Search Results

Search found 18450 results on 738 pages for 'website attacks'.

Page 36/738 | < Previous Page | 32 33 34 35 36 37 38 39 40 41 42 43  | Next Page >

  • What are the best practices for avoid xss attacks in a PHP site

    - by rikh
    I have PHP configured so that magic quotes are on and register globals are off. I do my best to always call htmlentities() for anything I am outputing that is derived from user input. I also occasionally seach my database for common things used in xss attached such as... <script What else should I be doing and how can I make sure that the things I am trying to do are always done.

    Read the article

  • Replay attacks for HTTPS requests

    - by MatthewMartin
    Let's say a security tester uses a proxy, say Fiddler, and records an HTTPS request using the administrator's credentials-- on replay of the entire request (including session and auth cookies) the security tester is able to succesfully (re)record transactions. The claim is that this is a sign of a CSRF vulnerability. What would a malicious user have to do to intercept the HTTPS request and replay it? It this a task for script kiddies, well funded military hacking teams or time-traveling-alien technology? Is it really so easy to record the SSL sessions of users and replay them before the tickets expire? No code in the application currently does anything interesting on HTTP GET, so AFAIK, tricking the admin into clicking a link or loading a image with a malicious URL isn't an issue.

    Read the article

  • Drupal SQL injection attacks prevention and apostrophe handling in Forms

    - by jini
    in typical PHP applications I used to use mysql_real_escape_string before I did SQL inserts. However I am unable to do that in Drupal so would need some assistance. And without any sort of function like that, user input with apostrophes is breaking my code. Please suggest. Thank You My SQL is as follows: $sql = "INSERT INTO some_table (field1, field2) VALUES ('$field1', '$field2')"; db_query($sql);

    Read the article

  • How should I protect against hard link attacks?

    - by Thomas
    I want to append data to a file in /tmp. If the file doesn't exist I want to create it I don't care if someone else owns the file. The data is not secret. I do not want someone to be able to race-condition this into writing somewhere else, or to another file. What is the best way to do this? Here's my thought: fd = open("/tmp/some-benchmark-data.txt", O_APPEND | O_CREAT | O_NOFOLLOW | O_WRONLY, 0644); fstat(fd, &st); if (st.st_nlink != 1) { HARD LINK ATTACK! } What's the right way? Besides not using a world-writable directory.

