Search Results

Search found 1424 results on 57 pages for 'protect'.

Page 36/57 | < Previous Page | 32 33 34 35 36 37 38 39 40 41 42 43 | Next Page >

Windows and system processes

- by jemper

Note: I've asked this question in a similiar format on superuser but it seems like it may fit here on SO better. It definitely also is about programming as it concerns parts of the Win32 API, Windows in general and process management. So there are these processes that can't be terminated with taskkill - system processes in general. But there also is, for example my Anti Virus program that makes itself "unterminateable". How can I access and mainly terminate system processes under windows? (kill.exe by Microsoft doesn't work) How do processes like anti-virus programs protect themselves? How can you turn them off again, then?

Read the article
How are SaaS applications organized?

- by tomekw

Consider web (MVC, for example Rails) application for multiple clients as a service. How to design this? one application instance per client? (+ one database per client) one instance for all clients (+ one database for all clients) Former one is simple, but... "inefficient". How about the latter? (best practises, design patterns) How to separate client data? For example: worker "A" of client "1" has two documents, worker "B" of client "2" has three documents. How to build model associations to protect other users (and clients) data? I think joining every query with Client model is not a good solution.

Read the article
Accessing protected REST endpoint with JQuery

- by Andy

I have a site where members login to their account (FormsAuth). I would like to set up a RESTful service that I can access using jQuery. I would like to protect these services using the same FormsAuth. How would a third-party site be able to access these services? They would need to pass in the Principal/Identity to the service, right? I've only seen examples of Basic Authentication (which Twitter uses and jQuery supports). I'm very new to WCT/REST, so not sure how this should be done.

Read the article
Building two executables in one project

- by Rui Pacheco

Hi, I've a project that must produce two executables: the main application and an executable that is called by a separate process. I've created the second file in Xcode and added a second target of type Cocoa Shell Tool. I can now build the second executable but when I try to build my project normally I get an error saying there's two executables present: ld: duplicate symbol _main in <path>/SecondExecutable.o and <path>/main.o (<path> was added by me to protect the innocent and their intelectual property). How can I configure Xcode to build both at the same time?

Read the article
Prevent SQL injection from form-generated SQL.

- by Markos Fragkakis

Hi all, I have a search table where user will be able to filter results with a filter of the type: Field [Name], Value [John], Remove Rule Field [Surname], Value [Blake], Remove Rule Field [Has Children], Value [Yes], Remove Rule Add Rule So the user will be able to set an arbitrary set of filters, which will result essentially in a completely dynamic WHERE clause. In the future I will also have to implement more complicated logical expressions, like Where (name=John OR name=Nick) AND (surname=Blake OR surname=Bourne), Of all 10 fields the user may or may not filter by, I don't know how many and which filters the user will set. So, I cannot use a prepared statement (which assumes that at least we know the fields in the WHERE clause). This is why prepared statements are unfortunately out of the question, I have to do it with plain old, generated SQL. What measures can I take to protect the application from SQL Injection (REGEX-wise or any other way)?

Read the article
Error while creating a table style in excel

- by Rashmi Pandit

Hi, I am using the following function to create a TableStyle: Public Function CreateTableStyle() ActiveWorkbook.Unprotect Dim objTS As TableStyle On Error Resume Next Set objTS = ActiveWorkbook.TableStyles("MyTableStyle") On Error GoTo err_CreateTableStyle If Not objTS Is Nothing Then Exit Function End If Set objTS = ActiveWorkbook.TableStyles.Add("MyTableStyle") With ActiveWorkbook.TableStyles("MyTableStyle") .ShowAsAvailablePivotTableStyle = True .ShowAsAvailableTableStyle = False End With With ActiveWorkbook.TableStyles("MyTableStyle").TableStyleElements( _ xlHeaderRow).Font .FontStyle = "Bold" .TintAndShade = 0 .ThemeColor = xlThemeColorDark1 End With With ActiveWorkbook.TableStyles("MyTableStyle").TableStyleElements( _ xlHeaderRow).Interior .ThemeColor = xlThemeColorLight2 .TintAndShade = -0.249946592608417 End With With ActiveWorkbook.TableStyles("MyTableStyle").TableStyleElements( _ xlTotalRow).Font .FontStyle = "Bold" .TintAndShade = 0 .ThemeColor = xlThemeColorDark1 End With With ActiveWorkbook.TableStyles("MyTableStyle").TableStyleElements( _ xlTotalRow).Interior .ThemeColor = xlThemeColorLight2 .TintAndShade = -0.249946592608417 End With ActiveWorkbook.TableStyles("MyTableStyle").TableStyleElements( _ xlSubtotalRow1).Font.FontStyle = "Bold" With ActiveWorkbook.TableStyles("MyTableStyle").TableStyleElements( _ xlSubtotalRow1).Interior .Color = 16764828 .TintAndShade = 0 End With ActiveWorkbook.TableStyles("MyTableStyle").TableStyleElements( _ xlSubtotalRow2).Font.FontStyle = "Bold" With ActiveWorkbook.TableStyles("MyTableStyle").TableStyleElements( _ xlSubtotalRow2).Interior .Color = 16777164 .TintAndShade = 0 End With ActiveWorkbook.Protect Exit Function err_CreateTableStyle: Call Common.ErrRaise(Erl, "Common", "CreateTableStyle", "CreateTableStyle") End Function At the line below: With ActiveWorkbook.TableStyles("MyTableStyle").TableStyleElements( _ xlHeaderRow).Font .FontStyle = "Bold" I am getting an error: Run-time error '1004' Unable to set the FontStyle property of the Font class. Can someone please identify the issue? I am not able to figure why it is not letting me set the property.

