Search Results

Search found 3707 results on 149 pages for 'secure'.

Page 30/149 | < Previous Page | 26 27 28 29 30 31 32 33 34 35 36 37  | Next Page >

  • How do I secure a .NET Web Service for use by an iPhone application?

    - by David A Gibson
    Hello, The title says it all, I have a Web Service written in .NET that provides data for an iPhone application. It will also allow the application make a "reservation." Currently it's all internal to the corporate network but obviously when the iPhone application is published I will need ensure the Web Service is available externally. How would I go about securing the Web Service? There are two aspects I'm looking into: Authentication for accessing the web service Protection for the data being transferred I'm no so bothered about the data being passed back and forth as it will be viewable in the application anyway (which will be free). The key issue for me is preventing users from accessing the Web Service and making reservations themselves. At the moment I am considering encrypting any strings in the XML data passed back and forth so only the client can effectively use the web service sidestepping the need for authentication and providing protection for the data. This is the only model I have seen but I think the overheads on the iPhone and even for the web service make for a poor user experience. Any solutions at all would be most welcome? Thanks

    Read the article

  • which of these modes : cbc,cfb,ctr,ecb,ncfb,nofb,ofb,stream are secure and which are absolute no-no

    - by user393087
    By security I mean that encoded string is indistinguishable from random noise and is different on every encryption of the same text so it is impossible to make a guess on encryption algorithm used or do any dictionary attack on the encoded text. Second: output string length does not correspond to the input string length in easy way, so it is not possible of make guessing on that account. Third: it is possible to verify that the provided password is incorrect so the decoding function could return false instead of supposedly decoded random string.

    Read the article

  • Make a Method of the Business Layer secure. best practice / best pattern

    - by gsharp
    We are using ASP.NET with a lot of AJAX "Page Method" calls. The WebServices defined in the Page invokes methods from our BusinessLayer. To prevent hackers to call the Page Methods, we want to implement some security in the BusinessLayer. We are struggling with two different issues. First one: public List<Employees> GetAllEmployees() { // do stuff } This Method should be called by Authorized Users with the Role "HR". Second one: public Order GetMyOrder(int orderId) { // do sutff } This Method should only be called by the owner of the Order. I know it's easy to implement the security for each method like: public List<Employees> GetAllEmployees() { // check if the user is in Role HR } or public Order GetMyOrder(int orderId) { // check if the order.Owner = user } What I'm looking for is some pattern/best practice to implement this kind of security in a generic way (without coding the the if then else every time) I hope you get what i mean :-)

    Read the article

  • Make a Method of the Business Layer secure. best practice / best pattern [.net/c#]

    - by gsharp
    Hi We are using ASP.NET with a lot of AJAX "Page Method" calls. The WebServices defined in the Page invokes methods from our BusinessLayer. To prevent hackers to call the Page Methods, we want to implement some security in the BusinessLayer. We are struggling with two different issues. First one: public List<Employees> GetAllEmployees() { // do stuff } This Method should be called by Authorized Users with the Role "HR". Second one: public Order GetMyOrder(int orderId) { // do sutff } This Method should only be called by the owner of the Order. I know it's easy to implement the security for each method like: public List<Employees> GetAllEmployees() { // check if the user is in Role HR } or public Order GetMyOrder(int orderId) { // check if the order.Owner = user } What I'm looking for is some pattern/best practice to implement this kind of security in a generic way (without coding the the if then else every time) I hope you get what i mean :-) Thanks for you help.

    Read the article

  • What is SSL Certificates and How Does It Work

    SSL is an acronym for Secure Sockets Layer. The Secure Sockets Layer is a basically a web security protocol that is developed to establish a secure connection between web server and a browser. SSL is... [Author: Jack Melde - Computers and Internet - May 01, 2010]

    Read the article

  • WYSIWYG-editor with "add custom html feature" and secure (validated) html output?