    Read the article

  • Tricks and Optimizations for you Sitecore website

    - by amaniar
    When working with Sitecore there are some optimizations/configurations I usually repeat in order to make my app production ready. Following is a small list I have compiled from experience, Sitecore documentation, communicating with Sitecore Engineers etc. This is not supposed to be technically complete and might not be fit for all environments.   Simple configurations that can make a difference: 1) Configure Sitecore Caches. This is the most straight forward and sure way of increasing the performance of your website. Data and item cache sizes (/databases/database/ [id=web] ) should be configured as needed. You may start with a smaller number and tune them as needed. <cacheSizes hint="setting"> <data>300MB</data> <items>300MB</items> <paths>5MB</paths> <standardValues>5MB</standardValues> </cacheSizes> Tune the html, registry etc cache sizes for your website.   <cacheSizes> <sites> <website> <html>300MB</html> <registry>1MB</registry> <viewState>10MB</viewState> <xsl>5MB</xsl> </website> </sites> </cacheSizes> Tune the prefetch cache settings under the App_Config/Prefetch/ folder. Sample /App_Config/Prefetch/Web.Config: <configuration> <cacheSize>300MB</cacheSize> <!--preload items that use this template--> <template desc="mytemplate">{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}</template> <!--preload this item--> <item desc="myitem">{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX }</item> <!--preload children of this item--> <children desc="childitems">{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}</children> </configuration> Break your page into sublayouts so you may cache most of them. Read the caching configuration reference: http://sdn.sitecore.net/upload/sitecore6/sc62keywords/cache_configuration_reference_a4.pdf   2) Disable Analytics for the Shell Site <site name="shell" virtualFolder="/sitecore/shell" physicalFolder="/sitecore/shell" rootPath="/sitecore/content" startItem="/home" language="en" database="core" domain="sitecore" loginPage="/sitecore/login" content="master" contentStartItem="/Home" enableWorkflow="true" enableAnalytics="false" xmlControlPage="/sitecore/shell/default.aspx" browserTitle="Sitecore" htmlCacheSize="2MB" registryCacheSize="3MB" viewStateCacheSize="200KB" xslCacheSize="5MB" />   3) Increase the Check Interval for the MemoryMonitorHook so it doesn’t run every 5 seconds (default). <hook type="Sitecore.Diagnostics.MemoryMonitorHook, Sitecore.Kernel"> <param desc="Threshold">800MB</param> <param desc="Check interval">00:05:00</param> <param desc="Minimum time between log entries">00:01:00</param> <ClearCaches>false</ClearCaches> <GarbageCollect>false</GarbageCollect> <AdjustLoadFactor>false</AdjustLoadFactor> </hook>   4) Set Analytics.PeformLookup (Sitecore.Analytics.config) to false if your environment doesn’t have access to the internet or you don’t intend to use reverse DNS lookup. <setting name="Analytics.PerformLookup" value="false" />   5) Set the value of the “Media.MediaLinkPrefix” setting to “-/media”: <setting name="Media.MediaLinkPrefix" value="-/media" /> Add the following line to the customHandlers section: <customHandlers> <handler trigger="-/media/" handler="sitecore_media.ashx" /> <handler trigger="~/media/" handler="sitecore_media.ashx" /> <handler trigger="~/api/" handler="sitecore_api.ashx" /> <handler trigger="~/xaml/" handler="sitecore_xaml.ashx" /> <handler trigger="~/icon/" handler="sitecore_icon.ashx" /> <handler trigger="~/feed/" handler="sitecore_feed.ashx" /> </customHandlers> Link: http://squad.jpkeisala.com/2011/10/sitecore-media-library-performance-optimization-checklist/   6) Performance counters should be disabled in production if not being monitored <setting name="Counters.Enabled" value="false" />   7) Disable Item/Memory/Timing threshold warnings. Due to the nature of this component, it brings no value in production. <!--<processor type="Sitecore.Pipelines.HttpRequest.StartMeasurements, Sitecore.Kernel" />--> <!--<processor type="Sitecore.Pipelines.HttpRequest.StopMeasurements, Sitecore.Kernel"> <TimingThreshold desc="Milliseconds">1000</TimingThreshold> <ItemThreshold desc="Item count">1000</ItemThreshold> <MemoryThreshold desc="KB">10000</MemoryThreshold> </processor>—>   8) The ContentEditor.RenderCollapsedSections setting is a hidden setting in the web.config file, which by default is true. Setting it to false will improve client performance for authoring environments. <setting name="ContentEditor.RenderCollapsedSections" value="false" />   9) Add a machineKey section to your Web.Config file when using a web farm. Link: http://msdn.microsoft.com/en-us/library/ff649308.aspx   10) If you get errors in the log files similar to: WARN Could not create an instance of the counter 'XXX.XXX' (category: 'Sitecore.System') Exception: System.UnauthorizedAccessException Message: Access to the registry key 'Global' is denied. Make sure the ApplicationPool user is a member of the system “Performance Monitor Users” group on the server.   11) Disable WebDAV configurations on the CD Server if not being used. More: http://sitecoreblog.alexshyba.com/2011/04/disable-webdav-in-sitecore.html   12) Change Log4Net settings to only log Errors on content delivery environments to avoid unnecessary logging. <root> <priority value="ERROR" /> <appender-ref ref="LogFileAppender" /> </root>   13) Disable Analytics for any content item that doesn’t add value. For example a page that redirects to another page.   14) When using Web User Controls avoid registering them on the page the asp.net way: <%@ Register Src="~/layouts/UserControls/MyControl.ascx" TagName="MyControl" TagPrefix="uc2" %> Use Sublayout web control instead – This way Sitecore caching could be leveraged <sc:Sublayout ID="ID" Path="/layouts/UserControls/MyControl.ascx" Cacheable="true" runat="server" />   15) Avoid querying for all children recursively when all items are direct children. Sitecore.Context.Database.SelectItems("/sitecore/content/Home//*"); //Use: Sitecore.Context.Database.GetItem("/sitecore/content/Home");   16) On IIS — you enable static & dynamic content compression on CM and CD More: http://technet.microsoft.com/en-us/library/cc754668%28WS.10%29.aspx   17) Enable HTTP Keep-alive and content expiration in IIS.   18) Use GUID’s when accessing items and fields instead of names or paths. Its faster and wont break your code when things get moved or renamed. Context.Database.GetItem("{324DFD16-BD4F-4853-8FF1-D663F6422DFF}") Context.Item.Fields["{89D38A8F-394E-45B0-826B-1A826CF4046D}"]; //is better than Context.Database.GetItem("/Home/MyItem") Context.Item.Fields["FieldName"]   Hope this helps.

