Search Results

Search found 30819 results on 1233 pages for 'software security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 299/1233 | < Previous Page | 295 296 297 298 299 300 301 302 303 304 305 306  | Next Page >

  • Can Associates Degree graduates in Software Development get jobs?

    - by SteveCode1
    I m a Software Development major in an Associates of Applied Science degree in Software Development and I ll have a 2nd Associates of Applied Science degree in Information Technology. I m 37 ill be 39 when finished. I enjoy coding HTML so far and networking and windows admin. Are people my age finding jobs right away after school or should i just keeping going to the state university in the CS degree? I kinda want to work. I enjoy CISCO and have passed classes but not taken the CCNA yet. I just don t think I m ready. But I enjoy coding aswell. Any suggestions would be helpful. Thank you.

    Read the article

  • Should we develop code on a local machine in a VLAN?

    - by red tiger
    Because of security reasons, we will not be able to use IIS on our local machines. I'm sure that many of you have faced the same problem, so how did you solve it? Here are the options that we're looking at: Create a VLAN that is isolated from the network for development. This will allow us to use any software, including IIS, that we want. A disadvantage is testing Web services with external organizations, which can be overcome by using stubs. Not use a VLAN and use only the ASP.NET Development Server that comes with Visual Studio, and then deploying that code to the development server. This has the disadvantage of not being able to replicate the production environment during local development. In addition, at least one developer needs IIS for GIS development, so he couldn't develop locally. Thank you for comments or suggestions that you may have!

    Read the article

  • On Linux do people chroot a Java Web Application or use IPTables and run as non-root?

    - by Adam Gent
    When you run a Java Servlet Container that you would like to serve both static and dynamic content on port 80 you have the classic question of whether to run the server as: As root in hopefully a chroot jail if you can (haven't gotten this working yet) As a non root user and then use IPTables to forward port 80 to some other port (1024) that the container is running on Both: As a non root user, IPTables, and chroot jail. The problem with opt. 1 is the complexity of chrooting and still the security problems of running root.The problem with opt. 2 is that each Linux distro has a different way of persisting IPTables. Option 3 of course is probably idea but very hard to setup. Finally every distro has the annoying differences in daemon scripts. What do people find as the best distro agnostic solution and are there resources to show how to do this?

    Read the article

  • How secure is encryption?

    - by Stomped
    Let me preface this by saying I know nothing about encryption. I understand the basic concept of public key / private key encryption but I don't how easily it can be broken, if at all. If one were to believe the movies, encrypted data can be broken by a teenager with a decent computer in a few hours. I have a client who wants credit card information sent via email - encrypted of course, but I'm still not feeling terribly good about the idea. I feel it would be safer to store the info on the VPS, but even then its an unmanaged server and there's nobody watching it who knows much about security. So can anyone tell me if there's a safe way to store and/or send this data out? Thanks

    Read the article

  • What is a good way to simulate O_NOFOLLOW on systems without this flag?

    - by Daniel Trebbien
    I would like to safely be able to simulate open with O_CREAT | O_WRONLY | O_TRUNC | O_NOFOLLOW and O_CREAT | O_WRONLY | O_APPEND | O_NOFOLLOW on systems that do not support O_NOFOLLOW. I can somewhat achieve what I am asking for with: struct stat lst; if (lstat(filename, &lst) != -1 && S_ISLNK(lst.st_mode)) { errno = ELOOP; return -1; } mode_t mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH; int fd = open(filename, O_CREAT | O_WRONLY | O_TRUNC | O_NOFOLLOW, mode); but then I introduce a race condition and possibly a security problem. I thought about maybe creating a dummy file with only the user being able to write, kind of like touching filename, doing the lstat check, and then using chmod after I finish writing (to correct the file mode bits), but I could be overlooking something major (e.g. if the file at filename exists, is not a regular file, or is already a symbolic link). What do you think?

    Read the article

  • Good ACL implementation in Java

    - by yonconf
    Hi All. I'm implementing a web based document management system and I'd like to implement ACLs in my system. My formal requirements are hierarchal permissions (documents inherit permissions from their folders) user groups (users can dynamically create groups and associate users with groups). Such groups can have permissions on objects in the system. My code will query permission on objects in two cases: 1. Manipulating a single document 2. Listing all documents where a manipulation is possible The latter requirement seems the achilles heel for Spring Security ACLs (their method seems likely to incur multiple DB hits for each document I manage) Anyone know of another ACL implementation? Thanks!