    - by Tom
    I've been looking into some of the WYSIWYG editors (TinyMCE, FCKEditor, etc.) and they all seem to offer a lot of options. However, one vital feature that seems to lack is a simple "add custom html" option which would allow the user to input any of these embed-snippets you find all around the web these days, for example a youtube video. This is different than a "edit html/source" feature as that requires actual knowledge of html and there is the risk of the user writing invalid code. Another issue that I couldn't find much about is the output html. How would I make sure that this output causes no security invulnerabilities? Even when the user has the ability to add his own html? So, basically, is there an open source WYSIWYG editor which covers these 2 features?

    Read the article

  • Alternatives to sql like databases

    - by user613326
    Well i was wondering these days computers usually have 2GB or 4GB memory I like to use some secure client server model, and well an sql database is likely candidate. On the other hand i only have about 8000 records, who will not frequently be read or written in total they would consume less then 16 Megabyte. And it made me wonder what would be good secure options in a windows environment to store the data work with it multi-client single server model, without using SQL or mysql Would for well such a small amount of data maybe other ideas better ? Because i like to keep maintenance as simple as possible (no administrators would need to know sql maintenance, as they dont know databases in my target environment) Maybe storing in xml files or.. something else. Just wonder how others would go if ease of administration is the main goal. Oh and it should be secure to, the client server data must be a bit secure (maybe NTLM files shares https or...etc)

    Read the article

  • How to secure images to users logged in with Rails?

    - by NotDan
    I have a gallery in my rails app that needs to only allow certain images to be shown to specific logged in users. I am using Paperclip for image processing now, but it saves all images in a public folder available to anyone. Is it possible to only allow these images to be served to authenticated users?

    Read the article

  • What is the best way to secure a shared git repo for a small distributed team ?

    - by ashy_32bit
    We have a Scala project and we decided to use git. The problem is we are a very small distributed team and we want nobody outside of the team to have even the read only access to our git server (which has a valid IP and is world-accessible in the IP level). I have heard the git-daemon has no authentication mechanism by itself and you should somehow integrate it with ssh or something. What is the best (and easiest) way to make the git server respond only to authorized users ? Or perhaps git-daemon is not for this task ? I may add that I am looking for a simple and straightforward approach. I don't want to compete with github ;-)

    Read the article

  • Secure, simple php faq creating/editing script to base further development off of?

    - by Tchalvak
    I'm looking to build a simple site centered around a simple faq system in php. The faq concept is simple, but I want to have an administrative-access backend for editing and creating the entries, and securing a login seems more complex and time-consuming, so I'm looking for suggestions for code to start me off. Does anyone know of any open source php scripts or snippets that would work as base code for administrative login to some php scripts that could be used as a simple faq system? Or base code for both, the faq php code + web administrative access code?

    Read the article

  • How to get response from secure site (https) using curl in php?

    - by Chirag
    Hi, i have used below code for reading the response from HTTTPS secured site using curl but it shows an error like 'Page can't be displayed" curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true); curl_setopt($ch, CURLOPT_URL, $gatewayURI); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($ch, CURLOPT_POST, 1); curl_setopt ($curl_ch, CURLOPT_CAINFO, dirname(__FILE__)."/tempcert.pem"); any help??

    Read the article

  • Can a python view template be made to be 'safe/secure' if I make it user editable?

    - by Blankman
    Say I need to have a templating system where a user can edit it online using an online editor. So they can put if tags, looping tags etc., but ONLY for specific objects that I want to inject into the template. Can this be made to be safe from security issues? i.e. them somehow outputing sql connection string information or scripting things outside of the allowable tags and injected objects.

    Read the article

  • How to deploy and secure an ASP.NET web app to be available to internal and outside users?

