Search Results

Search found 15350 results on 614 pages for 'integrated security'.

Page 34/614 | < Previous Page | 30 31 32 33 34 35 36 37 38 39 40 41  | Next Page >

  • WCF security when it is used with sync services

    - by malik
    I am using following architecture for sync process. http://www.codeproject.com/KB/smart/sync_services.aspx And for server i use WCF service, can anybody guide me how can i secure my wcf service without using certificate that is hosted on IIS. Can i get a way to pass credential or some token to authenticate? I need to authenticate and encrypt the communication, when syncagent call synchronise method.

    Read the article

  • firefox addon security question

    - by rep_movsd
    I'm writing a firefox extension that logs some data and displays the result on a webpage... The webpage fires an event that the extension listens for and the extension can then add data to the page and fire an event back to the page to make it update itself. How do I ensure that the extension always sends data only to my page and not some other? Thanks V

    Read the article

  • Server Security

    - by mahatmanich
    I want to run my own root server (directly accessible from the web without a hardware firewall) with debian lenny, apache2, php5, mysql, postfix MTA, sftp (based on ssh) and maybe dns server. What measures/software would you recomend, and why, to secure this server down and minimalize the attack vector? Webapplications aside ... This is what I have so far: iptables (for gen. packet filtering) fail2ban (brute force attack defense) ssh (chang default, port disable root access) modsecurity - is really clumsy and a pain (any alternative here?) ?Sudo why should I use it? what is the advantage to normal user handling thinking about greensql for mysql www.greensql.net is tripwire worth looking at? snort? What am I missing? What is hot and what is not? Best practices? I like "KISS" - Keep it simple secure, I know it would be nice! Thanks in advance ...

    Read the article

  • Salt, passwords and security

    - by Jonathan
    I've read through many of the questions on SO about this, but many answers contradict each other or I don't understand. You should always store a password as a hash, never as plain text. But should you store the salt (unique for each user) next to the hashed password+salt in the database. This doesn't seem very clever to me as couldn't someone gain access to the database, look for says the account called Admin or whatever and then work out the password from that?

    Read the article

  • .net 4.0 with Code Access Security NetFx40_LegacySecurityPolicy won't work

    - by user210903
    Hi- I'm trying to use an external library DevExpress.XtraTreeList.v8.1.dll in my vsto office addin built using VS2010 beta 2. I am getting the following compile time error: DevExpress.Utils.AppareanceObject threw an exception -- System.NotSupportedException. The error message goes on to say that for compatibility reasons I can use the NetFx40_LegacySecurityPolicy switch. I've tried putting this config variable in all of the following locations: 1) my applications config file. 2) C:\Windows\Microsoft.NET\Framework\v4.0.21006\msbuild.exe.config 3) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\dev.exe.config None of these have resolved the problem. Here were the references I've used. re-enable cas msdn.microsoft.com/en-us/library/ee191568(VS.100).aspx How do I get rid of this error so I can build the application in vs 2010?

    Read the article

  • Spring Security 3.0 and Active Directory LDAP: DOMAIN\user login

    - by Bernd Haug
    I would like to have users authenticate against an ActiveDirectory LDAP server using the DOMAIN\user.name syntax. I think that should be possible with SpringSec 3.0 since the docs mention an "alternative syntax" which I guess refers to the DOM\user syntax instead of a bind DN, but the docs don't elaborate further. Is there some way to configure Spring Sec 3 LDAP to use "the MS way" or do I have to write my own Authenticator implementation (against e.g. the java.naming.directory package, which I've tested to be able to use the MS syntax as its SECURITY_PRINCIPAL)?

    Read the article

  • PageMethods security

    - by TenaciousImpy
    Hi, I'm trying to 'AJAX-ify' my site in order to improve the UI experience. In terms of performance, I'm also trying to get rid of the UpdatePanel. I've come across a great article over at Encosia showing a way of posting using PageMethods. My question is, how secure are page methods in a production environment? Being public, can anyone create a JSON script to POST directly to the server, or are there cross-domain checks taking place? My PageMethods would also write the data into the database (after filtering). I'm using Forms Authentication in my pages and, on page load, it redirects unauthenticated users to the login page. Would the Page Methods on this page also need to check authentication if the user POSTs directly to the method, or is that authentication inherited for the entire page? (Essentially, does the entire page cycle occur even if a user has managed to post only to the PageMethod)? Thanks