    Read the article

  • Is it more secure to run a desktop app in a applet?

    - by Tom Brito
    Fist of all, when I say "run a desktop app in a applet" I mean do a Applet application that runs off-line, instead of a Desktop application that runs inside a JFrame. The little I know about applets (and maybe something I say is wrong, please correct me) is that applets have all permitions not granted by default. Also, the applets run inside a Sandbox, that does not allow information in or out without explicity permition. So, if I am focused on security in my application, its best to run it inside an applet (off-line, for a desktop application) then inside a JFrame. Is it right?

    Read the article

  • Why is using a Non-Random IV with CBC Mode a vulnerability?

    - by The Rook
    I understand the purpose of an IV. Specifically in CBC mode this insures that the first block of of 2 messages encrypted with the same key will never be identical. But why is it a vulnerability if the IV's are sequential? According to CWE-329 NON-Random IV's allow for the possibility of a dictionary attack. I know that in practice protocols like WEP make no effort to hide the IV. If the attacker has the IV and a cipher text message then this opens the door for a dictionary attack against the key. I don't see how a random iv changes this. (I know the attacks against wep are more complex than this.) What security advantage does a randomized iv have? Is this still a problem with an "Ideal Block Cipher"? (A perfectly secure block cipher with no possible weaknesses.)

    Read the article

  • Software Design and documentation – what do people use that has proved valuable?

    - by eddyparkinson
    When creating software, what do you use to design, document and visualize. Looking for evidence/examples. e.g. Use cases, Pseudo code, Gantt chats, PERT charts, DFD, decision trees, decision tables (Answers maybe used to help teach students) What do you use to help with creating software. Also why; when has it proved valuable? --- Edit -- Proved valuable: The pattern so far suggests that the style of UML tool used is linked to an objective. e.g. "get it straight in MY head", explain to business mangers, quality control.

    Read the article

  • Is it possible to put software in a queue to be installed later?

    - by Gourik Goswami
    Sometime I find some software that is interesting and want to install it. At office I use pocket WiFi so I do not want to download big files. I want some how to tag these files so I can install them later when I am at home at connected with wifi network (More faster network). So is there any way that these software installation can be put in a queue, so that when I am at home it can start right away. Is there any way to do this?

    Read the article

  • Application Role and access second database

    - by lszk
    I have written a script to create an audit trails to my database in a second one db. So far I had no problems during tests on my dev machine from SQL Server Management Studio. Problems started to occurs when I first tried to test my triggers from my application by modyfing data in it. Using profiler I found out, that my audit trails db is not visible in sys.databases, so here lies the problem. The application using an Application Role, so as I found on MSDN, that's why I can't get access to other db on the server. I'm not a DBA. I have no experience with properly settings the security stuff, so please guide me, how can I set the setting for guest account (according to MSDN) to get access to this db? I need to have a record for this database in sys.databases and I need to be able to insert data in this database in all tables. No select, update or delete I need.

    Read the article

  • Password Protected Android App

    - by Caution Continues
    I wana make a security app and in case of stolen or lost my app must not be uninstalled without taking password. yes It is possible to make such an app that can take password before getting uninstall.. My friend Aditya Nikhade has made this app :) .But he is not giving me this secrete recipe:( Install this app Findroid from google Play. In this app first you need to unlock your app then only u can uninstall it. So please help me how to crack this technique.. I searched and got some incomplete answer in that we can declare a receiver of type PACKAGED_REMOVED but i want to know how can I stop if my app is being uninstalled. I am little close to solution of it. I am working/studying on Device Administrator. Please paste code snippet if anyone have. Thanks a Ton in advanced....!!!

    Read the article

  • What information about a user is available via PHP?

    - by Camran
    This is about a classifieds website, where anyone may post classifieds. I have a security database which I intend to fill with information about the user who posts the classifieds. I intend to record information such as IP, name, tel, email, classified_text, classified_title etc etc. The reason for all this is that sometimes people become victims of fraud (fake classifieds etc). So I wonder, what information is possible to get from the poster which may help in tracking him/her down? IP is a given, but what else could be useful? And I would much like examples of how it would be useful also, as well as the code for it please, like $_SERVER['REMOTE_ADDR']. And btw, I use PHP and have Sql as a database. Thanks

    Read the article

  • How to check an exectuable's path is correct in PHP?