    - by Swoop
    My company has several web applications written in ASP.NET. We need to make these applications available to Intranet users as well as authenticated external users. Most of the features are the same for the two groups, though there are some extra features available to the Internal users. The two different sets of users would use a slightly different security setup... our internal people will be authenticated using LDAP against Exchange, whereas the external users will have accounts in SQL Server. What is the best approach for deploying our web apps? Should we deploy 2 copies to different servers, one configured for an Intranet and one for outside users? Or is there a better way to share the code between the 2 servers, yet have the flexibility to use different web.config settings for security??

    Read the article

  • Secure to store an ID in an ASP.NET control ID?

    - by Curtis White
    I'm auto-generating a form in my ASP.NET page. This is already tested and working. I want to know if: If there are any security problems with storing the database ID as part of my controls ID? I can see think of 2 issues: the id will be visible in page source (not really important in this case), and the possibility someone could change the name of the control somehow? This second possibility is more serious. Is this a potential problem and how to void it? If there would be a better preferred way to associate a unique data with any type of control? Is it possible to store a custom item in the viewstate for the control?

    Read the article

  • Is it more secure to run a desktop app in a applet?

    - by Tom Brito
    Fist of all, when I say "run a desktop app in a applet" I mean do a Applet application that runs off-line, instead of a Desktop application that runs inside a JFrame. The little I know about applets (and maybe something I say is wrong, please correct me) is that applets have all permitions not granted by default. Also, the applets run inside a Sandbox, that does not allow information in or out without explicity permition. So, if I am focused on security in my application, its best to run it inside an applet (off-line, for a desktop application) then inside a JFrame. Is it right?

    Read the article

  • nginx subdomains improperly act like wildcard?

    - by binjured
    I have an odd problem with nginx subdomains. First, my configuration: server { listen 443 ssl; server_name secure.example.com; ssl_certificate example.crt; ssl_certificate_key example.key; keepalive_timeout 70; location / { fastcgi_pass 127.0.0.1:8000; ... } } server { listen 80; server_name example.com www.example.com; location / { fastcgi_pass 127.0.0.1:8000; ... } } The idea being that I have a secure domain, secure.example.com and a normal domain, example.com. In practice, I can go to https://example.com and http://secure.example.com. I worked around the second issue with an intermediary server: server { listen 80; server_name secure.example.com; rewrite ^(.*) https://secure.example.com$1 permanent; } But this is not an optimal solution and I'd have to create another one to redirect https on the tld to the subdomain. I feel like I must be doing something wrong if I need multiple servers like that. Why does https://example.com work when there is no server listening on 443 there? Shouldn't it just fail to connect? I'm rather confused.

    Read the article

  • How should I set up protection for the database against sql injection when all the php scripts are flawed?

    - by Tchalvak
    I've inherited a php web app that is very insecure, with a history of sql injection. I can't fix the scripts immediately, I rather need them to be running to have the website running, and there are too many php scripts to deal with from the php end first. I do, however, have full control over the server and the software on the server, including full control over the mysql database and it's users. Let's estimate it at something like 300 scripts overall, 40 semi-private scripts, and 20 private/secure scripts. So my question is how best to go about securing the data, with the implicit assumption that sql injection from the php side (e.g. somewhere in that list of 300 scripts) is inevitable? My first-draft plan is to create multiple tiers of different permissioned users in the mysql database. In this way I can secure the data & scripts in most need of securing first ("private/secure" category), then the second tier of database tables & scripts ("semi-private"), and finally deal with the security of the rest of the php app overall (with the result of finally securing the database tables that essentially deal with "public" information, e.g. stuff that even just viewing the homepage requires). So, 3 database users (public, semi-private, and secure), with a different user connecting for each of three different groups of scripts (the secure scripts, the semi-private scripts, and the public scripts). In this way, I can prevent all access to "secure" from "public" or from "semi-private", and to "semi-private" from "public". Are there other alternatives that I should look into? If a tiered access system is the way to go, what approaches are best?

    Read the article

< Previous Page | 26 27 28 29 30 31 32 33 34 35 36 37  | Next Page >