Search Results

Search found 4187 results on 168 pages for 'secure erase'.

Page 28/168 | < Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35  | Next Page >

  • Can I read Captcha data from JavaScript in a secure way ?

    - by Space Cracker
    We use Captcha control in a registration form that we make full client validation for all fields in JavaScript ( JQuery ) beside server validation .. I tried a lot of ways but all will write the Captcha value in JavaScript that can be accessed by anyone :( I search if is there any way that allow me validate Captcha value in client side using JQuery in secure way or it can't be done ?

    Read the article

  • What is the most secure encryption mode for Android?

    - by jax
    Currently I am using: Algorithm_mode_padding="RSA/ECB/PKCS1Padding" Provider="BC" I have heard that ECB can cause patterns in the output. What is the most secure Algorithm, mode and padding for Android at the moment? I will be using this for license files. Also, what is the best keysize to use when creating a new public and private key?

    Read the article

  • Easy way to determine what content is not delivered using a secure HTTPS connection?

    - by John
    I have some pages that are sent via HTTPS. Internet Explorer sometimes complains about "This webpage contains content that will not be delivered using a secure HTTPS". I looked in the html source to confirm all content calls (href, src, etc...) are sent via https. My CSS files use relative paths. But I'm still getting these warnings. Is there an easy way to track down which items are not sent via HTTPS?

    Read the article

  • Apache 2 Symbolic link not allowed or link target not accessible

    - by djechelon
    While the title of this question matches an already asked question, in my case I already set Options +FollowSymLinks. The setup is the following: my hosting setup includes htdocs/ directory that is the default document root for HTTP websites and htdocs-secure that is for HTTPS. They are meant for sites that need a different HTTPS version. In case both share the same files I create a link from htdocs-secure to htdocs by ln -s htdocs htdocs-secure but here comes the problem! Log still says Symbolic link not allowed or link target not accessible: /path/to/htdocs-secure Vhost fragment Header always set Strict-Transport-Security "max-age=500" DocumentRoot /path/to/htdocs-secure <Directory "/path/to/htdocs-secure"> allow from all Options +FollowSymLinks </Directory> I think it's a correct setup. The HTTP version of the site is accessible, so it doesn't look like a permission problem. How to fix this? [Add] other info: I use MPM-itk and I set AssignUserId to the owner/group of both the directories

    Read the article

  • Webcast Tomorrow: Securing the Cloud for Public Sector

    - by Darin Pendergraft
    Securing the Cloud for Public Sector Click here, to register for the live webcast. Cloud computing offers government organizations tremendous potential to enhance public value by helping organizations increase operational efficiency and improve service delivery. However, as organizations pursue cloud adoption to achieve the anticipated benefits a common set of questions have surfaced. “Is the cloud secure? Are all clouds equal with respect to security and compliance? Is our data safe in the cloud?” Join us December 12th for a webcast as part of the “Secure Government Training Series” to get answers to your pressing cloud security questions and learn how to best secure your cloud environments. You will learn about a comprehensive set of security tools designed to protect every layer of an organization’s cloud architecture, from application to disk, while ensuring high levels of compliance, risk avoidance, and lower costs. Discover how to control and monitor access, secure sensitive data, and address regulatory compliance across cloud environments by: providing strong authentication, data encryption, and (privileged) user access control to ensure that information is only accessible to those who need it mitigating threats across your databases and applications protecting applications and information – no matter where it is – at rest, in use and in transit For more information, access the Secure Government Resource Center or to speak with an Oracle representative, please call1.800.ORACLE1. LIVE Webcast Securing the Cloud for Public Sector Date: Wednesday, December 12, 2012 Time: 2:00 p.m. ET Visit the Secure Government Resource CenterClick here for information on enterprise security solutions that help government safeguard information, resources and networks. ACCESS NOW Copyright © 2012, Oracle. All rights reserved. Contact Us | Legal Notices | Privacy Statement

