Search Results

Search found 30819 results on 1233 pages for 'software security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 298/1233 | < Previous Page | 294 295 296 297 298 299 300 301 302 303 304 305  | Next Page >

  • The risk of granting to IUSR* NTFS permissions on a folder on the server

    - by vtortola
    I have two web applications that must share a file in the server file system. Both apps are inside of "Inetpub\wwwroot". The file cannot be accessed freely from outside, so it is in a folder out of "Inetpub". I have granted full NTFS permissions to the user "IUSR_whatever" (is the user that runs IIS in anonymous requests) in that folder. The folder has only that file, and has no other use. It works so far :) But, what is the risk? what should I be afraid of? As I see it, as long the folder is out of the "InetPub" cannot be accessed, and as long the apps don't have any security flaw like "path traversal" or server side code injection, it should be safe enough.... But I'm always keen to be wrong :) What do you think? May the file or even the server itself get compromised because of this? Thanks.

    Read the article

  • Sql server execute permission; failure to apply permissions

    - by WestDiscGolf
    I've just migrated from SQL2000 to SQL2008 and I have started getting an execute permission issue on a stored proc which uses sp_OACreate. The rest of the system works fine with the db login which has been setup and added to the database. I've tried: USE master GO GRANT EXEC ON sp_OACreate TO [dbuser] GO But this fails with the following error: Msg 15151, Level 16, State 1, Line 1 Cannot find the user 'dbuser', because it does not exist or you do not have permission. I'm logged into the server as sa with full permissions. I can execute a similar sql statement and apply the permissions to a server role, however not a login/user. How do I apply the changes to the specific user/login? I can apply the permissions to the public role and it resolves my issue; however this seems to be a security issue to me which I don't really want to apply to the live server.

    Read the article

  • What is a good time/task tracking software to use when consulting?

    - by NeoModulus
    I am looking for time tracking software to use as an individual consulting on multiple projects at once. The projects I work on are billable to different clients. Some clients are billed on an hourly basis while others are billed on a project basis. I also track personal projects that may never produce income. I need to be able to track the time down to the individual task level. I am looking for software that is easy to use, cost effective, easy to invoice out of and has data mining reports.

    Read the article

  • Sitemap Links don't work on live site, Windows Authentication

    - by Chris
    I have a intranet site with Windows Authentication. I have 'Administrator' pages in an 'Administrator' folder that will only show for those in the admin group (windows security group) These pages work I have a folder with sub folders containing reports. These permissions are broken down for each type of report. They have similar role priveleges. When I test the application, I can navigate to the pages. When I deploy the site live on the intranet the links don't return a page. Error missing link 404. Do I need to set something in IIS?

    Read the article

  • How long can a hash left out in the open be considered safe?

    - by Xeoncross
    If I were to leave a SHA2 family hash out on my website - how long would it be considered safe? How long would I have before I could be sure that someone would find a collision for it and know what was hashed? I know that the amount of time would be based on the computational power of the one seeking to break it. It would also depend on the string length, but I'm curious just how secure hashes are. Since many of us run web-servers we constantly have to be prepared for the day when someone might make it all the way to the database which stores the user hashes. So, move the server security out of the way and then what do you have? This is a slightly theoretical area for many of the people I have talked with, so I would love to actually have some more information about average expectations for cracking.

    Read the article

  • Is there anything software-related I can do, to make ubuntu play high-quality mkv files smoothely?

    - by Roy
    I've noticed that beyond let's say..a 20 MB/s bitrate, a movie would lag, played on my laptop.. It results in me missing the highest bitrated scenes of a movie.. And sometimes having to compromise for watching the movie at a lesser quality.. I was wondering if there's anything I can do software-wise to play movies smoothley..? At the moment Ubuntu is installed with all the default settings on an 60GB SSD I use VLC ofcourse.. I also have 2 1TB HDD - maybe I can use them as pagefiles? I don't really know alot about this so maybe this is irrelevant.. I took the laptop battery out since it was dead..but I think this is also irrelevant.. would appriciate a response, even if there's nothing that can be done software-wise :)

    Read the article

  • Secure to store an ID in an ASP.NET control ID?

