Search Results

Search found 1306 results on 53 pages for 'csrf protection'.

Page 3/53 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • How to implement CSRF protection in Ajax calls using express.js (looking for complete example)?

    - by Benjen
    I am trying to implement CSRF protection in an app built using node.js using the express.js framework. The app makes abundant use of Ajax post calls to the server. I understand that the connect framework provides CSRF middleware, but I am not sure how to implement it in the scope of client-side Ajax post requests. There are bits and pieces about this in other Questions posted here in stackoverflow, but I have yet to find a reasonably complete example of how to implement it from both the client and server sides. Does anyone have a working example they care to share?

    Read the article

  • Database Machine, 11gR2 és a Tivoli Data Protection is együttmuködik

    - by Fekete Zoltán
    Felmerült a kérdés, hogy a Database Machine környezetben végezhetjük-e a mentéseket Tivoli Data Protection for Oracle szoftverrel. A válasz: IGEN. Az IBM Tivoli Data Protection for Oracle V5.5.2 on Linux x86_64 immár bevizsgáltatott az Oracle 11gR2 RAC-cal. Az aktuális support információ itt található: A V5.5.2-re kattintva megtaláljátok a következo adatokat: Oracle Enterprise Linux 5 with any of the following Oracle releases: * 64-bit Oracle Standard or Enterprise Server 10gR2, 11g, or 11gR2 * 64-bit Real Application Clusters (RAC) 10gR2, 11g, or 11gR2 Ez az információ elegendo és remek :), mivel a Database Machine komponensek Oracle Enterprise Linux operációs rendszeren muködnek, 64 bites architektúrában és az Oracle RMAN (Recovery Manager) elemet tudja használni a TDP.

    Read the article

  • Am I under risk of CSRF attacks in a POST form that doesn't require the user to be logged in?

    - by Monika Sulik
    I'm probably being a total noob here, but I'm still uncertain about what a CSRF (Cross-Site Request Forgery) attack is exactly. So lets look at three situations... 1) I have a POST form that I use to edit data on my site. I want this data to be edited only by users that are logged in. 2) I have a site, which can be used by both users who are logged in as well as guests. Parts of the site are for logged in users only, but there are also POST forms that can be used by all users - anonymous and not (for example a standard contact form). Should the contact form be safeguarded against CSRF attacks? 3) I have a site which doesn't have an authentication system at all (well, perhaps that's unrealistic, so lets say it has an admin site which is separate from the rest of it and the admin part is properly safeguarded). The main part of the site is only used by anonymous users. Do the POST forms on it need to be safeguarded? In the case of 1) the answer is clearly yes. But in the case of 2 and 3 I don't know (and is the difference between 2 and 3 even significant?).

    Read the article

  • How to disable Windows File Protection in Windows XP or 7 from Registry?

    - by SEARAS
    How to disable Windows File Protection in Windows 7 and/or XP from Registry? I want to automatically replace a driver with my created driver. I used PendingFileRenameOperations key in HKLM\System\CurrentControlSet\Control\Session Manager but i've found that it can ONLY be used for simple (not-system) files, because Windows File Protection disables it for system files (see this post). Now I need to temporarily disable WFP (and turn it on after changing driver). You can tell me another way to disable it. It can help me too. Thanks in advance! Any ideas?

    Read the article

  • Disable comments / Spam protection

    - by SamIAm
    My client site is built in Silverstripe, there is a news page, and it allows people to leave comments. Unfortunately we've got loads of spam emails. I'm new to this, is there any way we can disable the comment field by default? How do I do it? Alternatively is there easy way for me to install a spam protection? Thanks heaps. Sam Update - Because this is someone else's code, I just realised that they have some sort of spam protection already, so we are trying to disable comments now. I have manage to set no comment as default by changing file BlogEntry.php static $defaults = array( "ProvideComments" => true, 'ShowInMenus' => false ); to static $defaults = array( "ProvideComments" => false, //changed 'ShowInMenus' => false ); Am I on the right track to disable comments by default? Also how can I stop on the news page showing xxx comments link? eg Test Posted by Admin on 21 June 2011 | 3 Comments Tags: P This is a test.... 3 comments | Read the full post Thanks. S:)

    Read the article

  • Disable comments / Spam protection

    - by SamIAm
    My client site is built in Silverstripe, there is a news page, and it allows people to leave comments. Unfortunately we've got loads of spam emails. I'm new to this, is there any way we can disable the comment field by default? How do I do it? Alternatively is there easy way for me to install a spam protection? Thanks heaps. Sam Update - Because this is someone else's code, I just realised that they have some sort of spam protection already, so we are trying to disable comments now. I have manage to set no comment as default by changing file BlogEntry.php static $defaults = array( "ProvideComments" => true, 'ShowInMenus' => false ); to static $defaults = array( "ProvideComments" => false, //changed 'ShowInMenus' => false ); Am I on the right track to disable comments by default? Also how can I stop on the news page showing xxx comments link? eg Test Posted by Admin on 21 June 2011 | 3 Comments Tags: P This is a test.... 3 comments | Read the full post Thanks. S:)

