Search Results

Search found 30819 results on 1233 pages for 'software security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 297/1233 | < Previous Page | 293 294 295 296 297 298 299 300 301 302 303 304  | Next Page >

  • Accepting bank account information in a form

    - by jeffthink
    What security concerns are there when accepting a user's bank account information (account number and routing number) via a form on a page that is using SSL, and posting it back to the server where I then curl off a HTTPS request to send that information to an ACH service like First ACH or ACH Direct via their API? We wouldn't be saving the bank account information in our database. I know another option is to use Paypal's Mass Pay API, but they think it's unprofessional (at least for their business) to require customers to have a paypal account to get paid. Thoughts?

    Read the article

  • php Form to Email sanitizing

    - by Jacob
    Hi, im using the following to send a contact us type form, iv looked into security and only found that you need to protect the From: bit of the mail function, as ive hardcoded this does that mean the script is spamproof / un-hijackable $tenantname = $_POST['tenan']; $tenancyaddress = $_POST['tenancy']; $alternativename = $_POST['alternativ //and a few more //then striptags on each variable $to = "[email protected]"; $subject = "hardcoded subject here"; $message = "$tenantname etc rest of posted data"; $from = "[email protected]"; $headers = "From: $from"; mail($to,$subject,$message,$headers);

    Read the article

  • Why is JavaScript not used for classical application development (compiled software)?

    - by Jose Faeti
    During my years of web development with JavaScript, I come to the conclusion that it's an incredible powerful language, and you can do amazing things with it. It offers a rich set of features, like: Dynamic typing First-class functions Nested functions Closures Functions as methods Functions as Object constructors Prototype-based Objects-based (almost everything is an object) Regex Array and Object literals It seems to me that almost everything can be achieved with this kind of language, you can also emulate OO programming, since it provides great freedom and many different coding styles. With more software-oriented custom functionalities (I/O, FileSystem, Input devices, etc.) I think it will be great to develop applications with. Though, as far as I know, it's only used in web development or in existing softwares as a scripting language only. Only recently, maybe thanks to the V8 Engine, it's been used more for other kind of tasks (see node.js for example). Why until now it's only be relegated only to web development? What is keeping it away from software development?

    Read the article

  • How do I tell which account is trying to access an ASP.NET web service?

    - by Andrew Lewis
    I'm getting a 401 (access denied) calling a method on an internal web service. I'm calling it from an ASP.NET page on our company intranet. I've checked all the configuration and it should be using integrated security with an account that has access to that service, but I'm trying to figure out how to confirm which account it's connecting under. Unfortunately I can't debug the code on the production network. In our dev environment everything is working fine. I know there has to be a difference in the settings, but I'm at a loss with where to start. Any recommendations?

    Read the article

  • What steps should be taken to make sure your software is usable by disabled people?

    - by Cromulent
    I want to make sure a piece of software I am writing is usable by people with various disabilities such as blindness and an inability to use a mouse and / or keyboard. Unfortunately I have no experience with things such as screen readers or other methods that disabled people use to make using a computer easier / possible. I've never really had much experience with disabilities at all and unfortunately I don't know any disabled people who I can ask. I was wondering what other people do to make sure that their software is available to a wide range of people with varying abilities? This seems to be a subject matter that is often ignored by developers and I think it is a real shame.

    Read the article

  • Reason to use more cookies than just a session hash for authentication?

    - by dierre
    I usually hang out in a community using vBulletin as its bulletin board. I was looking at what this software saves as cookie in my browser. As you can see it saves 6 cookies. Amongst them, what I consider to be important for authentification are: ngivbsessionhash: hash of the current session ngivbpassword: hash of the password ngivbuserid: user's id Those are my assumptions of course. I don't know for sure if ngilastactivity and ngilastvisit are used for the same reason. My question is: why use all these cookie for authentication? My guess would be that maybe generating a session hash would be to easy so using the hashedpassword and userid adds security but what about cookie spoofing? I'm basically leaving on the client all fundamental informations. What do you think?

    Read the article

  • Reliably detect caller domain over cURL request?

