Search Results

Search found 52277 results on 2092 pages for 'web security'.

Page 27/2092 | < Previous Page | 23 24 25 26 27 28 29 30 31 32 33 34  | Next Page >

  • ActiveX Content in a local web page, and "the mark of the web"

    - by Daniel Magliola
    Hi, I'm trying to make a webpage that people will run from their hard drives, locally, and this page will show a .wmv video (which is also stored locally), using Windows Media Player When I run this, IE shows me the "ActiveX Warning" bar at the top, which is what i'm trying to work around. If I load this from a web server, it loads fine, but from the local disk, it won't. Now, apparently, MS has added the Mark of the Web thingy precisely to work around this problem, however, I've been trying for a while to make it work, and it just didn't. I still get the warning bar. Is the Mark of the Web supposed to still work? Or this is some kind of deprecated thing? Am I doing anything wrong? I'm supposedly following all instructions, it looks like: and I've tried placing it before DOCTYPE, between DOCTYPE and <HTML>, right after <HTML>, in the <HEAD> of the document, etc. Nothing seems to work. I've tried this in IE7 and IE8 Any ideas will be GREATLY appreciated. Thanks!!

    Read the article

  • Choosing a Java Web Framework now?

    - by hbagchi
    we are in the planning stage of migrating a large website which is built on a custom developed mvc framework to a java based web framework which provides built-in support for ajax, rich media content, mashup, templates based layout, validation, maximum html/java code separation. Grails looked like a good choice, however, we do not want to use a scripting language. We want to continue using java. Template based layout is a primary concern as we intend to use this web application with multiple web sites with similar functionality but radically different look and feel. Is portal based solution a good fit to this problem? Any insights on using "Spring Roo" or "Play" will be very helpful. I did find similar posts like this, but it is more than a year old. Things have surely changed in the mean time! EDIT 1: Thanks for the great answers! This site is turning to be the best single source for in-the-trenches programmer info. However, I was expecting more info on using a portal-cms duo. Jahia looks goods. Anything similar?

    Read the article

  • Web Hosting URL Length Limit?

    - by Isaac Waller
    Hello, I am designing a web application which is a tie in to my iPhone application. It sends massively large URLs to the web server (15000 about.) I was using NearlyFreeSpeech.net, but they only support URLS up to 2000 characters. I was wondering if anybody knows of web hosting that will support really large URLs? Thanks, Isaac Edit: My program needs to open a picture in Safari. I could do this 2 ways: send it base64 encoded in the URL and just echo the query parameters. first POST it to the server in my application, then the server would send back a unique ID after storing the photo in a database, which I would append to a URL which I would open in Safari which retrieved the photo from the database and delete it from the database. You see, I am lazy, and I know Mobile Safari can support URI's up to 80 000 characters, so I think this is a OK way to do it. If there is something really wrong with this, please tell me. Edit: I ended up doing it the proper POST way. Thanks.

    Read the article

  • Windows Azure Use Case: Web Applications

    - by BuckWoody
    This is one in a series of posts on when and where to use a distributed architecture design in your organization's computing needs. You can find the main post here: http://blogs.msdn.com/b/buckwoody/archive/2011/01/18/windows-azure-and-sql-azure-use-cases.aspx  Description: Many applications have a requirement to be located outside of the organization’s internal infrastructure control. For instance, the company website for a brick-and-mortar retail company may want to post not only static but interactive content to be available to their external customers, and not want the customers to have access inside the organization’s firewall. There are also cases of pure web applications used for a great many of the internal functions of the business. This allows for remote workers, shared customer/employee workloads and data and other advantages. Some firms choose to host these web servers internally, others choose to contract out the infrastructure to an “ASP” (Application Service Provider) or an Infrastructure as a Service (IaaS) company. In any case, the design of these applications often resembles the following: In this design, a server (or perhaps more than one) hosts the presentation function (http or https) access to the application, and this same system may hold the computational aspects of the program. Authorization and Access is controlled programmatically, or is more open if this is a customer-facing application. Storage is either placed on the same or other servers, hosted within an RDBMS or NoSQL database, or a combination of the options, all coded into the application. High-Availability within this scenario is often the responsibility of the architects of the application, and by purchasing more hosting resources which must be built, licensed and configured, and manually added as demand requires, although some IaaS providers have a partially automatic method to add nodes for scale-out, if the architecture of the application supports it. Disaster Recovery is the responsibility of the system architect as well. Implementation: In a Windows Azure Platform as a Service (PaaS) environment, many of these architectural considerations are designed into the system. The Azure “Fabric” (not to be confused with the Azure implementation of Application Fabric - more on that in a moment) is designed to provide scalability. Compute resources can be added and removed programmatically based on any number of factors. Balancers at the request-level of the Fabric automatically route http and https requests. The fabric also provides High-Availability for storage and other components. Disaster recovery is a shared responsibility between the facilities (which have the ability to restore in case of catastrophic failure) and your code, which should build in recovery. In a Windows Azure-based web application, you have the ability to separate out the various functions and components. Presentation can be coded for multiple platforms like smart phones, tablets and PC’s, while the computation can be a single entity shared between them. This makes the applications more resilient and more object-oriented, and lends itself to a SOA or Distributed Computing architecture. It is true that you could code up a similar set of functionality in a traditional web-farm, but the difference here is that the components are built into the very design of the architecture. The API’s and DLL’s you call in a Windows Azure code base contains components as first-class citizens. For instance, if you need storage, it is simply called within the application as an object.  Computation has multiple options and the ability to scale linearly. You also gain another component that you would either have to write or bolt-in to a typical web-farm: the Application Fabric. This Windows Azure component provides communication between applications or even to on-premise systems. It provides authorization in either person-based or claims-based perspectives. SQL Azure provides relational storage as another option, and can also be used or accessed from on-premise systems. It should be noted that you can use all or some of these components individually. Resources: Design Strategies for Scalable Active Server Applications - http://msdn.microsoft.com/en-us/library/ms972349.aspx  Physical Tiers and Deployment  - http://msdn.microsoft.com/en-us/library/ee658120.aspx