    - by Curtis White
    I'm auto-generating a form in my ASP.NET page. This is already tested and working. I want to know if: If there are any security problems with storing the database ID as part of my controls ID? I can see think of 2 issues: the id will be visible in page source (not really important in this case), and the possibility someone could change the name of the control somehow? This second possibility is more serious. Is this a potential problem and how to void it? If there would be a better preferred way to associate a unique data with any type of control? Is it possible to store a custom item in the viewstate for the control?

    Read the article

  • I've released a software product - how do I maximize exposure given no budget and limited time?

    - by CubicleSoft
    I'd like to reach out to the community on this one. As a software developer, I'm not an expert salesperson or marketing guru - I think in code and not much else. Most developers I come across are like this and also tend to be serious penny-pinchers. Let's say, as a developer, I recently released a new software product that I'm pretty sure will be a hit IF people only knew about it. Assume a budget of $0.00 and limited time each day (i.e. 30 to 60 minutes). What can I do, within those limitations, to maximize exposure? If possible, please back up your reply with at least two working examples.

    Read the article

  • Secure xml messages being read from database into app.

    - by scope-creep
    I have an app that reads xml from a database using NHibernate Dal. The dal calls stored procedures to read and encapsulate the data from the schema into an xml message, wrap it up to a message and enqueue it on an internal queue for processing. I would to secure the channel from the database reads to the dequeue action. What would be the best way to do it. I was thinking of signing the xml using System.Security.Cryptography.Xml namespace, but is their any other techniques or approaches I need to know about? Any help would be appreciated. Bob.

    Read the article

  • Where to find current information on quality of released games as software products?

    - by Tom
    As a gamer, one thing I have learned I need to be savvy about is knowing whether SomeBigGame is actually unstable or otherwise problematic as a piece of software (riddled with invasive DRM products, only runs well on a particular video driver version, crashes on non-English-language systems, etc.). I know that game news media can sometimes be relied upon to report on some problems, but I doubt they bother to cover smaller or indie titles. An example: I've started playing Transformice on Kongregate, and I'm considering installing the downloadable client (it is an online multiplayer game). The part of me that cares about data privacy and maintaining a clean-and-healthy PC wants to know whether there is a place I can check to find out more about a title-as-software than "it is not a literal virus." Put another way: where would you not want to see your game receive lots of attention?

    Read the article

  • Securing Web Services approach valid?

    - by NBrowne
    Hi , Currently I am looking at securing our web services. At the moment we are not using WCF so this is not an option. One approach I have seen and implemented locally fairly easily was the approach described in article: http://www.codeproject.com/KB/aspnet/wsFormsAuthentication.aspx Which describes adding a HttpModule which prompts for user credentials if the user browses to any pages (web services) which are contained in a services folder. Does anyone see any way that this security could fall down and could be bypassed etc. I'm really just trying to decide whether this is a valid approach to take or not? thanks

    Read the article

  • Les décideurs IT s'occupent-ils assez de la sécurité des appareils nomades ? Absolute Software sort un classement des vols les plus insolites

    Absolute Software sort un classement des vols d'ordinateurs les plus insolites Les décideurs IT s'occupent-ils assez de la sécurité des terminaux nomades ? Absolute Software, spécialiste canadien des solutions anti-vols des ordinateurs portables, vient de publier une bien curieuse rétrospective de l'année 2010. L'entreprise dresse en effet le top 5 des histoires de vol les plus insolites de l'année, des histoires qui finissent bien, et ce, bien entendu, grâce à ses solutions anti-vols. L'histoire sacrée la plus insolite est celle d'un acheteur malchanceux qui acquière un ordinateur portable d'occasion ? volé. L'acheteur se rend chez un ami policier afin d'utiliser s...