    Read the article

  • Connecting to wireless networks from command line

    - by Balaji
    I need to write a shell script which connects to one of the two available wi-fi connections. One is a un secure connection and the other is secure connection. My question has 2 parts- 1.How to connect to the un-secure (un-encrypted and no password required) connection from command line (or by executing a shell script) when I'm connected to the secure connection? I followed the steps in http://www.ubuntugeek.com/how-to-troubleshoot-wireless-network-connection-in-ubuntu.html for in-secure connection. I put all the commands in a script and executed it (I made sure that interface name and essid are correct) - sudo dhclient -r wlan0 - sudo ifconfig wlan0 up - sudo iwconfig wlan0 essid "UAPublic" - sudo iwconfig wlan0 mode Managed - sudo dhclient wlan0 But nothing happens - I'm not disconnected from the current network and connected to the new one 2.When I want to connect to the secure wi-fi network, I understand from http://askubuntu.com/a/138476/70665 that I need to use wpa_supplicant. But I enter a lot of details in the interface when I connect via UI security : wpa and wpa2 enterprise Authentication : PEAP CA certificate : Equifax... PEAP version : automatic inner authentication : MSCHAPv2 username : password : How to use wpa_supplicant to mention all these details in the command line? The conf file network={ ssid="ssid_name" psk="password" } doesn't work for me.

    Read the article

  • The request was aborted: Could not create SSL/TLS secure channel.

    - by Simon
    We are enabled to connect to an https server using WebRequest because of this error message : The request was aborted: Could not create SSL/TLS secure channel. We know that the server aint got a valid https certificate with the path used (and we're not even sure if its fully release yet... ) but to bypass this issue, we use the following code that we've taken somewhere here in another post. [...] { ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(AllwaysGoodCertificate); } private static bool AllwaysGoodCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors policyErrors) { return true; } There problem is that server just never valide the certificate and fail we the error ... Anyone have any idea of what should I do? Thank and sorry for my english ... I'm from Quebec and usualy talk french!

    Read the article

  • Is it fair for us to conclude XOR string encryption is less secure than well known encryption (Say Blowfish)

    - by Yan Cheng CHEOK
    I was wondering, is it fair to conclude, XOR string encryption is less secure than other encryption method, say Blowfish This is because for both methods, their input are Unencrypted string A secret key string XOR(string value,string key) { string retval(value); short unsigned int klen=key.length(); short unsigned int vlen=value.length(); short unsigned int k=0; short unsigned int v=0; for(v;v<vlen;v++) { retval[v]=value[v]^key[k]; k=(++k<klen?k:0); } return retval; } Is there any proof that XOR encryption method is more easy to be "broken" than Blowfish if the same key is being chosen?

    Read the article

  • How do you: Symfony functional test on a secure app?

    - by Dan Tudor
    Im trying to perform some function tests in symfony 1.4. My application is secure so the tests return 401 response codes not 200 as expected. I've tried creating a context and authentication the user prior to performing the test but to no avail. Any suggestions? Do I need to pass sfContext to the sfTestFunctional? Thanks include(dirname(FILE).'/../../bootstrap/functional.php'); $configuration = ProjectConfiguration::getApplicationConfiguration('backend', 'test', true); $context = sfContext::createInstance($configuration); new sfDatabaseManager($configuration); $loader = new sfPropelData(); $loader-loadData(sfConfig::get('sf_test_dir').'/fixtures'); // load test data $user = sfGuardUserPeer::retrieveByUsername('test'); $context-getUser()-signin($user); $browser = new sfTestFunctional(new sfBrowser()); $browser- get('/')- with('request')-begin()- isParameter('module', 'video')- isParameter('action', 'index')- end()- with('response')-begin()- isStatusCode(200)- //checkElement('body', '!/This is a temporary page/')- end() ;

    Read the article

  • How do I get secure AuthSub session tokens in PHP ?