    Read the article

  • Is there a modern tutorial for setting up SSL on apache2?

    - by John Baber
    I've been running apache2 for ages on my ubuntu server without SSL. Now that I want to have some directories delivered by SSL, I can't find any straightforward tutorials that were written recently. The best I've found is http://vanemery.com/Linux/Apache/apache-SSL.html but it tells me to put stuff in /etc/httpd/conf I don't want to guess that that should translate to /etc/apache2/conf because guessing based on old tutorials has ruined my web serving before.

    Read the article

  • What is the difference between safety and security?

    - by Lernkurve
    Question What is the difference between safety and security in the context of information management or computer science? Elaboration This could be the canonical answer for people searching for it. Let me know if superuser.com is the wrong site for this question. I have, of course, googled it and haven't found an answer that seemed short and to the point. Wikipedia wasn't very helpful either: safety, information security.

    Read the article

  • Automatically Applying Security Updates for AWS Elastic Beanstalk

    - by Eric Anderson
    I've been a fan of Heroku since it's earliest days. But I like the fact that AWS Elastic Beanstalk gives you more control over the characteristics of the instances. One thing I love about Heroku is the fact that I can deploy an app and not worry about managing it. I am assuming Heroku is ensuring all OS security updates are timely applied. I just need to make sure my app is secure. My initial research on Beanstalk shows that although it builds and configures the instances for you, after that it moves to a more manual management process. Security updates won't automatically be applied to the instances. It seems there are two areas of concerns: New AMI releases - As new AMI releases hit it seems we would want to run the latest (presumably most secure). But my research seems to indicate you need to manually launch a new setup to see the latest AMI version and then create a new environment to use that new version. Is there a better automated way of rotating your instances into new AMI releases? In between releases there will be security updates released for packages. Seems we want to upgrade those as well. My research seems to indicate people install commands to occasionally run a yum update. But since new instances are created/destroyed based on usage it seems that the new instances would not always have the updates (i.e. the time between the instance creation and the first yum update). So occasionally you will have instances that aren't patched. And you are also going to have instances constantly patching themselves until the new AMI release is applied. My other concern is that perhaps these security updates haven't gone through Amazon's own review (like the AMI releases do) and it might break my app to automatically update them. I know Dreamhost once had a 12 hour outage because they were applying debian updates completely automatically without any review. I want to make sure the same thing doesn't happen to me. So my question is does Amazon provide a way to offer fully managed PaaS like Heroku? Or is AWS Elastic Beanstalk really more of just a install script and after that you are on your own (other than the monitoring and deployment tools they provide)?