    Read the article

  • Retrieve web user's Identity outside of request scope

    - by Kendrick
    I have an ASP.NET app that logs Audit reports using nHibernate's IPreUpdateListener. In order to set the current user in the Listener events, I was using System.Security.Principal.WindowsIdentity.GetCurrent(). This works fine when debugging on my machine, but when I move it to the staging server, I'm getting the ASP.NET process credentials, not the requesting user. In the ASP.NET page, I can use Request.LogonUserIdentity (which works fine since I'm using integrated authentication), but how do I reference this user directly without having to pass it directly to my event? I don't want to have to pass this info through the pipeline because it really doesn't belong in the intermediate events/calls.

    Read the article

  • 12.04 Software "RAID 0" on desktop replacement, 2 HDD?

    - by gregzeng
    Hardware: HP Pavilion DV7 notebook: 8GB DDR3, 2x 750GB SATA2 HDD, I7 c+ Radeon GPU, eSATA, Bluray, etc. Currently multiboot with Win7-64 + choice of 5 'buntu-64. Prefer Xubuntu-64-alternate, but not able to install software RAID-0 at the last active partition on both HDDs. Tried many types: real boot partition, etc. All my Linux op sys boot successfully from the extended partitions on both drives, but without RAID of any kind. Theory - yes. But has anyone really succeeded with 12.04 software RAID-0?

    Read the article

  • Web Application - Authentication / Login Framework

    - by user456563
    This is a very simple, probably a most asked question and frequently developed as part of any web application. Say I'm planning to build a web application and some of the functional requirements include (apart from the usual hard hitting security reqs), - Need to have users sign up for a new account profile - Authenticate user using the native app authentication / Facebook or Google or Yahoo or OpenId login - Allow lost password retrieval - Session handling needs Is there an out of the box frameworks (Drupal, Liferay??) that I can use to wrap my application which can be a bunch of JSP's or HTML's with JS? I know I'm asking a very simple and maybe a naive question. But this is a topic every web developer guru will go thru. Any help, advise and pointers much appreciated.

    Read the article

  • PHP - How to determine if request is coming from a specific file.

    - by John
    I have fileA.php on SERVER_A and fileB.php on SERVER_B fileB.php makes a curl request to fileA.php for it's contents How can fileA.php determine that the request is coming specifically from fileB.php? -- I was thinking about sending the $_SERVER['SCRIPT_NAME'] in fileB.php to fileA.php but since someone can go into fileB.php or any file in general and just do $_SERVER['SCRIPT_NAME'] = 'fileB.php'; it's not really that secure. So how can I determine, for security reasons, that the request is coming from a specific file on a different server?

    Read the article

  • Established javascript solution for secure registration & authentication without SSL

    - by Tomas
    Is there any solution for secure user registration and authentication without SSL? With "secure" I mean safe from passive eavesdropping, not from man-in-the-middle (I'm aware that only SSL with signed certificate will reach this degree of security). The registration (password setup, i.e. exchanging of pre-shared keys) must be also secured without SSL (this will be the hardest part I guess). I prefer established and well tested solution. If possible, I don't want to reinvent the wheel and make up my own cryptographic protocols. Thanks in advance.

    Read the article

  • Leaving SQL Management open on the internet

    - by Tim Fraud
    I am a developer, but every so often need access to our production database -- yeah, poor practice, but anyway... My boss doesn't want me directly on the box using RDP, and so we decided to just permit MS SQL Management Console access so that I can do my tasks. So right now we have the SQL box somewhat accessible on the internet (on port 1433 if I am not mistaken), which opens a security hole. But I am wondering, how much of an uncommon practice is this, and what defaults should I be concerned about? We use MSSQL2008 and I created an account that has Read-Only access, because my production tasks only need that. I didn't see any unusual default accounts with default passwords on the system, so I would be interested to hear your take. (And of-course, is there a better way?)