    Read the article

  • What should you do differently when designing websites for an embedded web server

    - by Roger Attrill
    When designing a website to be accessed from an embedded webserver such as KLone, what do you need to do differently compared to a 'standard' web server. I'm talking about considerations at the front end design stage, before the actual building and coding up. For example, typically in such situations, memory size is a premium, so I guess larger images are out, and maybe more attention should be focused on achieving a good look and feel using CSS/Javascript rather than bitmap images.

    Read the article

  • Is Live Chat a valuable feature?

    - by Jim
    Does having a live chat feature on a website increase conversions enough to cover the cost administration? Most of the data I have found comes from companies selling live chat solutions and is unreliable in my opinion. Do users find this as a valuable feature or an annoyance? Personally, I'm annoyed by sites that use live chat especially when a little box pops up without my explicit request, but if users find this valuable then I should consider implementing it. Any concrete data is appreciated.

    Read the article

  • Why do none-working websites look like search indexes?

    - by Asaf
    An example of this could be shown on every .tk domain that doesn't exist, just write www.givemeacookie.tk or something, you get into a fake search engine/index Now these things are all over, I use to always ignore it because it was obvious just a fake template, but it's everywhere. I was wondering, where is it originated (here it's searchmagnified, but in their website it's also something generic) ? Is there a proper name for these type of websites?

    Read the article

  • Why do non-working websites look like search indexes?

    - by Asaf
    An example of this could be shown on every .tk domain that doesn't exist, just write www.givemeacookie.tk or something, you get into a fake search engine/index Now these things are all over, I use to always ignore it because it was obvious just a fake template, but it's everywhere. I was wondering, where is it originated (here it's searchmagnified, but in their website it's also something generic) ? Is there a proper name for these type of websites?

    Read the article

  • Punch Line Marketing

    - by jackman
    There are so many "punch line" websites like: http://www.thatswhyyoufail.com www.canrailsscale.com/ www.nooooooooooooooo.com/ but it's a mystery how they ever get so popular. I have an idea for a punch line website too, but I want to make it BIG! Does anyone have any tips for marketing these kinds of sites? p.s. and no, I do not own any of these sites, and am not disguising it as a question to market them lol.

    Read the article

  • Best method to do A B testing across to subdomains

    - by Lior
    I want to do an A B test of an entire site for a new design and UX with only slight changes in content (a big brand site that has good Google rankings for many generic keywords. My idea of implementation is doing a 302 redirect to the new version (placing it on www1 subdomain) and allowing only user agents of known browsers to pass. The test version will have disallow all in the robots text. Will Google treat this favorably or do I have to use Google Website Optimizer (which will give me tracking headaches)?