Read the article
Force VSProps settings to override project settings

- by Steve

I have a vsprops file that defines the optimizations all of our projects should be built with for Visual Studio 2008. If I set the properties for the project to "inherit from parent of project defaults" it works, and fills them in the vcproj file. However, this doesn't protect me from a developer checking in a project file that changes the optimizations. In this case, the project settings are used over the vsprops settings. I need to make it so that vsprops always takes precedence over what is in the vcproj file. Is this possible? Other workarounds are also welcome.

Read the article
How to secure authorization of methods

- by Kurresmack

I am building a web site in C# using MVC.Net How can I secure that no unauthorized persons can access my methods? What I mean is that I want to make sure that only admins can create articles on my page. If I put this logic in the method actually adding this to the database, wouldn't I have business logic in my data layer? Is it a good practise to have a seperate security layer that is always in between of the data layer and the business layer to make? The problem is that if I protect at a higher level I will have to have checks on many places and it is more likely that I miss one place and users can bypass security. Thanks!

Read the article
Web.config encryption/decryption

- by Akshay

In my applications we.config file I have a connection string stored. I encrypted it using '---open the web.config file Dim config As Configuration = _ ConfigurationManager.OpenWebConfiguration( _ Request.ApplicationPath) '---indicate the section to protect Dim section As ConfigurationSection = _ config.Sections("connectionStrings") '---specify the protection provider section.SectionInformation.ProtectSection(protectionProvider) '---Apple the protection and update config.Save() Now I can decrypt it using the code Dim config As Configuration = _ ConfigurationManager.OpenWebConfiguration( _ Request.ApplicationPath) Dim section As ConfigurationSection = _ config.Sections("connectionStrings") section.SectionInformation.UnProtectSection() config.Save() I want to know where is the key stored. Also If somehow my web.config file is stolen, will it be possible for him/her to decrypt it using thhe code above.

Read the article
MSI File/Registry failures to Windows Server 2008/Windows 7

- by Luca

I'm trying to deploy an application on Windows Server 2008 (SP2 x64) and Windows 7 (x64), using VS2005 Installer Project. The MSI version (I think) it the 2.0. Everything works fine, except that some registry keys and some files are not copied on the install machine. The MSI system doesn't notify about nothing (and I don't know whether MSI logs its operations). Are there incompatibilities between my MSI installer project and these new OSes? It seems to me that the OS protect itself for being modified in some part. For example, I'm trying to set the registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\WinLogon\SpecialAccounts\UserList\User but it is not created. In the same installer there are many other keys, which are created like expected (as they always did before on Windows XP and Windows Server 2003). What's going on?

Read the article
PHP urlencode() tacking on ?SID=xxx ... Why?

- by retailevolved

I am trying to output a simple link. This works great: $url = 'http://www.google.com'; echo $url; This doesn't work great: $url = 'http://www.google.com'; echo urlencode($url); The second example tacks on "?SID=xxx" to the end of the URL for some reason. How do I prevent this from happening? Note: The code to generate the URL has been changed to protect the innocent.