    - by robertdd
    I am using the Google/YouTube APIs to develop web application which needs access to a users YouTube account. Normal unsecure requests work fine and I can upgrade one time tokens to session tokens without any hassle. The problem comes when I try and upgrade a secure token to a session token, I get: ERROR - Token upgrade for CIzF3546351vmq_P____834654G failed : Token upgrade failed. Reason: Invalid AuthSub header. Error 401 i use this: function updateAuthSubToken($singleUseToken) { try { $client = new Zend_Gdata_HttpClient(); $client->setAuthSubPrivateKeyFile('/home/www/key.pem', null, true); $sessionToken = Zend_Gdata_AuthSub::AuthSubRevokeToken($sessionToken, $client); $client->setAuthSubToken($sessionToken); } catch (Zend_Gdata_App_Exception $e) { print 'ERROR - Token upgrade for ' . $singleUseToken . ' failed : ' . $e->getMessage(); return; } $_SESSION['sessionToken'] = $sessionToken; generateUrlInformation(); header('Location: ' . $_SESSION['homeUrl']); }

    Read the article

  • What language or application should be used in developing website to make it secure and make it toug

    - by niladri
    I am planning to get my website development outsourced to a third party developer. Need your help in deciding on how/ what technology to be used to make it very secure. Since I am not a techie I need the website developed in a way, so that it is easy for me to maintain it and modify content easily if required. The main purpose of the website is to provide company information about services offered and then also to exchange documents and other file using FTP server. Will be sending out surevey and newletters sometime Looking for your advice to guide me to the right direction

    Read the article

  • How to generate a cryptographically secure Double between 0 and 1?

    - by Portman
    I know how to generate a random number between 0 and 1 using the NextDouble method of the pseudo-random number generator. var rng1 = new System.Random(); var random1 = rng1.NextDouble(); // generates a random double between 0 and 1.0 And I know how to fill a random byte array using the cryptographically secure random number generator. Byte[] bytes = new Byte[8]; var rng2 = new System.Security.Cryptography.RNGCryptoServiceProvider(); rng2.GetBytes(bytes); // generates 8 random bytes But how can I convert the byte-array output of RNGCryptoServiceProvider into a random number between 0 (inclusive) and 1 (exclusive)?

    Read the article

  • is this a secure approach in ActiveRecords in Rails?

    - by Adnan
    Hello, I am using the following for my customers to unsubscribe from my mailing list; def index @user = User.find_by_salt(params[:subscribe_code]) if @user.nil? flash[:notice] = "the link is not valid...." render :action => 'index' else Notification.delete_all(:user_id => @user.id) flash[:notice] = "you have been unsubscribed....." redirect_to :controller => 'home' end end my link looks like; http://site.com/unsubscribe/32hj5h2j33j3h333 so the above compares the random string to a field in my user table and accordingly deletes data from the notification table. My question; is this approach secure? is there a better/more efficient way for doing this? All suggestions are welcome.

    Read the article

  • Architecture of a secure application that encrypts data in the database.

    - by Przemyslaw Rózycki
    I need to design an application that protects some data in a database against root attack. It means, that even if the aggressor takes control over the machine where data is stored or machine with the application server, he can't read some business critical data from the database. This is a customer's requirement. I'm going to encrypt data with some assymetric algorithm and I need some good ideas, where to store private keys, so that data is secure as well as the application usability was quite comfortable? We can assume, for simplicity, that only one key pair is used.

    Read the article

  • How do I secure a folder used to let users upload files?

    - by Eduardo Molteni
    I have a folder in my web server used for the users to upload photos using an ASP page. Is it safe enough to give IUSR write permissions to the folder? Must I secure something else? I am afraid of hackers bypassing the ASP page and uploading content directly to the folder. I'm using ASP classic and IIS6 on Windows 2003 Server. The upload is through HTTP, not FTP. Edit: Changing the question for clarity and changing my answers as comments.

    Read the article

  • How do I secure password parameters in RESTful web service URIs?

    - by adam
    i'm a newbie to server-side programming, so please forgive me if this gets messy. i've been contracted to create a web service to allow authenticated users to access a database. users have to enter a login and password. been reading and reading about REST vs SOAP, and i thought i'd settled on a RESTful design when i came across this statement: "Data that needs to be secure should not be sent as parameters in URIs." this seems like a major demerit against a RESTful approach. i'm aware that with https the password would be encrypted to prevent man-in-the-middle interception, but that leaves the server logs and client history as possible exposure points. is there a RESTful solution out there for this problem, or do i need to go SOAPy? any advice appreciated.