    Read the article

  • First-time software contractor, building a system for a multi-site client; who should own the intell

    - by matthew
    I'm very new to software contracting; this is my first project. I've just built a point-of-sale software system for a client, and neither of us put a lot of work into the contract. I wrote that the software was "jointly owned" with exclusive license for use given to the client. The client is using it at one store and is very pleased with it. The client is also planning to expand to numerous stores over time, and wants to use it in every store. The client also now wants full ownership of the software, with me as the exclusive developer. I am very hesitant to allow this, and I am seeking previous experience. Should I sell the IP but demand royalties for every site at which it's installed? Should I demand royalties for every sale made using the software? Should I really start talking to a lawyer? A couple of other details: in terms of risk, it is fair to say that the client is assuming the risk, but the client is now using the software and exclaiming how great it is (and so I assume, how it is improving business). Also, the software is tailored to the client specifically, but could, with a bit of work, be repackaged and resold to other clients. Even if the client owned the IP I would certainly want to make sure that I then did have (significant) royalties on such sales.

    Read the article

  • WCF: What happens if a channel is established but no method is called?

    - by mafutrct
    In my specific case: A WCF connection is established, but the only method with "IsInitiating=true" (the login method) is never called. What happens? In case the connection is closed due to inactivity after some time: Which setting configures this timeout? Is there still a way for a client to keep the connection alive? Reason for this question: I'm considering the above case as a possible security hole. Imagine many clients connecting to a server without logging in thus preventing other clients from connecting due to bandwidth problems or port shortage or lack of processing power or ... Am I dreaming, or is this an actual issue?

    Read the article

  • Images with unknown content: Dangerous for a browser?

    - by chris_l
    Let's say I allow users to link to any images they like. The link would be checked for syntactical correctness, escaping etc., and then inserted in an <img src="..."/> tag. Are there any known security vulnerabilities, e.g. by someone linking to "evil.example.com/evil.jpg", and evil.jpg contains some code that will be executed due to a browser bug or something like that? (Let's ignore CSRF attacks - it must suffice that I will only allow URLs with typical image file suffixes.)

    Read the article

  • What do Embedded Software Developers do on a day to day basis?

    - by afree100
    Edit: I am not asking how to program embedded systems. I am asking how it is done in a practical business setting. I have searched for hours for information on what software developers actually do. More specifically, what coding challenges would one experience daily (e.g. code examples (although obviously not too large), specifics)? I am interested in Linux based embedded systems mainly, but any software development would be helpful (in the C/C++/Assembly areas). Also, regarding this, a distinction between junior, intermediate and senior developers would be helpful. Also, what is the best place to prepare for such things before getting a job for the first time?

    Read the article

  • Is there a way to develop desktop software using PHP?

    - by user1492018
    I have to develop a real estate marketing CRM software for my client - where the application is installed on desktop but can also be accessed from web. 2 reasons why they want the application to run from desktop : So that it can work with/without internet connection They don't want their complete data to be online They want to access few of the data like property listing & inquiries (managed from desktop application) from their website through secure login & password. The data that is entered in desktop application should be automatically synchronized with the website application. I was wondering if there is a way to develop this kind of software using PHP & MySQL. If yes, it will be great if anyone can provide me the referral link.Else please suggest, which language should I use.

    Read the article

  • asp.net impersonation identity: Where does it come from?

    - by Rising Star
    Here's a simple question I've been stuck on for a while. When I set < identity impersonate=true > in my web.config so that asp.net impersonates the logged on user automatically (or the anonymous account if not using Windows Authentication), where does the identity that asp.net impersonates come from? This document: http://msdn.microsoft.com/en-us/library/ff649264.aspx shows three places you can retrieve information about the logged on user: Httpcontext.Current.user System.Threading.Thread.Current System.Security.Principal.WindowsIdentity.GetCurrent It seems that none of these locations consistently match the identity that gets impersonated when I set < identity impersonate=true > in web.config. I would like to know where the impersonated identity comes from.

    Read the article

  • Cross domain secure cookie usage?

    - by asdasda
    I have a website that came with a SSL site for HTTPS but its on a different server. Example being my website: http://example.com my SSL site: http://myhostingcompany.com/~myuseraccount/ So I can do transactions over HTTPS and we have user accounts and everything but it is located on a different domain. The cookie domain is set for that one. Is there a way I can check on my actual site to see if a cookie is set for the other one? And possibly grab its data and auth a user? I think this violates a major principle of security and can't be done for good reasons, but am i wrong? is this possible?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 294 295 296 297 298 299 300 301 302 303 304 305  | Next Page >