Search Results

Search found 30819 results on 1233 pages for 'software security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 337/1233 | < Previous Page | 333 334 335 336 337 338 339 340 341 342 343 344  | Next Page >

  • Should I sanitize EVERY form variable passed along?

    - by Camran
    I have a form with many fields... The action is set to a php page which queries mysql... Should I sanitize with mysql_real_escape_string every single variable? Or can I ignore sanitizing drop-lists and radios for instance? Also, besides mysql_real_escape_string, what else should I do to prevent attacks? Thanks

    Read the article

  • PHP hashing function not working properly

    - by Jordan Foreman
    So I read a quick PHP login system securing article, and was trying to sort of duplicate their hashing method, and during testing, am not getting the proper output. Here is my code: function decryptPassword($pw, $salt){ $hash = hash('sha256', $salt . hash('sha256', $pw)); return $hash; } function encryptPassword($pw){ $hash = hash('sha256', $pw); $salt = substr(md5(uniqid(rand(), true)), 0, 3); $hash = hash('sha265', $salt . $hash); return array( 'salt' => $salt, 'hash' => $hash ); } And here is my testing code: $pw = $_GET['pw']; $enc = encryptPassword($pw); $hash = $enc['hash']; $salt = $enc['salt']; echo 'Pass: ' . $pw . '<br />'; echo 'Hash: ' . $hash . '<br />'; echo 'Salt: ' . $salt . '<br />'; echo 'Decrypt: ' . decryptPassword($hash, $salt); Now, the output of this should be pretty obvious, but unfortunately, the $hash variable always comes out empty! I'm trying to figure out what the problem could be, and my only guess would be the second $hash assignment line in the encryptPassword(..) function. After a little testing, I've determined that the first assignment works smoothly, but the second does not. Any suggestions? Thanks SO!

    Read the article

  • How can I securely check if a username is already taken?

    - by Geo
    I have a form where someone can create a new user. I'd like to add some AJAX to check if a username is taken, as soon as the input field loses focus. I'm not really sure how to go about this, as this could pave the way to bruteforce attack, since you could check for any username and see whether or not it exists. Any suggestions?

    Read the article

  • How to handle 30k files in a project which requires them?

    - by Jeremiah
    Visual Studio 2010 RC - Silverlight Application We have a library of images that we need to have access to. They are given to us from a vendor (through an installer) and they are not in a database, they are files in a folder (a very large monster of a folder). We do not control when the images change, so the vendor needs to be able to override them individually. We get updates frequently enough from this vendor to state that these images change "randomly" and without our (programmer) knowledge. The problem: I don't want 30K images in SVN. Heck, I don't even want to imagine them in my Solution. However, our application requires them in order to run properly. So, our build/staging servers need access to these images (we have two build servers). The Question: How would you handle it when your application will not work as specified without access to each of 30k images and you don't control when those images change? I'm do not want to have a crazy large SVN repository. Because I don't know when any of these images change, I really don't want them in my solution (definitely do not want a large solution, either). I also don't want a bunch of manual steps to do every time these images change. Our mantra, up to this point, has always been, any developer could download from SVN, compile and run our app. These images are going to kill that mantra. I'm tempted to make a WCF service that will return images if they exist and a dummy image if they don't. This way all dev boxes will return a dummy image and our build/staging/production boxes will return real images (ones that actually have the vendor's image installer installed on). This has to be a solved problem. What have other people done to handle these types of problems? I'm open to suggestions.

    Read the article

  • include() Why should I not use it?

    - by aliov
    I am working through an older php mysql book written in 2003. The author uses the include() function to construct html pages by including header.inc, footer.inc, main.inc files, etc. Now I find out that this is not allowed in the default ini settings, (allow_url_include is set to Off) after I got many warnings from the server. I noticed also that you can use include without the parenthesis. I tried this and it works and I get no error messages or warnings. Are the two different? That is, is include() different from include ?

    Read the article

  • Password verification; Is this way of doing it safe?

    - by Camran
    I have a classifieds website, where everybody may put ads of their products. For each classified, the user has to enter a password (so that they can delete the classified whenever they wish). So basically, when somebody wants to delete a classified, they click on the classified, click on the delete button, and enter the pass. I use MySql as a database. I use this code basically: if ($pass==$row['poster_password']) where row[poster_password] is fetched from MySql... What do you think? Thanks

    Read the article

  • Hosting SQL at remote location?