    - by Utkanos
    OK so server-side security is not my forte. Basically, I'm building a service which users may use (via an SDK) only on the domain they stipulated when they signed up. The SDK calls my web service over cURL in PHP. Would I be right in thinking I cannot reliably detect the caller domain, i.e. enforce that it is the same domain they stipulated when signing up? cURL of course sends this over headers, but headers can always (?) be faked. Is there a better course of action to enforce domain for this sort of thing? (NB I'm already using an API key, too - it's just I wanted to restrict domain, too) Thanks in advance

    Read the article

  • How are CD Keys generated?

    - by The Rook
    CD Keys are the defacto-standard as an anti-piracy measure. To be honest this strikes me as Security Though Obscurity, although I really have no idea how CD Keys are generated. What is a good (secure) example of CD Key generation? What cryptographic primitive (if any) are they using? Is it a message digest? If so what data would they be hashing? What methods do developers employ to make it difficult for crackers to build their own key generators?

    Read the article

  • Html encoding in MVC input

    - by fearofawhackplanet
    I'm working through NerdDinner and I'm a bit confused about the following section... First they've added a form for creating a new dinner, with a bunch of textboxes delcared like: <%= Html.TextArea("Description") %> They then show two ways of binding form input to the model: [AcceptVerbs(HttpVerbs.Post)] public ActionResult Create() { Dinner dinner = new Dinner(); UpdateModel(dinner); ... } or: [AcceptVerbs(HttpVerbs.Post)] public ActionResult Create(Dinner dinner) { ... } Ok, great, that all looks really easy so far. Then a bit later on they say: It is important to always be paranoid about security when accepting any user input, and this is also true when binding objects to form input. You should be careful to always HTML encode any user-entered values to avoid HTML and JavaScript injection attacks Huh? MVC is managing the data binding for us. Where/how are you supposed to do the HTML encoding?

    Read the article

  • does it make sense to send password information during email communication from websites

    - by Samuel
    Most of the online sites on registration do send a link to activate the site and on any further correspondence with the end user they provide information about the site and also provide the login credentials with password in clear text (as given below) Username - [email protected] Password - mysecretpassword What would you do in such a case? From a usability perspective does it make sense to send the password information in clear text or should you just avoid sending this information. I was under the impression that most of the passwords are MD5 hashed before storing in the database and hence the service provider will not have any access to clear text passwords, is this a security violation?

    Read the article

  • WYSIWYG-editor with "add custom html feature" and secure (validated) html output?

    - by Tom
    I've been looking into some of the WYSIWYG editors (TinyMCE, FCKEditor, etc.) and they all seem to offer a lot of options. However, one vital feature that seems to lack is a simple "add custom html" option which would allow the user to input any of these embed-snippets you find all around the web these days, for example a youtube video. This is different than a "edit html/source" feature as that requires actual knowledge of html and there is the risk of the user writing invalid code. Another issue that I couldn't find much about is the output html. How would I make sure that this output causes no security invulnerabilities? Even when the user has the ability to add his own html? So, basically, is there an open source WYSIWYG editor which covers these 2 features?

    Read the article

  • URIs vs Hidden Forms

    - by NateDogg
    I'm working in the Codeigniter framework, and want to send requests to my controller/model that have several variables involved. Is there a difference between passing those variables via a hidden form (i.e. using "post") as opposed to passing them through URIs (e.g. 'travel/$month/$day/')? What about security concerns? e.g. URIs: http://www.example.com/travel/$month/$day/ Hidden Form: form_hidden('month',$month); form_hidden('day',$day);

    Read the article

  • REGISTER NOW! ORACLE HARDWARE SALES TRAINING: HARDWARE AND SOFTWARE - ENGINEERED TO BE SOLD TOGETHER!