    - by nickf
    I'm writing a setup/installer script for my application, basically just a nice front end to the configuration file. One of the configuration variables is the executable path for mysql. After the user has typed it in (for example: /path/to/mysql-5.0/bin/mysql or just mysql if it is in their system PATH), I want to verify that it is correct. My initial reaction would be to try running it with "--version" to see what comes back. However, I quickly realised this would lead to me writing this line of code: shell_exec($somethingAUserHasEntered . " --version"); ...which is obviously a Very Bad Thing. Now, this is a setup script which is designed for trusted users only, and ones which probably already have relatively high level access to the system, but still I don't think the above solution is something I want to write. Is there a better way to verify the executable path? Perhaps one which doesn't expose a massive security hole?

    Read the article

  • How can I remove "Microsoft Antimalware": HKEY_LOCAL_MACHINE\software\Microsoft Antimalware?

    - by Wolfpack'08
    I run a program called Registry Mechanic, every night. Every single time, it picks up like 8 Microsoft Antimalware entries, which it identifies as the highest kind of security threats. I feel like Registry Mechanic is a good software--it was recommended to me at #computerhelp on irc.undernet.org, a long time ago, by an op that never steered me wrong, otherwise--, so I feel like I should give the issue due attention. The entries are: 4x "HKEY_LOCAL_MACHINE\software\Microsoft Antimalware" and 4x "HKEY_LOCAL_MACHINE\software\Microsoft Antimalware\setup\RememberedProperties"

    Read the article

  • Do you known a reputable backup software that can capture ONLY file system structure + attributes, WITHOUT file content

    - by bogdan
    Is there, on Windows, a reputable backup software out there capable of capturing ONLY a file system's directory and file structure, along with each item's attributes, WITHOUT capturing the actual file content (all files should be zero-length in the backup). I thoroughly searched the web for a solution and wasn't able to find one. Scenario when this would be very useful: I have a large drive with a huge amount of files. If the drive dies, I don't care so much about the content in these files (I can always download this content again from the Internet at any time) but I do care HUGELY about the names of the files that were on it, possibly also about their MD5 hashes and other classic file attributes (especially created-date / modified-date). The functionality I need is present to an extent in "media"/file cataloging software (i.e. whereisit) and, to a lesser extent, in a Total Commander set of extensions (DiskDir, DiskDirExtended). The huge drawback with cataloging software is that it's not designed to store previous versions of each item (AFAIK) and, most importantly, it has very weak content backup capabilities. I managed to think of a hack but I hope there's some backup software out there that already has this capability and I just failed to find it, thus this question. The hack: RoboCopy could be used with /CREATE (CREATE directory tree and zero-length files only) or /COPY (what to COPY for files) without the D=Data flag, to clone a directory structure into one where all files are zero-length but have the desired attributes. Then I would backup the cloned directory structure with a reputable backup software. I would really love to avoid a hack like this one, if possible. Thanks, Bogdan

    Read the article

  • software to monitor internet usage on an XP PC? (browser + non-browser)

    - by user39316
    Hi Is there any (ideally open source) software for Windows that can be used on a PC, to monitor the usage of internet from that PC? It would need to include both browser and non-browser sources (e.g. a service that sync's calendar to gmail). So any software on your PC that uses would need to be configured to point to this local internet monitoring software/proxy. The monitoring software/proxy then would be configured to point to the company proxy server (address, port & credentials). Things that come to mind that might be close but not really focused on solving this might be perhaps: Charles Proxy, Fiddler 2, SQUID? The idea would be it could give you a daily/weekly/monthly report of internet upload/download usage on a per program/process/service basis for the PC it is being run on. thanks

    Read the article

  • Is there any software that can capture the screen and turn it into a fake webcam input?

    - by rjmunro
    Is there any software that can capture the screen and turn it into a webcam-type input so that you can easily record and/or broadcast your screen with regular video software? Edit: Just to be clear, I'd like to be able to use it live as an input to video conferencing software as well as for making recordings with video editing software. Bonus points if it allows me to capture a screen remote from the computer that is sending the video (for example by connecting to another computer with VNC). So it should show up as an input alongside any webcams I have installed, but instead of being a camera, it should be whatever is on the screen.

    Read the article

  • What antivirus software supports updates without an internet connection?