    - by Syd
    Hey guys, My OSCommerce site includes a separately programmed feature for which I use SQL tables. I've decided to host its tables on a remote site offering free SQL accounts. I'd like to know if there could be any disadvantages to this approach. Thanks Syd

    Read the article

  • How do I validate that my the openid.op_endpoint when a request is completed.

    - by Sam Saffron
    I have an Open ID based authentication system on my site. Occasionally users will have an account registered under [email protected] and they will attempt to login using the google open id provider https://www.google.com/accounts/o8/id, in this case I would like to automatically associate the account and log them in. When the process is done I get a payload from somewhere claiming that openid.op_endpoint=https://www.google.com/accounts/o8/id. My question: Can I trust openid.op_endpoint to be correct? Can this be spoofed somehow by a malicious openid provider? For illustration, lets say someone types in http://evil.org as their openid provider, can I somehow end up getting a request back that claims openid.op_endpoint is google? Do I need to store extra information against the nonce to validate? The spec is kind of tricky to understand

    Read the article

  • External user domain in grails

    - by archer
    We're currently using Acegi 0.5.2 plugin for Grails 1.2.1. However, we're going to move our user management to external CRM. What would be the best way to link existing Person domain with external CRM entity?

    Read the article

  • How to create a desktop shortcut to a website with website logo as icon?

    - by Wbdvlpr
    Hi I need a solution which allows users to create a desktop shortcut to a website, preferably with website logo as shortcut icon. There are ways users can create shortcut such as drag drop favicon or right click create new shortcut etc. This works but also creates the shortcut with default IE icon on windows. I am trying to avoid this method for this icon and some other reasons. I thought of creating a website-title.URL file, and tell users to download and save file to their desktop, again this works but doesn't solve the icon problem as the website logo (.ico) has to be at local disk and at a pre-specified location [IconFile=path]. I was wondering if it is possible to create a some sort of installer or windows application which users can download from the website. Once its executed by user, it creates this .URL file on user desktop which have IconFile path pre-specified, and copy the website-logo.ico at path specified in .URL file etc. So my questions are - Is it possible to create such a solution? What programming languages can be used to achieve this? Can this installer/app be made to work on non-windows machines as well? From developments point of view how big project it is? if I have to hire a programmer to do this. Please let me know if you need more information. Thanks

    Read the article

  • Ensure that my C# desktop application is making requests to my ASP .NET MVC action?

    - by Mathias Lykkegaard Lorenzen
    I've seen questions that are almost identical to this one, except minor but important differences that I would like to get detailed. Let's say that I have a controller and an action method in MVC which therefore accepts requests on the following URL: http://example.com/api/myapimethod?data=some-data-here. This URL is then being called regularly by 1000 clients or more spread out in the public. The reason for this is crowdsourcing. The clients around the globe help feed a global cache on my server, which makes it faster for the rest of the clients to fetch the data. Now, if I'm sneaky (and I am), I can go into Fiddler, Ethereal, Wireshark or any other packet sniffing tool and figure out which requests the program is making. By figuring that out, I can also replicate them, and fill the service with false corrupted data. What is the best approach to ensuring that the data received in my ASP .NET MVC action method is actually from the desktop client application, and not some falsely generated data that the user invented? Since it is all based on crowdsourcing, would it be a good idea for my users to be able to "vote" if some data is falsified, and then let an automatic cleanup commence if there are enough votes? I do not have access to a tool like SmartAssembly, so unfortunately my .NET program is fully decompilable. I realize this might be impossible to accomplish in an error-proof manner, but I would like to know where my best chances are.

    Read the article

  • j_security_check to SSO in different module under Oracle App Server?