    Read the article

  • Security update in command line on Ubuntu

    - by Luc
    Hello, I can find anything on google that could help me to use aptitude to only install security update using command line on Ubuntu. I tried this: https://help.ubuntu.com/community/AutomaticSecurityUpdates but it installed everything and not only the security updates !!!! Thanks a lot for your help, Luc

    Read the article

  • Use SECEDIT to export "Security Options" from one computer and import on another

    - by Andy Arismendi
    Can I use secedit.exe to export out the "Security Options" from the local security policy and then import them on another machine? I'm trying to do this on Windows Server 2008. Update I just tried with: secedit /export /db C:\andy.db /cfg C:\andy.inf /areas SECURITYPOLICY /log C:\andy.log But it didn't work with error: Warning 2: The system cannot find the file specified. Error opening C:\andy.db. Where do I get the DB file from?

    Read the article

  • Microsoft Security Essentials howto auto download definition updates

    - by chris.nullptr
    I use Microsoft Security Essentials as my antivirus on my Win7 box. New virus definitions to Security Essentials are installed using Windows Update. However, the updates are marked as optional by default, as opposed to important which means that they don't get installed automatically. I have to select the updates from the list of optional updates and install them manually. Is there a way to change this behavior so that new definitions are marked as important and installed automatically?

    Read the article

  • Windows security unknown accounts: security breach?

    - by Keikoku
    I was uploading some images I had just created to imgur earlier today and noticed that chrome couldn't access my Pictures folder. Windows tells me access was denied. Firefox didn't have an issue though I went to it through windows explorer and it worked fine, and looked at the security tab under properties and noticed that there were four unknown accounts, one of which has full control privileges. I looked at my other folders in the same drive and none of them had these unknown accounts. It was only that specific Pictures folder, and all of its subfolders. What are these unknown accounts and what could it mean? Should I be worried that someone may have compromised the system (well, I should probably be worried about that all the time I guess) I read on microsoft support forums that it may be the result of a previously deleted account, but there has only been one account on this computer for months and no user account management has been performed for awhile.

    Read the article

  • Microsoft Security Essentials Not Monitoring

    - by nateify
    When I boot into Windows Vista, Microsoft Security Essentials is set to run when the system starts. When I open the program, it says Microsoft Security Essentials isn't monitoring your computer because the program's service stopped. It tells me that it can't update definitions or enable real time protection unless I do it manually (every time I boot). Is there a way I can fix this so I always have real time protection and updating?

    Read the article

  • Downloading Microsoft Security Essentials via https

    - by Marcel
    I want to download Microsoft Security Essentials on my brand new Windows 7 home PC. The official site presented to me is http://windows.microsoft.com/de-CH/windows/products/security-essentials, as I am located in Switzerland. The link to the actual package then is http://go.microsoft.com/fwlink/?LinkID=231276 Obviously, the download is not secured with https. Why? Would this not be the first thing Microsoft should do? They could deliver the certificate already with the OS to make it really secure...

    Read the article

  • Is free security software as good as paid security software?

    - by Tester101
    I mostly use free security solutions to protect my home PC, but I wonder if I would get better protection from a paid solution. I prefer the free software, since I can have multiple applications protecting against different threats. With paid software I feel like I have to choose just one, and hope it can protect against everything. Is it worth it to pay for security when there are free options?

    Read the article

  • Security Newsletter November Edition is Out

    - by Tanu Sood
    The November edition of the Security Inside Out Newsletter is now out. This month’s newsletter captures the highlights from Oracle OpenWorld. The conference registration broken all the past records and so did all Security related events and activities at OpenWorld. From Security keynotes, conference sessions, hands-on-labs, product demonstrations to the very successful Executive Edge @ Openworld: Chief Security Officer Summit. The main feature discuses the key topics and trends compiled from across all the Security related sessions. The newsletter also features an interview with Amit Jasuja, Senior Vice President, Security and Identity Management at Oracle. Amit discusses the key trends in the industry and how these have helped shape innovation in the latest release of Oracle Identity Management solution set. If you are looking at cloud, social and mobile and are concerned about security, you don’t want to miss this feature. As always, the newsletter captures both recent and upcoming Security and Identity Management events, conferences, training, news and more. So, if you haven’t done so, we recommend you subscribe to the Security Inside Out Newsletter today. We’d love to hear from you. Let us know some topics you’d like to see covered in the upcoming editions. Or just let us know how we are doing. We look forward to hearing from you.