    - by mseika
    REGISTER NOW!ORACLE HARDWARE SALES TRAINING: HARDWARE AND SOFTWARE - ENGINEERED TO BE SOLD TOGETHER! Dear partner You can now register for Oracle's EMEA Hardware Sales Training Roadshow: "Hardware and Software - Engineered to be sold together!"The objective of this one-day, face-to-face, free of charge training session is to share with you and your Oracle peers the latest information on Oracle's products and solutions and to ensure that you are fully equipped to position and sell Oracle's integrated stack. Please find the agenda, schedule details and registration information here.The seats are limited and available on a first-come-first-serve basis. We recommend you to register yourself as early as possible and reserve your seat.Register Now We hope you will take the maximum advantage of these great learning and networking opportunities and look forward to welcoming you to your nearest event! Best regards, Giuseppe FacchettiPartner Business Development Manager,Servers, Oracle EMEA Sasan MoaveniStorage Partner Sales ManagerOracle EMEA

    Read the article

  • Securing an ajax request

    - by asdasdsa
    i have a website that uses session cookies for security. it works fine and all, but any ajax requests right now are not secure. example being lets say a user is on a page. they can only get to this page if they are logged in with a session - so far so good. but now the ajax request they ask for is ajaxpages/somepage.php?somevar=something&anothervar=something if any other user decides to just go to that link themselves (without a session) they still get the same ajax output that was meant for logged in people. so obviously im going to have to pass session data across when i send an ajax request. anyone have any tips for the best way of doing this? ive never done this before and would rather use trusted methods than make up my own.

    Read the article

  • MD5 password twice

    - by NoviceCoding
    I know MD5's safety is under question lately and this is the reason a lot of people are using salt (I dont understand this at all btw) but I was wondering if you wanted to easily implement a safe system in php can you just md5 something twice? like test 098f6bcd4621d373cade4e832627b4f6 fb469d7ef430b0baf0cab6c436e70375 So basically: $val = 'test'; $val = md5($val); $val = md5($val); Would that solve the whole rainbow security stuff? Is there an easy/noob proof way of making secure database passwords in php?

    Read the article

  • Disadvantages of hard coding credentials? What's the resolution?

    - by SeeBees
    I am building a Sharepoint web part that will be used by all users. The web part connects to a web service which needs credentials with higher privileges than common users. I hard coded credentials in the web part's code. query.Credentials = new System.Net.NetworkCredential("username", "password", "domain"); query is an instance of the web service class This may not be a good approach. In regard with security, source code of the web apart is available to people who are not allowed to see the credential. This is bad enough, But is there any other drawback of this approach? How to prevent hard coding credentials into the source code? Thanks

    Read the article

  • Sending passwords over the web

    - by Falmarri
    So I'm working on a mobile platform application that I'd like to have users authenticate over the web. I was wondering the best way to do security. The user is sending a password for HTTP to a php server wich authenticates against a mysql database on the same server. Obviously I don't want to send the password in plain text over the internet, but I also don't want to do 2 SHA hashes. This is what the server looks like (in pseudocode) $pass = $_POST['pass']; if ((get PASSWORD where USERNAME = USERNAME) == SHA($pass)) return PASS; This is pretty standard and I don't think there's any other way to do this. But I was wondering how I should prepare the data before sending it over the internet.

    Read the article

  • Is there a formal name for gradually activating software changes?

    - by g .
    At times when we develop new features or functionality, we gradually "turn it on" to ensure a smooth transition and minimal impact for users. Instead of one big sudden change, we are able to control with the configuration aspects of the functionality that make it more or less intrusive to the user. This is all done in the same release/version of the software, so no software development changes are required (unless bugs turn up that need to be fixed). For example, initially we may only perform logging or analysis of data without acting upon it. Or we make something optional for a period of time before it becomes compulsory. The idea is that this reduces the potential for problems either on the technical side as well as unexpected changes by the user. The question is, is there a formal name for this approach?

    Read the article

  • REGISTER NOW! ORACLE HARDWARE SALES TRAINING: HARDWARE AND SOFTWARE - ENGINEERED TO BE SOLD TOGETHER!

    - by mseika
    REGISTER NOW!ORACLE HARDWARE SALES TRAINING: HARDWARE AND SOFTWARE - ENGINEERED TO BE SOLD TOGETHER! Dear partner You can now register for Oracle's EMEA Hardware Sales Training Roadshow: "Hardware and Software - Engineered to be sold together!"The objective of this one-day, face-to-face, free of charge training session is to share with you and your Oracle peers the latest information on Oracle's products and solutions and to ensure that you are fully equipped to position and sell Oracle's integrated stack. Please find the agenda, schedule details and registration information here.The seats are limited and available on a first-come-first-serve basis. We recommend you to register yourself as early as possible and reserve your seat.Register Now We hope you will take the maximum advantage of these great learning and networking opportunities and look forward to welcoming you to your nearest event! Best regards, Giuseppe FacchettiPartner Business Development Manager,Servers, Oracle EMEA Sasan MoaveniStorage Partner Sales ManagerOracle EMEA

    Read the article

  • Is there a formal name for gradually initiating software changes?