    - by Michael Gundlach
    I'm putting antivirus software on Windows 7 computers in the middle of Africa. The computers don't have internet access, but still need to be protected against viruses from CDs and thumbdrives. Separate from these computers is one computer that does have extremely spotty internet access. What's the best AV software for this situation? The important part, as I see it, is that we need to keep the computers up to date, but can't let the AV software suck down updates at its leisure: the computers are disconnected, and getting emails onto the connected computer is a challenge enough. We thought we might transfer update files to the connected computer using a protocol that can handle repeated connection drops (e.g. FTP with resume.) Then we'd manually apply the update files to the disconnected computers. Does any AV software support this? Is there a better solution?

    Read the article

  • Platform for Efficiency: Boeing Defense, Space & Security integrates supply chain processes using Oracle Business Process Management solutions. by Fred Sandsmark

    - by JuergenKress
    Like most companies, aerospace giant Boeing has its jargon - words and phrases that uniquely define its products and processes. Take the word platform. It is used at Boeing to mean a family of aircraft - the F/A-18 fighter, for example, or the 777 jetliner. Boeing Defense, Space & Security since August 2009, employees in the Global Services & Support (GS&S) division of Boeing Defense, Space & Security have been talking about a different sort of platform: a supply chain technology platform, based on Oracle Business Process Management (Oracle BPM) solutions and Oracle SOA Suite. That platform, built with the assistance of Oracle Diamond Partner Capgemini, is serving as a jumping-off point for Boeing's GS&S staff to deploy radically improved business processes supported by Oracle Fusion Applications to build a high-visibility, end-to-end supply chain. This business process-driven technology platform has ambitious goals: to help GS&S respond more quickly and accurately to its customers' needs, to make business processes at all GS&S sites more consistent and less expensive, and to create a foundation for further improvement and efficiency. Read the full article here. Want to publish your BPM11g success story - request for a partner/customer reference? BPM Center of Excellent & First 100 Days of BPM documents to our SOA Community Workspace MWD_bpm_si_Centre_of_Excellence_0811.pdf First 100 Days of BPM whitepaper.pdf Please visit our SOA Community Workspace (SOA Community membership required). SOA & BPM Partner Community For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit  www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Mix Forum Technorati Tags: BPM,BPM reference,BPM Capgemini,BPM first 100 days,BPM center of Excellence,SOA Community,Oracle SOA,Oracle BPM,Community,OPN,Jürgen Kress

    Read the article

  • How Security Products Are Made; An Interview with BitDefender

    - by Jason Fitzpatrick
    Most of us use anti-virus and malware scanners, without giving the processes behind their construction and deployment much of a thought. Get an inside look at security product development with this BitDefender interview. Over at 7Tutorials they took a trip to the home offices of BitDefender for an interview with Catalin Co?oi–seen here–BitDefender’s Chief Security Researcher. While it’s notably BitDefender-centric, it’s also an interesting look at the methodology employed by a company specializing in virus/malware protection. Here’s an excerpt from the discussion about data gathering techniques: Honeypots are systems we distributed across our network, that act as victims. Their role is to look like vulnerable targets, which have valuable data on them. We monitor these honeypots continuously and collect all kinds of malware and information about black hat activities. Another thing we do, is broadcast fake e-mail addresses that are automatically collected by spammers from the Internet. Then, they use these addresses to distribute spam, malware or phishing e-mails. We collect all the messages we receive on these addresses, analyze them and extract the required data to update our products and keep our users secure and spam free. Hit up the link below for the full interview. How To Properly Scan a Photograph (And Get An Even Better Image) The HTG Guide to Hiding Your Data in a TrueCrypt Hidden Volume Make Your Own Windows 8 Start Button with Zero Memory Usage