    Read the article

  • Desktop Software to monitor online status of web site and web-based application

    - by pansp
    I'm basically looking for a desktop-based software which can monitor my company's website and the web application's online availability. I know there are few online applications like Uptime Robot which does the same work but I have been asked to find a desktop based software which can monitor running in system tray and notify any down-time. A free software would be great. Any help would be appreciated. Thanks!

    Read the article

  • Will multivariate (A/B) testing applied with 302 redirects to a subdomain affect my Google ranking?

    - by Lior
    I want to do an A B test of an entire site for a new design and UX with only slight changes in content (a big brand site that has good Google rankings for many generic keywords. My idea of implementation is doing a 302 redirect to the new version (placing it on www1 subdomain) and allowing only user agents of known browsers to pass. The test version will have disallow all in the robots text. Will Google treat this favorably or do I have to use Google Website Optimizer (which will give me tracking headaches)?

    Read the article

  • Using MLP, how to make a link to the according page in the other languages?

    - by lyle
    the question says it all, but here's a bit more detail: I help building a bilingual website using MLP on TextPattern. It's trivial to put a link to the top level page of another language, but how to put a link to the current page in another language? Eg. /en/contact should link to /de/kontakt (the same article in another language). I'm sure there are some variables somewhere that I could put into the template that would be filled with the correct links. Thankx in advance. :)

    Read the article

  • The Best Title for my Skill Set [closed]

    - by nickelpickle
    I'm about to branch off into the freelance world. I'm starting an LLC and I'd like some input on what I should title myself as the owner. For example "creative specialist" or "creative technician" or something like that. My services would be: Website design / development Graphic design: icon design, templates, web graphics, business cards / brochures / letterheads / etc. Writing: content writing/copywriting, technical writing, editing / proofreading / copyediting Photography, photo editing Does anybody have any ideas on some general terms that would apply to this type of business?

    Read the article

  • Website not reachable via mobile device

    - by sanders
    I have this very strange problem with a website. The site works normal when coming from a webbrowser which is non-mobile. But when trying to reach the site via a mobile device (tried different browsers) it doesn't get to the website. The only error I see is: This website is not available and the message is: DNS_PROBE_POSSIBLE Does anyone know where I should look for the problem. The website is based on Joomla. The Url of the site is: http://bit.ly/1bOToII

    Read the article

  • What's your hobby website; do you maintain it for your users or yourself?

    - by Glennular
    What is your hobby website? Do you care if it has high traffic or is it more for personal satisfaction? When deciding on the features to implement are you taking in to consideration the needs of general user-base or features you really want to build? What balance do you use to keep yourself satisfied as well as your users? When do you feel your site is able to release to the world? Do you release it initially and hope for anticipatory beta group? or wait till you have a solid built set of features?

    Read the article

  • Is it possible to use DLR in a .NET 3.5 website project?

    - by Aplato
    I'm trying to evaluate an expression stored in a database i.e. "if (Q1 ==2) {result = 3.1;} elseif (Q1 ==3){result=4.1;} else result = 5.9;" Rather than parsing it myself I'm trying to use the DLR. I'm using version .92 from the Codeplex repository and my solution is a .NET 3.5 website; and I'm having conflicts between the System.Core and Microsoft.Scripting.ExtenstionAttribute .dll's. Error = { Description: "'ExtensionAttribute' is ambiguous in the namespace 'System.Runtime.CompilerServices'.", File: "InternalXmlHelper.vb" } At this time I cannot upgrade to .NET 4.0 and make significant use of the .net 3.5 features (so downgrading is not an option). Any help greatly appreciated.

    Read the article

  • Website content hosted with Google. Good or bad?