    - by g .
    At times when we develop new features or functionality, we gradually "turn it on" to ensure a smooth transition and minimal impact for users. Instead of one big sudden change, we are able to control with the configuration aspects of the functionality that make it more or less intrusive to the user. This is all done in the same release/version of the software, so no software development changes are required (unless bugs turn up that need to be fixed). For example, initially we may only perform logging or analysis of data without acting upon it. Or we make something optional for a period of time before it becomes compulsory. The idea is that this reduces the potential for problems either on the technical side as well as unexpected changes by the user. The question is, is there a formal name for this approach?

    Read the article

  • I'm trying to implement 2 factor authentication on the cheap. How would I do that?

    - by Biff MaGriff
    Ok so I need 2 of the 3. Something the user knows. Something the user has. Something the user is. I have a system that is exposed to the internet and we need clients to connect in a secure manner to satisfy our security standards. I'm thinking when a user registers to use our system we send them an application that they install on their home system. The application generates a key based on a timed randomness algorithm. Our application server has the same algorithm so when the user submits their credentials with the key we know that they are a legitimate user. Is this a valid method of 2 factor authentication? What is another way of doing this? Are there any pitfalls that I should be aware of? Thanks for your help!

    Read the article

  • What software programming languages were used by the Soviet Union's space program?

    - by shamp00
    I got interested in the Soviet space program and was interested to discover that the software on the Buran spacecraft circa 1988 was written in Prolog. Does anyone know what languages might have been used in earlier missions, especially the Mars PrOP-M rover missions of the early 1970s which were somewhat autonomous and could navigate obstacles? Edit My source for the Buran Prolog is this declassified document from the CIA site from May 1990. I couldn't find an OCR version, so here's the relevant quote from p. 0449: According to open-source literature, the Soviets used the French-developed programming language known as Prolog to develop on-board system software for the Buran vehicle...

    Read the article

  • Best way to Store Passwords, User information/Profile data and Photo/Video albums for a social websi

    - by Nick
    Need some help figuring out how to best Store Passwords, User information/Profile data and Photo/Video albums for a social website? For photos/videos the actual photo/video + even encrypting the URL with the IDs to the photo/videos so other users cannot figure it out. Creating a site like myspace and designing retirement documents but i am unsure how to specify the security requirements for the database. Two things: 1) Protect from outside users 2) Protect all these from employees being able to access this info For #2, the additional question is: If we encrypt the user info and password so even the system admins cannot get in, how can we retrieve the user data tomorrow if someone flags the user's account as spam and admin needs to check it out or if law enforcement wants info on a user? Thanks.

    Read the article

  • Can Spring access-denied-handler refer to popup?

    - by Rens Groenveld
    I am working with Spring Security 3.1.x and have implemented method annotation securities. As I want, when I perform a certain action while being logged in as a used that doesn't have the rights, I get a 403 acces is denied in my console! Perfect! Now I would like to catch this 403, and give the user a popup with a custom message. I don't want to redirect users to a page saying that they have no rights. Is there any way the access-denied-handler of Spring can take care of a popup? Or can it only redirect to another page? Maybe there are other options for me? Thanks in advance!

    Read the article

  • How to design Character,Game Background.,Which Software to use?

    - by TicTech
    Yesterday i Downloaded 4 GB of Videos & ZBrush for Character design but now i realize that i want to make 2D Character and background for my Android Game. so it was a waste for me i don't want to waste my other bandwidth and my Energy on some other Tut. So i am Here for a advice my Question is. 1.Which software to draw and color Character, making Background ? 2.Is there any Video Tut or Ebook for the software to draw Character .i know Basic of Photoshop i learned from Lynda Please help me i am experienced in Android SDK so that's not a prob. for me but in designing i don't know anything any Help will be Really Appreciated Thanks.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 293 294 295 296 297 298 299 300 301 302 303 304  | Next Page >