    Read the article

  • Secure xml messages being read from database into app.

    - by scope-creep
    I have an app that reads xml from a database using NHibernate Dal. The dal calls stored procedures to read and encapsulate the data from the schema into an xml message, wrap it up to a message and enqueue it on an internal queue for processing. I would to secure the channel from the database reads to the dequeue action. What would be the best way to do it. I was thinking of signing the xml using System.Security.Cryptography.Xml namespace, but is their any other techniques or approaches I need to know about? Any help would be appreciated. Bob.

    Read the article

  • Post data with jQuery to ASP.net, am I doing this secure enough?

    - by Wim Haanstra
    For a website I am building, I am using jQuery to post data to Generic Handlers I created for this purpose. Because you need to be logged in, to do most post actions (like 'rate a picture'), I am currently using the following technique: User visits page Page determines if user is logged in On Page_Load the page fills a hidden field with an encrypted string, which contains several needed variables, like User ID, Picture ID (of the picture they are currently viewing), the DateTime when the page was rendered. When the user clicks a "I like this picture"-button, I do a $.ajax post to my Generic Handler, with the encrypted string and the value whether or not they liked the picture. The Generic Handler decrypts the supplied encrypted string and takes a look at the DateTime to determine if it was not too long ago When everything works out, the vote is submitted to the database. In my understanding this is a pretty secure way to handle a situation like this. But maybe I am missing a very important point here. Any advice would be very welcome.

    Read the article

  • Is there an easy way to add a secure file upload form (username, password, select file) to a website

    - by user346602
    Hi, I am very new to website design. Have an architect who wants his clients to enable his clients to upload (ftp - but don't know if http could be a better alternative?) files (plans etc.) to him, through the website I'm designing for him. I have seen similar things available on printers websites... I have seen uploadify, but it requires flash (I can only code HTML, CSS and a tiny bit of PHP), and don't think it is a secure option. I have also seen net2ftp, but don't really understand how it works. Any direction would be sincerely appreciated.

    Read the article

  • Python - Why ever use SHA1 when SHA512 is more secure?

    - by orokusaki
    I don't mean for this to be a debate, but I'm trying to understand the technical rationale behind why so many apps use SHA1, when SHA512 is more secure. Perhaps it's simply for backwards compatibility. Besides the obvious larger size (128 chars vs 40), or slight speed differences, is there any other reason why folks use the former? Also, SHA-1 I believe was first cracked by a VCR's processor years ago. Has anyone cracked 512 yet (perhaps with a leaf blower), or is it still safe to use without salting?

    Read the article

  • require user to login in at login screen before giving access to iPhone app that accesses secure web

    - by MikeN
    On iPhone, how do I show a login screen to get username and password before giving access to iPhone app? Also, does the iPhone store a cookie to the secure website like a web browser? I was thinking of giving users to my website a long API key to store in the settings of their iPhone instead of asking them to login with a username/password (seems to be the Slicehost iPhone app approach.) Which is the best way to get a user to login securely? I have full control over the design of the iPhone app and website so have a lot of flexibility.

    Read the article

  • Correcting an UPDATE statement (and making it more secure!)

    - by Jess
    I'm trying to a single value in my DB...When I run it through the console, it works correctly (as I'm replacing the variables with numbers and text).. However, My query is not running correctly. It's just prompting a syntax error Here is what I have: "UPDATE books SET readstatus='".$readstatus."' WHERE book_id=".$book_id; This won't work, I also tried doing something like this as I'm told this makes it a bit more secure? : "UPDATE books SET readstatus='{$readstatus}', WHERE read_id='{read_id}'"; This does not prompt any errors, but no change is happeneing to the value in the DB, I'm guessing the syntax is incorrect.

    Read the article

< Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35  | Next Page >