    - by user305052
    I recently decided to host my styles.css and various scripts on Google Docs and link them into my website. I also have all my images hosted through Picasa so that they too will load much faster and consistently across users. My site has most of its traffic from Japan, Africa, and South America, so I assume there will be a performance boost for my users since my server is hosted in Hong Kong. I (in Canada) have measured my load times to be half of what they used to be. Basically it's a free CDN for my personal stuff. I'm not too sure about all of this yet, so here's my question: what are the caveats of this setup?

    Read the article

  • What's the best license for my website?

    - by John Maxim
    I have developed a unique website but do not have a lot of fund to protect it with trademark or patents. I'm looking for suggestions so that when my supervisor gets my codes, some laws restrict anyone from copying it and claim their work. I'm in the middle of thinking, making the application a commercial one or never allowing it to be copied at all. What kind of steps am I required to take in order to make full measurements so my applications are fully-protected? I've come across a few, one under my consideration is MIT license. Some say we can have a mixture of both commercial and MIT. I would also like to be able to distribute some functions so it can be modified by others but I'd still retain the ownership. Last but not least, it's confusing when I think of protecting the whole website, and protecting codes by codes in division. How should we go about this? Thanks. N.B I have to pass it over to the supervisor as this is a Uni project. I need this to be done within 2 weeks. So time to get my App protected is a factor here.

    Read the article

  • Oracle’s FY14 Partner Kickoff Recap & New OPN Website

    - by Kristin Rose
    There is no doubt that we are off to a strong FY14! Now that Oracle’s Global Partner Kickoff has come and gone, it’s time to take what we have learned and focus on having the strongest year ever! To quote Oracle pilot, Sean D. Tucker, “FY14, it’s all about growth baby!” Here are some of the ways you can grow with Oracle! Sell into accounts where Oracle isn’t selling directly Offer customer added value solutions leveraging our technology Offer deep market capabilities that leverage transformative technology Be aggressive, sell the entire stack, engage with Oracle in the marketplace and get engineered for growth! With this being said, we also know that to have the strongest year ever, you also need the strongest tools ever! Ladies and gentleman, in case you missed its debut during Oracle’s Global Partner Kickoff, let OPN introduce you to the newly redesigned, Oracle PartnerNetwork website, providing  easy access to key business processes, systems and resources! We took your advice and implemented the following enhancements: A new OPN home page, highlighting paths to top tasks Streamlined top navigation New business process focused pages Restructured Knowledge Zone areas (currently applied to select pages) Learn more about the new Oracle PartnerNetwork website and all that Oracle has to offer, by watching the FY14 Global Partner Kickoff replay video below! Thank you for your hard work and partnership in FY13, here’s to an even stronger FY14! Good Selling, The OPN Communications Team

    Read the article

  • Our New Website Header (& Other Tweaks)

    - by justin.kestelyn
    Last week, the Oracle Technology Network Website went fixed-width. There are several reasons for this, most relating to providing a consistent user experience, easier management of Website content, etc. Furthermore, it's fairly standard for developer portals these days - java.sun.com, MSDN, and IBM DeveloperWorks are also all fixed-width sites. (My apologies to everyone who is unhappy about this change, but it really is an overall positive one.) Today, we have rolled out a brand-new header, the first step in what we call the "Mosaic" project - which is an effort to make the user experience across all Oracle Websites more consistent. To summarize the impact: The "pull-down" menus on the OTN site disappear; most of them move into a "flyout" button in the header. You can access the OTN flyout from any page on Oracle.com or the OTN site. Great for our page views. :) You also have direct access to the Downloads index from anywhere on Oracle.com. If you so desire, you can directly access product overviews, Oracle University and Support info, Oracle Store, etc etc from the OTN site now. Due to limited space in the flyout we cannot accommodate *all* the pull-down items, but they are all no more than 1 or 2 clicks away. This approach has been validated in extensive user testing over the last few months; I welcome your feedback now in comments. There are many other changes in train, with the next one being: A major homepage redesign, the first in 4 or 5 years.

    Read the article

< Previous Page | 32 33 34 35 36 37 38 39 40 41 42 43  | Next Page >