Read the article
Help setup my .git/config file for Heroku AND my Unfuddle Account

- by 05WRXSTi

Ok, I have three different computers that I work from and right now their configurations are all different so I have to push/pull a certain on each and its very bothersome. What I want to do is have ONE config file that I can use for all three that will allow me to do the following: git push unfuddle git pull heroku git push unfuddle git pull heroku And I'm new to git, so I know that maybe I need heroku master or 'heroku origin` or somethign? Here is what my config file looks like right now: [core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] fetch = +refs/heads/*:refs/remotes/origin/* url = [email protected]:HEROKU-APP.git [branch "master"] remote = origin merge = refs/heads/master [remote "unfuddle"] fetch = +refs/heads/*:refs/remotes/origin/* url = [email protected]:UNFUDDLE-APP/UNFUDDLE-APP.git obviously the git urls were changed to protect the innocent. What should I change so that I can easily push and pull to/from both of these repos? Thanks!

Read the article
Prevent query string manipulation by adding a hash?

- by saille

To protect a web application from query string manipulation, I was considering adding a query string parameter to every url which stores a SHA1 hash of all the other query string parameters & values, then validating against the hash on every request. Does this method provide strong protection against user manipulation of query string values? Are there any other downsides/side-effects to doing this? I am not particularly concerned about the 'ugly' urls for this private web application. Url's will still be 'bookmarkable' as the hash will always be the same for the same query string arguments. This is an ASP.NET application.

Read the article
Admin section in CakePHP

- by Nicklas Ansman

I'm having a hard time understanding how the CakePHP admin system works. Should all controllers who has an action which requires login include AuthComponent or just the one who handles the login/logout? Let's say I want to protect the add action of a controller. First I create admin_add() in the controller and then in the beforeFilter() method I check if $this->Session->check('Auth.User') is set a redirect based on this? Turns out it was better to just controll this with $this->Auth->allow() What is the easiest way to return to the URL the user was trying to access? Is there a better way than setting a session variable? Turns out it does this automagically :) If someone has a good tutorial for this I would happily read it :) I've already read this tutorial but I found it to be a little to basic and the CakePHP-docs are not that great on this topic either.

Read the article
Important Security Issue: Is it possible to put binary image data into html markup code and then get

- by Joern Akkermann

Hi, it's an important security issue and I'm sure this should be possible. A simple example: You run a community portal. Users are registered and upload their pictures. Your application gives security rules wenever a picture is allowed to be displayed. For example users must be friends on each sides by the system, in order that you can view someone elses uploaded pictures. Here comes the problem: it is possible that someone crawls the image directories of your server. But you want to protect your users from such attacks. If it's possible to put the binary data of an image directly into the html markup, you can restrict the user access of your image dirs the user and group your web application runs of and pass the image data to your apache user and group directly in the html. The only possible weakness then is the password of the user that your web app runs as. Is there already a possibility? Yours, Joern.

Read the article
Are there any differences between MSSQL and MySQL when it comes to preventing SQL injection?

- by Derek Adair

I am used to developing in PHP/MySQL and have no experience developing with MSSQL. I've skimmed over the PHP MSSQL documentation and it looks similar to MySQLi in some of the methods I read about. For example, with MySQL I utilize the function mysql_real_excape_string(). Is there a similar function with PHP/MSSQL? What steps do I need to take in order to protect against SQL injection with MSSQL? What are the differences between MSSQL and MySQL pertaining to SQL injection prevention?

Read the article
Watin File Download Problem

- by EmrahIlker

When I clicked button with mouse, File Download Dialog opens directly. But when Watin Button Click methods click the vert same button on same ie window this message appears and wait my confirm To help protect your security, Internet Explorer blocked this site from downloading files to your computer. Click here for options. I turned off the Information bar for file downloads,(Internet Options-Security-Custom Level-Downloads-Automatic prompting for file downloads--Enable),allow active x content, lower security level for internet etc.. but didn't work. I'm using Win 7, IE8.

Read the article
Open source political campaign management software?

- by carolclarinet

Does anyone know of any active open source projects working on political campaign management software? I looked on sourceforge but didn't see anything relevant from the queries "political", "politics", "donations", "campaign", or in the categories "accounting", "politics" or "voting". I'm involved with a political campaign that is currently paying out the nose for some horribly designed SaaS (whose Name i Guess i should Protect, ahem) to basically just keep track of donations people have made now, donations people have made in the past, donations people have pledged to make, contact information, the way they will likely vote, etc. It's a bit much to manage in spreadsheets, but doesn't seem like it's something complex enough that political campaigns should have to pay for (especially low-budget local ones). I'd love to help out if such a project exists, or start/revive one if it doesn't. Any hints, places to look, etc are much appreciated.

