file is converted, it's in its raw format, which makes me worried about viruses and all kinds of nasty things. Any ideas what I need to do to minimize the risk of these unknown files. How to check if it's clean, or if it's even the format it claims to be and that it does not crash the server.

Read the article

< Previous Page | 22 23 24 25 26 27 28 29 30 31 32 33 | Next Page >