    - by thebearinboulder
    I have an existing j2ee application running on Oracle App Server. It is targeted towards paying customers so the content is secured and a SSO module properly intercepts all requests for secured content. Now the company is adding a unbranded public-facing module with a number of unsecured pages. At one point the user is expected to register for a free account and log in to proceed further. Think doctors adding a public-facing site with information for potential patients, or lawyers adding a public-facing site with information for potential clients. There's some information on the session and the usual approach would be to authenticate the user, persist the session information using the now-known user id, invalidate the existing session (to prevent certain types of attacks), the reload the session information before returning to the user. I can't just persist it under the session id since that's about to change. The glitch is that the existing application already has an SSO module and I get a 404 error every time I try to direct to j_security_check. I've tried that, /sso/j_security_check, even http://localhost/sso/j_security_check, all without success. I noticed that an earlier question said that tomcat requires access to a secured page before j_security_check is even visible. I don't know if that's the case with Oracle AS. Ideas? Or is the best approach to continue arguing that we have a different user base so it would be better to handle authentication in our own module anyway?

    Read the article

  • Cannot save Adobe Illustrations as .pdf files

    - by Parastar
    Hi, I use adobe Illustrator creative suite 3. Now there seems to be a problem. I can't save my Illustrations In the .pdf format, since this format seems to preserve the graphic quality this Is vitally Important to me. If I save the Graphic In .jpef /.gif or png there Is some serious loss of quality so I need to find out a way to get this sorted. when I try to save the graphic as pdf It says "An unknown error has occured" please can anyone help me out here? Thank you,

    Read the article

  • How secure is .htaccess protected pages

    - by Steven smethurst
    Are there any known flaws with htaccess protected pages? I know they are acceptable to brute force attacks as there is no limit to the amount of times someone can attempt to login. And a user can uploaded and execute a file on the server all bets are off... Anything other .htaccess flaws?

    Read the article

  • How to protect access to a url?

    - by ibiza
    I would need to create a php file that will do some work on my webserver and that will be called from a program on another server over the internet. Suppose the php file that will do the work is located at www.example.com/work.php What is the best way to protect unsollicited calls to the www.example.com/work.php? What I need is some mechanism so that when the intended program accesses the url (with some query string parameters), the work gets done, but if somebody type www.example.com/work.php in their browser, access will be denied and no work will be done. The way I've thought is to add some 'token' in the querystring that would be constructed by some algorithm from the calling program, a sample result could be to append to the url : ?key=randomKeyAtEachCall&token=SomeHexadecimalResultCalculatedFromTheKey and the key and token would be validated with a reverse algorithm on the php side. Is that safe, Are there any better idea?

    Read the article

  • Packaging Java apps for the Windows/Linux desktop.

    - by alexmcchessers
    I am writing an application in Java for the desktop using the Eclipse SWT library for GUI rendering. I think SWT helps Java get over the biggest hurdle for acceptance on the desktop: namely providing a Java application with a consistent, responsive interface that looks like that belonging to any other app on your desktop. However, I feel that packaging an application is still an issue. OS X natively provides an easy mechanism for wrapping Java apps in native application bundles, but producing an app for Windows/Linux that doesn't require the user to run an ugly batch file or click on a .jar is still a hassle. Possibly that's not such an issue on Linux, where the user is likely to be a little more tech-savvy, but on Windows I'd like to have a regular .exe for him/her to run. Has anyone had any experience with any of the .exe generation tools for Java that are out there? I've tried JSmooth but had various issues with it. Is there a better solution before I crack out Visual Studio and roll my own? Edit: I should perhaps mention that I am unable to spend a lot of money on a commercial solution.

    Read the article

  • Program visible to Linux as normal directory

    - by Xam
    I'm trying to write program to work as programmable directory, in other words: User, or other systems open that directory and read/write files or dirs. I try to create program to cache most used files in memory (less I/O to HDD), but right now I don't know how to achive that. There are probably some docs about this but I can't find them. I know that there is FUSE, NFS and others, but reading their source is quite difficult. If any one has info about implementation in C lang I'll be very grateful. Sorry for my English..

    Read the article

  • Exists a replacement for the command-line-tool CASPOL.exe?

    - by tantran
    When trying to execute a .NET-App, it throws a "PolicyException", because "only one group is allowed". The tool should list existing settings, and allow to delete selected settings. Using caspol to list is not helpful, it is cruel. I've seen there is a simple gui-frontend, which allows to define NEW settings, but it does not allow to list or delete existing settings. Caspol is a nightmare, no wonder anyone uses it by choice. With .NET 1.1 Microsoft delivered a configuration-utility, but for .NET 2.0 i've found nothing.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 333 334 335 336 337 338 339 340 341 342 343 344  | Next Page >