    Read the article

  • firefox extension security issue

    - by rep_movsd
    I'm writing a firefox addon that logs certain user activity and displays some statistics on a webpage. When the page is opened, the page sends an event to the addon. The addon adds data to the page and sends an event back, and the page refreshes the statistics. Now how do I ensure that the extension only puts the (sensitive) data on the right page and not some other malicious one? Thanks V

    Read the article

  • Python: Dennis Nedry - Security

    - by Peter Nielsen
    Has anyone seen Jurrassic Park where Dennis Nedry has protected the system with an animation that says 'You didn't say the magic word' where after the system goes down. Is it possible to do something similar ikn Python ? To describe it less humoristic: A response screen which waits for a condition fulfilled by the user. And encrypts and locks the system after a certain time. Is that possible on a linux system by the use of Python ?

    Read the article

  • Good Guide For Web App Security?

    - by QAH
    Hello! I am pretty good on making web applications and I know how to transfer data to and from client/server, etc. I need some help though learning how to make the data exchanges more secure. That is the reason why I feel kind of scared to publish any web app I make. I wanted to know what are some good guides to help you understand and learn how to secure data transfer with your web application? Things like better authentication for example and making better logins. You can post any suggestion, but just for your information, I mainly code my web apps with Javascript and PHP. Also, I transfer my data using JSON or XML. Thanks a lot

    Read the article

  • Security for ASP.NET application running on intranet / VPN

    - by Ryan
    Hi, I have an ASP.NET app that sits on our intranet, using the WindowsIdentity to identify the user: WindowsIdentity wi = HttpContext.Current.User.Identity as WindowsIdentity; if (wi == null || wi.Name == null) { noAccess("No WindowsIdentity"); return; } string username = wi.Name; if (username.Contains("\\")) username = username.Substring(username.LastIndexOf("\\") + 1); This works fine on our Intranet. However, when users from other offices (separate network, with firewall open) they get a password request input box. Why are they getting the password dialogue? What is the recommended way identify users of the app? I want to avoid using password, but windows identities. Anyone attempting to access the application is inside a trusted network. Thanks a lot for any help Ryan

    Read the article

  • Locking down RAD Studio internal browser security.

    - by HMcG
    I use Firefox as my web browser, mostly for access to add-ins such as Flashblock and No-script. I noticed yesterday that the RAD Studio internal browser used for the Welcome Page etc has scripting and Active X etc enabled. Is there a way to disable scripting, or better still, block all access to non-local sources in the built-in browser?

    Read the article

  • Quick question about PayPal IPN Security

    - by Alix Axel
    PayPal IPN sends a POST request with a variable number of fields to the notify URL, in order to confirm that the POST request is legit we need to resubmit the same request along with a additional cmd=_notify-validate field to PayPal, which then replies SUCCESS or FAILURE. My question is, why do we need to resend the request to PayPal? Wouldn't something like this work? if (preg_match('~^(?:.+[.])?paypal[.]com$~i', gethostbyaddr($_SERVER['REQUEST_ADDR'])) > 0) { // request came from PayPal, it's legit. } Iff we can trust the server to correctly resolve IPs, I assume we can trust PayPal POST requests, no?

    Read the article

  • Thoughts on security model to store credit card details

    - by Faisal Abid
    Here is the model we are using to store the CC details how secure does this look? All our information is encrypted using public key encryption and the keypair is user dependent (its generated on the server and the private key is symmetric encrypted using the users password which is also Hashed on the database) So basically on first run the user sends in his password via a SSL connection and the password is used with the addition of salt to generate an MD5 hash, also the password is used to encrypt the private key and the private key is stored on the server. When the user wants to make a payment, he sends his password. The password decrypts the private key, and the private key decrypts the CC details and the CC details are charged.

    Read the article

  • Asp.net Security: IIdentity.IsAuthenticated default implementation.

    - by Pickels
    Hello Stackoverflowers, I am writing my own custom Identity class which implements IIdentity. I don't need to change the default method IsAuthenticated but so now I was wondering how does the default IIdentity determines if it should return true or false? I thought to find the answer in the FormsAuthenticationTicket I am using but not sure if that is correct. Thanks in advance, Pickels

    Read the article

  • Spring Security: Authentication returns null

    - by Mike
    Hi! I implemented FilterInvocationSecurityMetadataSource. in getAttribute, i am trying to extract the Authentication object to achieve the user and get his allowed views from the database:Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); but the authentication is null! why? how can i achieve it?