    Read the article

  • Help with 2-part question on ASP.NET MVC and Custom Security Design

    - by JustAProgrammer
    I'm using ASP.NET MVC and I am trying to separate a lot of my logic. Eventually, this application will be pretty big. It's basically a SaaS app that I need to allow for different kinds of clients to access. I have a two part question; the first deals with my general design and the second deals with how to utilize in ASP.NET MVC Primarily, there will initially be an ASP.NET MVC "client" front-end and there will be a set of web-services for third parties to interact with (perhaps mobile, etc). I realize I could have the ASP.NET MVC app interact just through the Web Service but I think that is unnecessary overhead. So, I am creating an API that will essentially be a DLL that the Web App and the Web Services will utilize. The API consists of the main set of business logic and Data Transfer Objects, etc. (So, this includes methods like CreateCustomer, EditProduct, etc for example) Also, my permissions requirements are a little complicated. I can't really use a straight Roles system as I need to have some fine-grained permissions (but all permissions are positive rights). So, I don't think I can really use the ASP.NET Roles/Membership system or if I can it seems like I'd be doing more work than rolling my own. I've used Membership before and for this one I think I'd rather roll my own. Both the Web App and Web Services will need to keep security as a concern. So, my design is kind of like this: Each method in the API will need to verify the security of the caller In the Web App, each "page" ("action" in MVC speak) will also check the user's permissions (So, don't present the user with the "Add Customer" button if the user does not have that right but also whenever the API receives AddCustomer(), check the security too) I think the Web Service really needs the checking in the DLL because it may not always be used in some kind of pre-authenticated context (like using Session/Cookies in a Web App); also having the security checks in the API means I don't really HAVE TO check it in other places if I'm on a mobile (say iPhone) and don't want to do all kinds of checking on the client However, in the Web App I think there will be some duplication of work since the Web App checks the user's security before presenting the user with options, which is ok, but I was thinking of a way to avoid this duplication by allowing the Web App to tell the API not check the security; while the Web Service would always want security to be verified Is this a good method? If not, what's better? If so, what's a good way of implementing this. I was thinking of doing this: In the API, I would have two functions for each action: // Here, "Credential" objects are just something I made up public void AddCustomer(string customerName, Credential credential , bool checkSecurity) { if(checkSecurity) { if(Has_Rights_To_Add_Customer(credential)) // made up for clarity { AddCustomer(customerName); } else // throw an exception or somehow present an error } else AddCustomer(customerName); } public void AddCustomer(string customerName) { // actual logic to add the customer into the DB or whatever // Would it be good for this method to verify that the caller is the Web App // through some method? } So, is this a good design or should I do something differently? My next question is that clearly it doesn't seem like I can really use [Authorize ...] for determining if a user has the permissions to do something. In fact, one action might depend on a variety of permissions and the View might hide or show certain options depending on the permission. What's the best way to do this? Should I have some kind of PermissionSet object that the user carries around throughout the Web App in Session or whatever and the MVC Action method would check if that user can use that Action and then the View will have some ViewData or whatever where it checks the various permissions to do Hide/Show?

    Read the article

  • Why do enterprise app programmers get higher salaries than web programmers

    - by jpartogi
    I am an enterprise app programmer, mainly using Java, but now I want to move into web programming and build websites that are visited by millions of users. But what is surprising to me is that the salary level is so much different. A Java programmer seems to get a higher salary than a web programmer. Why is this so? Is it perceived that Java/enterprise applications are more difficult, thus the programmers get a higher salary?

    Read the article

  • The SSL Bindings Issue–Web Pro Week 6 of 52

    - by OWScott
    We have a chicken before the egg issue with HTTPS bindings.  This video—week 6 of a 52 week series for the web administrator—covers why HTTPS bindings don’t support host headers the same as HTTP bindings do.  In this video I show the issue and use Wireshark to see it in action. If you haven’t seen the other weeks, you can find past and future videos on the Web Pro Series landing page. The SSL Bindings Issue

    Read the article

  • Framed Office Web Apps SharePoint 2010

    - by webbes
    Unfortunately the X-Frame header, that is added by the Office Web Apps service, prevents Internet Explorer to render office documents in an I-Frame! To solve this we've create a very simple HttpModule that checks for the header and changes the value from "DENY" to "SAMEORIGIN". This post simply shows the code for such a module that enables previewing of documents with Office Web Apps inside an I-Frame....(read more)

    Read the article

  • SQL Server Express and VS2010 Web Application .MDF file errors

    - by nannette
    I installed SQL Server 2008 as well as SQL Server Express 2008 on my new Windows 7 development environment, along with Visual Studio 2010. I could get SQL Server 2008 to work fine, but I could not use Express .MDF databases within sample web application projects without receiving the below error: Failed to generate a user instance of SQL Server due to a failure in starting the process for the user instance. The connection will be closed. For instance, I was creating an ASP.NET Web Application. When...(read more)

    Read the article

< Previous Page | 23 24 25 26 27 28 29 30 31 32 33 34  | Next Page >