    Read the article

  • Is 'Protection' an acceptable Java class name

    - by jonny
    This comes from a closed thread at stack overflow, where there are already some useful answers, though a commenter suggested I post here. I hope this is ok! I'm trying my best to write good readable, code, but often have doubts in my work! I'm creating some code to check the status of some protected software, and have created a class which has methods to check whether the software in use is licensed (there is a separate Licensing class). I've named the class 'Protection', which is currently accessed, via the creation of an appProtect object. The methods in the class allow to check a number of things about the application, in order to confirm that it is in fact licensed for use. Is 'Protection' an acceptable name for such a class? I read somewhere that if you have to think to long in names of methods, classes, objects etc, then perhaps you may not be coding in an Object Oriented way. I've spent a lot of time thinking about this before making this post, which has lead me to doubt the suitability of the name! In creating (and proof reading) this post, I'm starting to seriously doubt my work so far. I'm also thinking I should probably rename the object to applicationProtection rather than appProtect (though am open to any comments on this too?). I'm posting non the less, in the hope that I'll learn something from others views/opinions, even if they're simply confirming I've "done it wrong"!

    Read the article

  • Easter eggs as IP protection in software

    - by Simon
    I work in embedded software, and for some reason, management wants to hide an Easter egg as means of IP protection. They call it a watermark, and since our software interact with the video preview feed (the image displayed on a screen before you take a photo), they want me to implement a trigger which will react to some unusual video input (a video konami code like dark - bright - dark - bright - whatever). When this trigger fires, something strange happens (which is outside of the normal behavior of the software). The goal is to check whether our software is included in a device. Does it sound like a good idea? I have many argument against this move: What if the konami code is too sensitive and user triggers it? Does this kind of watermark have any legal value? What if this "feature" is discovered by the client? The performance penalty should be very small, since the soft run on small devices. I am the one developping this trigger. If things go wrong, what is my responsibility? What is your opinion about this method? I can't find a link, but I remember seeing an answer on this site suggesting that putting Easter eggs for protection purpose was a good idea. Has anyone tried it with good results?

    Read the article

  • Does anyone see any downsides of doing the following to prevent CSRF?

    - by Spines
    I'm wondering if the following method will completely prevent CSRF, and be compatible with all users. Here it is: In the form just include an extra parameter that is: encrypted(user's userID + request time). Server-side just decrypt and make sure it's the right userID and the request time was reasonably recent. Aside from someone sniffing the user's traffic, is this completely secure? Are there any downsides?

    Read the article

  • Webcast Replay Available: E-Business Suite Data Protection

    - by BillSawyer
    I am pleased to release the replay and presentation for the latest ATG Live Webcast: E-Business Suite Data Protection (Presentation)   Robert Armstrong, Product Strategy Security Architect and Eric Bing, Senior Director discussed the best practices and recommendations for securing your E-Business Suite data.Finding other recorded ATG webcasts The catalog of ATG Live Webcast replays, presentations, and all ATG training materials is available in this blog's Webcasts and Training section.

    Read the article

  • Cloud Data Protection Tips and Guidelines

    Cloud Data Protection is an effective way to save and secure your data (must be less than 1 TB) for ultimate optimization of your PC health. But one may get bewildered to see hundreds of data backup ... [Author: Susan Brown - Computers and Internet - April 01, 2010]

    Read the article

  • How To - Securing a JAX-WS with OWSM Message Protection Policy in JDeveloper - 11g

    - by Prakash Yamuna
    As promised in this post, here is a How-To that describes how to secure a simple HelloWorld JAX-WS with OWSM message protection policy and test it with SOAP UI. The How-To reuses the picture I posted earlier about the relationship and interplay b/w Keystore, Credential store, jps-config.xml ,etc. One of the other more frequent requests I hear from folks within Oracle and customers is how to test OWSM with SOAP UI. SOAP UI in general works very well as testing tool for web services secure with wss10 policies.

    Read the article

  • Protection against CheatEngine and other injectors [duplicate]

    - by Lucas
    This question already has an answer here: Strategies to Defeat Memory Editors for Cheating - Desktop Games 10 answers Is protection against CheatEngine and other inject tools are possible to do? I was thinking a day and the only one idea I've got is about writting some small application which will scan the processes running every second, and in case if any injector will be found the game client will exit immadiately. I'm writing here to see your opinions on this case as some of you may have some expierence against protecting the game clients against DLL or PYC injection or something.