    Read the article

  • database security with php page that spits out XML

    - by Rees
    Hello, I just created a PHP page that spits outs some data from my database in an XML format. This data is fetched from a flex application I made. I had spent a long time formatting my tables and database information and do not want anyone to be able to simply type www.mysite.com/page_that_spits_out_XML.php and steal my data. However, at the same time I need to be able to access this page from my flex application. Is there a way I can prevent other people from doing this? Thank you!

    Read the article

  • HTML5 Web DB Security

    - by darrenc
    Hi all! I'm looking into an offline web app solution using HTML5. The functionality is everything I need BUT the data stored can be directly queried right in the browser and therefore completely unsecure! Is there anyway to encrypt/hide so that the data is secure? Thanks, D.

    Read the article

  • Running Activex control and Maintaining security

    - by Shyju
    Hi Techies, In my a web application, I have a part to invoke an activex control .The Activex control is available in all the client PCs who are accessing my web application from web server. But When trying to run this ActiveX control from the browser in client machine (using Wshell), It was not getting invoked since "Run Activex Controls and Pluggins" are disabled in my browser. So I changed the browser settings to enable mode and Then the Activex control gave me the expected output. I afraid that this change in browser settings would allow any other website to harm my system. How could I get rid of this problem? Any thoughts? Thanks in advance

    Read the article

  • WPF Skin Skinning Security Concerns

    - by Erik Philips
    I'm really new to the WPF in the .Net Framework (get that out of the way). I'm writing an application where the interface is very customizable by simply loading .xaml (at the moment a Page element) files into a frame and then mapping the controls via names as needed. The idea is to have a community of people who are interested in making skins, skin my application however they want (much like Winamp). Now the question arises, due to my lack of Xaml knowledge, is it possible to create malicious Xaml pages that when downloaded and used could have other embedded Iframes or other elements that could have embed html or call remote webpages with malicious content? I believe this could be the case. If this is the case then I two options; either I have an automated process that can remove these types of Xaml files by checking it’s elements prior to allowing download (which I would assume would be most difficult) or have a human review them prior to download. Are there alternatives I’m unaware of that could make this whole process a lot easier?

    Read the article

  • silverlight security with WCF service, Forms Authentication and Custom Form Ticket

    - by user74825
    I have a silverlight application with login on the silverlight page. It uses Forms Authentication with WCF authentication service and customer Membership Provider. Something like : http://blogs.msdn.com/phaniraj/archive/2009/09/10/using-the-ado-net-data-services-silverlight-client-library-in-x-domain-and-out-of-browser-scenarios-ii-forms-authentication.aspx So, SL page login page calls the WCF service authentication service, it validates using DB - brings back username and password. Now, in each subsequent calls (in Global.asax in Authenticate_Request, I get HttpContext.User.IsAuthenticated and HttpContext.User.UserName). I have all this working properly. But, I just don't want the username, but more information surrounding the user, like UserId, UserAddress, UserAssociateCustomer etc. I tried couple of different approaches. 1) Use HttpContext.Cache as a dictionary to save the item and get it off based on httpcontext.user.name, problem is cache can be erased if there memory is being used heavily. 2) Tried CustomFormsAuth Ticket, when forms authentication writes a ticket, I intercept CreatingCookie method and write additional info in formauthentication ticket, so that I can read it in subsequent requests, I am having problems with this approach, I don't find the ticket in subsequent requests. I read about how we should use REsponse.Redirect, but where do I redirect user from WCF call. How do you guys implement the above scenario? Any best practices.? Any issues you see with going on HTTPS? All examples (or most of them) just explains simple forms authentication with "I am logged in message".. Any suggestions ?

    Read the article

  • jQuery - ASPX Security libraries

    - by Jean Paul
    Hello. I would like to know if there's a combo like jCryption ([jCryption]) - PHP but for jQuery - ASPX. I mean, I have been searching for a combo to send data both ways (Client-server, server-client) with jQuery to ASPX. The best I found was jCryption that sends data from JavaScrpit to PHP. I need a combo to send data from JavaScrpit to ASPX. Any ideas?? PD: Please don't tell me to use HTTPS, it's not enough to ensure the data communication on a client - server application.

    Read the article

< Previous Page | 30 31 32 33 34 35 36 37 38 39 40 41  | Next Page >