    Read the article

  • Unable to get HTTPS MEX endpoint to work

    - by Rahul
    I have been trying to configure WCF to work with Azure ACS. This WCF configuration has 2 bugs: It does not publish MEX end point. It does not invoke custom behaviour extension. (It just stopped doing that after I made some changes which I can't remember) What could be possibly wrong here? <configuration> <configSections> <section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> </configSections> <location path="FederationMetadata"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location> <system.web> <compilation debug="true" targetFramework="4.0"> <assemblies> <add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> </assemblies> </compilation> </system.web> <system.serviceModel> <services> <service name="production" behaviorConfiguration="AccessServiceBehavior"> <endpoint contract="IMetadataExchange" binding="mexHttpsBinding" address="mex" /> <endpoint address="" binding="customBinding" contract="Samples.RoleBasedAccessControl.Service.IService1" bindingConfiguration="serviceBinding" /> </service> </services> <behaviors> <serviceBehaviors> <behavior name="AccessServiceBehavior"> <federatedServiceHostConfiguration /> <sessionExtension/> <useRequestHeadersForMetadataAddress> <defaultPorts> <add scheme="http" port="8000" /> <add scheme="https" port="8443" /> </defaultPorts> </useRequestHeadersForMetadataAddress> <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment --> <serviceMetadata httpsGetEnabled="true" /> <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> <serviceDebug includeExceptionDetailInFaults="true" /> <serviceCredentials> <!--Certificate added by FedUtil. Subject='CN=DefaultApplicationCertificate', Issuer='CN=DefaultApplicationCertificate'.--> <serviceCertificate findValue="XXXXXXXXXXXXXXX" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" /> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> <serviceHostingEnvironment multipleSiteBindingsEnabled="true" /> <extensions> <behaviorExtensions> <add name="sessionExtension" type="Samples.RoleBasedAccessControl.Service.RsaSessionServiceBehaviorExtension, Samples.RoleBasedAccessControl.Service, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" /> <add name="federatedServiceHostConfiguration" type="Microsoft.IdentityModel.Configuration.ConfigureServiceHostBehaviorExtensionElement, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> </behaviorExtensions> </extensions> <protocolMapping> <add scheme="http" binding="customBinding" bindingConfiguration="serviceBinding" /> <add scheme="https" binding="customBinding" bindingConfiguration="serviceBinding"/> </protocolMapping> <bindings> <customBinding> <binding name="serviceBinding"> <security authenticationMode="SecureConversation" messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10" requireSecurityContextCancellation="false"> <secureConversationBootstrap authenticationMode="IssuedTokenOverTransport" messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10"> <issuedTokenParameters> <additionalRequestParameters> <AppliesTo xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy"> <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> <Address>https://127.0.0.1:81/</Address> </EndpointReference> </AppliesTo> </additionalRequestParameters> <claimTypeRequirements> <add claimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" isOptional="true" /> <add claimType="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" isOptional="true" /> <add claimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" isOptional="true" /> <add claimType="http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider" isOptional="true" /> </claimTypeRequirements> <issuerMetadata address="https://XXXXYYYY.accesscontrol.windows.net/v2/wstrust/mex" /> </issuedTokenParameters> </secureConversationBootstrap> </security> <httpsTransport /> </binding> </customBinding> </bindings> </system.serviceModel> <system.webServer> <modules runAllManagedModulesForAllRequests="true" /> </system.webServer> <microsoft.identityModel> <service> <audienceUris> <add value="http://127.0.0.1:81/" /> </audienceUris> <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"> <trustedIssuers> <add thumbprint="THUMBPRINT HERE" name="https://XXXYYYY.accesscontrol.windows.net/" /> </trustedIssuers> </issuerNameRegistry> <certificateValidation certificateValidationMode="None" /> </service> </microsoft.identityModel> <appSettings> <add key="FederationMetadataLocation" value="https://XXXYYYY.accesscontrol.windows.net/FederationMetadata/2007-06/FederationMetadata.xml " /> </appSettings> </configuration> Edit: Further implementation details I have the following Behaviour Extension Element (which is not getting invoked currently) public class RsaSessionServiceBehaviorExtension : BehaviorExtensionElement { public override Type BehaviorType { get { return typeof(RsaSessionServiceBehavior); } } protected override object CreateBehavior() { return new RsaSessionServiceBehavior(); } } The namespaces and assemblies are correct in the config. There is more code involved for checking token validation, but in my opinion at least MEX should get published and CreateBehavior() should get invoked in order for me to proceed further.

    Read the article

  • How to calculate line count for project

    - by sixtyfootersdude
    I am taking a software engineering class right now. Our assignment is to evaluate Mozilla's Thunderbird. Our assignment is to evaluate the size of Thunderbird. One metric that we need to use is the number of lines of code in the project. (Lines of code meaning not including comments or new lines). Is there a standard way to find the number of lines or am I better off just cracking out a script to do this? I think that I could do something like this: # remove all comments find -name *.java | \ sed "/\/*/,\*\// s/.*//g | \ # remove multiline comments sed s/\/\///g # remove single line comments # count not empty lines find -name *.java | grep -c "<character>" But I would need to do that for each file type. It seems like there should be some utility that does that already. (something mac/unix compatible would be preferable).

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 295 296 297 298 299 300 301 302 303 304 305 306  | Next Page >