Read the article
Is it possible to put binary image data into html markup and then get the image displayed as usual i

- by Joern Akkermann

It's an important security issue and I'm sure this should be possible. A simple example: You run a community portal. Users are registered and upload their pictures. Your application gives security rules whenever a picture is allowed to be displayed. For example users must be friends on each sides by the system, in order that you can view someone else's uploaded pictures. Here comes the problem: it is possible that someone crawls the image directories of your server. But you want to protect your users from such attacks. If it's possible to put the binary data of an image directly into the HTML markup, you can restrict the user access of your image dirs the user and group your web application runs of and pass the image data to your Apache user and group directly in the HTML. The only possible weakness then is the password of the user that your web app runs as. Is there already a possibility?

Read the article
is that possible to crack Private key with Decrypted message and public key?

- by matt clarck

for example company B send an encrypted email with company A's public key (RSA/PGP/SSH/openSSL/...) the employer receive the encrypted email and send it to his boss who have the private key to decrypt message. the boss give decrypted email back to employer to work on it. question is can employer compare encrypted email with decrypted version and find out what is private key ? if it is possible then is there anyway to protect cracking private key from decrypted messages and comparing with encrypted messages/public key ?

Read the article
How to lock non-browser clients from submitting a request?

- by Thomas Kohl

I want to block non-browser clients from accessing certain pages / successfully making a request. The website content is served to authenticated users. What happens is that our user gives his credentials to our website to 3rd party - it can be another website or a mobile application - that performs requests on his behalf. Say there is a form that the user fills out and sends a message. Can I protect this form so that the server processing the submission can tell whether the user has submitted it directly from the browser or not? I don't want to use CAPTCHA for usability reasons. Can I do it with some javascript?

Read the article
Postback problem downloading zip file

- by Chris Conway

I've got a problem on a webforms application where a user selects some criteria from dropdowns on the page and hits a button on the page which calls this method: protected void btnSearch_Click(object sender, EventArgs e) They then click on button to download a zip file based on the criteria which calls this method: protected void btnDownload_Click(object sender, EventArgs e) In IE, they are prompted with the bar at the top of the browser that tells them "To help protect your security, Internet Explorer blocked this site from downloading files to your computer". When they click on that bar to download the file, it fires the btnSearch_Click event again. Response.ContentType and Response.AddHeader has been set up correctly. The problem is, that btnSearch appends criteria so basically it is being appended twice and causing problems. Is there something I can do to prevent this? This is a vs2008 web app using c# 3.5 for what it's worth. Thanks!

Read the article
min.js to clear source

- by dole

Hi there As far i know until now, the min version of a .js(javascript) file is obtaining by removing the unncessary blank spaces and comments, in order to reduce the file size. My questions are: How can I convert a min.js file into a clear, easy readable .js file Besides, size(&and speed) are there any other advtages of the min.js file. the js files can be encripted? can js be infected. I think the answer is yes, so the question is how to protect the .js files from infections? Only the first question is most important and I'm looking for help on it. TY

Read the article
Prevent Method call without Exception using @PreAuthorize Annotation

- by Chepech

Hi all. We are using Spring Security 3. We have a custom implementation of PermissionEvaluator that has this complex algorithm to grant or deny access at method level on the application. To do that we add a @PreAuthorize annotation to the method we want to protect (obviously). Everything is fine on that. However the behavior that we are looking for is that if a hasPermission call is denied, the protected method call only needs to be skipped, instead we are getting a 403 error each time that happens. Any ideas how to prevent that? You can find a different explanation of the problem here; AccessDeniedException handling during methodSecurityInterception

Read the article
What are the internal limits to WCF

- by ligos

WCF has lots of limits imposed on it to protect against DoS attacks and other developer brainlessness. What are these limits? And how can they be overriden? Specifically, if I was to try to send a large number of messages in a short period of time to a variety of different clients, what are the internal WCF limits they may cause messages to be sent slowly. PS: this question is a much shorter version of my previous question that did not get much attention. EDIT I have answered the original question. The issue being my async calls were being turned into synchronous ones.

Read the article

< Previous Page | 32 33 34 35 36 37 38 39 40 41 42 43 | Next Page >