    Read the article

  • CTERA Adds Data Protection to Linux File Systems

    <b>Enterprise Storage Forum: </b>"CTERA Networks is giving the Linux Ext3 file system additional data protection in the form of new snapshot capabilities. The file system is also the basis of the company's Cloud-Attached Storage appliances, the C200 and CloudPlug."

    Read the article

  • PHP - CSRF - How to make it works in all tabs?

    - by Erik Persson
    Hi there, I have readed about how to prevent CSRF-attacks in the last days. I am going to update the token in every pageload, save the token in the session and make a check when submitting a form. But what if the user has, lets say 3 tabs open with my website, and I just store the last token in the session? This will overwrite the token with another token, and some post-action is going to fail. Do I need to store all tokens in the session, or is there a better solution to get this working? Best regards, Erik Persson

    Read the article

  • Django with custom authentication backends, is Csrf middleware really required ?

    - by Hellnar
    Hello, Under Django 1.1.1, I am using several authentication backends such as social-registration for facebook connect and django-emailauth for email based authentication instead of user names. I am curious if the Csrf middleware is an essential security measure as it seems like it sometimes generates problems, especially with facebook connect. My project is rather simple. Each user have a profile which they can fill and a purchase page where they fill the payment for to do purchases. Either of these pages are protected via @login_required.

    Read the article

  • CSRF error when trying to log onto Django admin page with w3m on Emacs23

    - by Vernon
    I normally use Firefox and have had no problems with the admin page on my Django website. But I use Emacs23 for writing my posts, and wanted to be able to use w3m in Emacs to copy the stuff across. When I try to log into my admin pages, it gives the CSRF error: CSRF verification failed. Request aborted. Help Reason given for failure: No CSRF or session cookie. ... Is there a way that I could get w3m to work with my admin page? I am not sure if the problem lies with the way the admin is set up on Django or with the Emacs or w3m settings.

    Read the article

  • Disable logon protection for Rising Antivirus

    - by Magnetic_dud
    Hi, i am using Rising Antivirus, free version. It has many advanced functionalities, including a "logon protection" that assures the protection of the password, or pre-logon protection. Unfortunately, that disables remote desktop connection until an user has logged on. (user log on, disconnect, then you can connect) I hate this behaviour, someone knows how to disable this function? (ok, i could create a limited user that autologons and then autodisconnects, but i don't like this approach)

    Read the article

  • HTTPS Everywhere Extension Updates to Version 3.0, Adds Protection for 1,500 More Websites

    - by Asian Angel
    If one of your security goals is to encrypt your communication with websites as much as possible, then you will definitely be pleased with the latest update to the HTTPS Everywhere extension for Firefox and Chrome. This latest release adds encryption protection for an additional 1,500 websites to help make your browsing experience more secure than ever. Images shown above courtesy of EFF. You can learn more about this latest release along with installing the extension for Firefox and/or Chrome directly from the blog post linked below… HTTPS Everywhere 3.0 protects 1,500 more sites [via Softpedia] HTG Explains: What is the Windows Page File and Should You Disable It? How To Get a Better Wireless Signal and Reduce Wireless Network Interference How To Troubleshoot Internet Connection Problems

    Read the article

  • Set Up Anti-Brick Protection to Safeguard and Supercharge Your Wii

    - by Jason Fitzpatrick
    We’ve shown you how to hack your Wii for homebrew software, emulators, and DVD playback, now it’s time to safeguard your Wii against bricking and fix some annoyances—like that stupid “Press A” health screen. The thing about console modding and jailbreaking—save for the rare company like Amazon that doesn’t seem to care—is companies will play a game of cat and mouse to try and knock modded console out of commission, undo your awesome mods, or even brick your device. Although extreme moves like bricktacular-updates are rare once you modify your device you have to be vigilante in protecting it against updates that could hurt your sweet setup. Today we’re going to walk you through hardening your Wii and giving it the best brick protection available Latest Features How-To Geek ETC The 50 Best Registry Hacks that Make Windows Better The How-To Geek Holiday Gift Guide (Geeky Stuff We Like) LCD? LED? Plasma? The How-To Geek Guide to HDTV Technology The How-To Geek Guide to Learning Photoshop, Part 8: Filters Improve Digital Photography by Calibrating Your Monitor Our Favorite Tech: What We’re Thankful For at How-To Geek Snowy Christmas House Personas Theme for Firefox The Mystic Underground Tunnel Wallpaper Ubunchu! – The Ubuntu Manga Available in Multiple Languages Breathe New Life into Your PlayStation 2 Peripherals by Hooking Them Up to Your Computer Move the Window Control Buttons to the Left Side in Windows Fun and Colorful Firefox Theme for Windows 7

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >