Search Results

Search found 12720 results on 509 pages for 'moss2007 security'.

Page 398/509 | < Previous Page | 394 395 396 397 398 399 400 401 402 403 404 405 | Next Page >

how can cookies track users despite same origin policy?

- by user1763930

Article here discusses tactics used by political campaigns. http://www.nytimes.com/2012/10/14/us/politics/campaigns-mine-personal-lives-to-get-out-vote.html The part in question is quoted: The campaigns have planted software known as cookies on voters’ computers to see if they frequent evangelical or erotic Web sites for clues to their moral perspectives. Voters who visit religious Web sites might be greeted with religion-friendly messages when they return to mittromney.com or barackobama.com. How is that possible? I thought all modern browsers have same origin policy security where website A doesn't have access to any information about other website B, website C, etc. The article makes it sound like a user browses: 1. presidentialcandidate.com 2. website2.com 3. website3.com 4. website4.com 5. presidentialcandidate.com How can a cookie from visit #1 know track user history and be revealed in visit #5?

Read the article
Referencing invalid memory locations with C++ Iterators

- by themoondothshine

I am a big fan of GCC, but recently I noticed a vague anomaly. Using __gnu_cxx::__normal_iterator (ie, the most common iterator type used in libstdc++, the C++ STL) it is possible to refer to an arbitrary memory location and even change its value without causing an exception! Is this expected behavior? If so, isn't a security loophole? Here's an example: #include <iostream> using namespace std; int main() { basic_string<char> str("Hello world!"); basic_string<char>::iterator iter = str.end(); iter += str.capacity() + 99999; *iter = 'x'; cout << "Value: " << *iter << endl; }

Read the article
SQL Compact 2008 Connection String Problem

- by Seth

I have the following code to connect to a sql server compact edition 2008: private SqlConnection sqlConn; public void createConnection() { String connectionString = @"Data Source=C:\Projects\somefile.sdf;Persist Security Info=False"; sqlConn = new SqlConnection(connectionString); sqlConn.Open(); } However, I keep getting the following error when sqlConn.Open() is executed: "A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)" Does anyone have any ideas what the problem might be? I can create a connection to the db in the database explorer but it doesn't seem to work in code.

Read the article
How to run a command on a remote Windows system as a non-admin user with WMI?

- by John

I have a script written in Visual Basic that starts a process (given to the script as an argument) on a remote system (again, given as an argument) using WMI. This script works fine when using an Administrator account on the remote system, but when using a non-administrator account, I get the following error: ConnectServer Failed w/ (-2147024891) Access is denied. I'd like to be able to run processes on remote systems as a non-administrator user with this script, and I'm pretty sure the problem is due to security settings on the remote system, but I've not been able to reset the right ones.

Read the article
Is it better to store user text (such as a blog entry or private messages) in the database or as flat files?

- by Fredashay

I'm building a social networking type site that will be storing large chunks of text that's entered by users, such as blog entries and private messages. As such, these will be entered once, with minimal revisions, but many reads by multiple users over time. I'm using MySQL, by the way. My concerns are: Storing large blocks of text on the database will fill the database to capacity eventually. I read somewhere that storing user text in flat files is a security risk? (The filenames will be generated dynamically by the PHP, not by the user.) Storing them as text files may cause them to become out of sync if I ever have to reinitialize the database and restore it from backups. What are all your thoughts and advice, pros and cons?

Read the article
How does lock(syncRoot) make sense on a static method?

- by Rising Star

The following code is excerpted from the (Windows Identity Foundation SDK) template that MS uses to create a new Security Token Service Web Site. public static CustomSecurityTokenServiceConfiguration Current { get { HttpApplicationState httpAppState = HttpContext.Current.Application; CustomSecurityTokenServiceConfiguration customConfiguration = httpAppState.Get( CustomSecurityTokenServiceConfigurationKey ) as CustomSecurityTokenServiceConfiguration; if ( customConfiguration == null ) { lock ( syncRoot ) { customConfiguration = httpAppState.Get( CustomSecurityTokenServiceConfigurationKey ) as CustomSecurityTokenServiceConfiguration; if ( customConfiguration == null ) { customConfiguration = new CustomSecurityTokenServiceConfiguration(); httpAppState.Add( CustomSecurityTokenServiceConfigurationKey, customConfiguration ); } } } return customConfiguration; } } I'm relatively new to multi-threaded programming. I assume that the reason for the lock statement is to make this code thread-safe in the event that two web requests arrive at the web site at the same time. However, I would have thought that using lock (syncRoot) would not make sense because syncRoot refers to the current instance that this method is operating on... but this is a static method? How does this make sense?

Read the article
Runtime Error in asp.net?(online )

- by Surya sasidhar

hi, I develop a web application it is working fine in local. When i upload the site in online through CuteFTP it is showing the error like this... Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine. Details: To enable the details of this specific error message to be viewable on remote machines, please create a tag within a "web.config" configuration file located in the root directory of the current web application. This tag should then have its "mode" attribute set to "Off". Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's configuration tag to point to a custom error page URL. please help me i place the but even though it is not working it is giving same error. Thank you

Read the article
Windows XP: Have my program run in kernel mode?

- by Kalamari

I'm currently learning about the different modes the Windows operating system runs in (kernel mode vs. user mode), device drivers, their respective advantages and disadvantages and computer security in general. I would like to create a practical example of what a faulty device driver that runs in kernel mode can do to the system, by for example corrupting memory used for critical OS-processes. How can I execute my code in kernel mode instead of user mode, directly? Do I have to write a dummy device driver and install it to do this? Where can I read more about kernel and user mode in Windows? I know the dangers of this and will do all of the experiments on a virtual machine running Windows XP only

Read the article
Hash passwords before transmitting? (web)

- by wag2639

I was reading this Ars article on password security and it mentioned there are sites that "hash the password before transmitting"? Now, assuming this isn't using an SSL connection (HTTPS), a. is this actually secure and b. if it is how would you do this in a secure manor? Edit 1: (some thoughts based on first few answers) c. If you do hash the password before transmission, how do you use that if you only store a salted hash version of the password in your user credentials databas? d. Just to check, if you are using a HTTPS secured connection, is any of this necessary?

Read the article
jQuery model-view-controller vs Spring MVC

- by user1515968

my question is what potential problems or difficulties would be with implementing usual web app with somewhat reach user interface (multiple dynamic tabs, accordians and so on) using jQuery MVC approach with Spring REST vs using Spring MVC. Problems what I can think of could be: I will not be able to use Spring security fully, JavaScript coding could become hard to manage, any form verification becomes not easy to manage... what else? and does jQuery MVC with REST make sense at all? On other side jQuery with MVC and REST move all GUI concerns to JavaScript side (whether it is bad or not) and leave all data manipulation to server side.

Read the article
Xampp error on windows

- by Deepak Kumar

My problem is when i use xampp i see many error and when i use my web it has no error Notice: Undefined index: action in C:\xampp\htdocs\xyz\index.php on line 3 Notice: Undefined index: usNick in C:\xampp\htdocs\xyz\config.php on line 11 Notice: Use of undefined constant setname - assumed 'setname' in C:\xampp\htdocs\xyz\config.php on line 31 Notice: Use of undefined constant setname - assumed 'setname' in C:\xampp\htdocs\xyz\config.php on line 31 Notice: Undefined index: usNick in C:\xampp\htdocs\xyz\config.php on line 34 Notice: A session had already been started - ignoring session_start() in C:\xampp\htdocs\xyz\data.php on line 2 Notice: Undefined index: r in C:\xampp\htdocs\xyz\data.php on line 4 Notice: Undefined index: ucNick in C:\xampp\htdocs\xyz\data.php on line 8 I have tried many time changing things in Setting, Security, Privileges etc but nothing changed, I want to know if im missing something out Thanks

Read the article
How can I play a flv file that is hosted on a remote website?

- by pennstatephil

I'm looking to play a flash video hosted on a remote website. I've tried the following (and profuse google-ing): In source of page on http://fakesite1.com/player.jsp: <embed src = "FlashPlayer.swf?file=http://fakesite2.net/video.flv" /> I can browse to http://fakesite2.net/video.flv and ensure it's there, but the player comes back "movie not loaded" (on right-click) on fakesite1. My initial guess is that this might be some sort of security feature... is it possible to play a video hosted on a remote site?

Read the article
Should we develop code on a local machine in a VLAN?

- by red tiger

Because of security reasons, we will not be able to use IIS on our local machines. I'm sure that many of you have faced the same problem, so how did you solve it? Here are the options that we're looking at: Create a VLAN that is isolated from the network for development. This will allow us to use any software, including IIS, that we want. A disadvantage is testing Web services with external organizations, which can be overcome by using stubs. Not use a VLAN and use only the ASP.NET Development Server that comes with Visual Studio, and then deploying that code to the development server. This has the disadvantage of not being able to replicate the production environment during local development. In addition, at least one developer needs IIS for GIS development, so he couldn't develop locally. Thank you for comments or suggestions that you may have!

Read the article
Access is denied trying to access a sMetabasePath on a SMTP Server from a different Web Server

- by RJ

I have written a C# dot net application that updates the SMTP relay restriction list in IIS 6. Running the application locally works great and I can add/remove IPs/DNS from the relay restriction list without any problem. Now I need to do the same for a SMTP server that is not running on the same webserver that I have the application running. So I have the web application on webserver A and the SMTP server on webserver/smtp server B. My app pool is running under a domain user and I have given the same user rights to the SMTP server under the security tab in the SMTP Virtual Server property window. I thought I could simply change the sMetabasePath from "IIS://localhost/smtpsvc/1" to "IIS://10.171.243.134/smtpsvc/1" and everything would just work but I get an "Access is denied" error. So I must have to do something else to get this to work. I even gave the domain user full admin rights on the SMTP server to no avail. Any ideas

Read the article
PHP cors validation

- by Brian Putt

I have an endpoint that takes GET requests to collect data from any source that wants to send data. Is there a way to run some validation that the data is in fact coming from the sources we allowed? They enter the website url that they will be sending the data from and we generate an api key. The data is sent via a javascript file that they install onto their website. I have the Access-Control-Allow-Origin set to * as it doesn't necessarily scale to add in hundreds or more websites to that header and that in itself is a security risk as it shows anyone who wants to look at the headers who uses the script. Currently I am thinking of using the http_origin / origin referrer, but obviously that doesn't do too much

Read the article
autoTab and allowed only numbers

- by Abu Hamzah

is there any easy way of implementing two feature 1) auto tab and 2) allowed only numbers i have a SSN box below as soon as the user enter three digits will skip to the next .. so on and so forth..... <TR> <TD nowrap><b>Social Security Number</b></TD> <TD align="left" nowrap colspan="4"> <INPUT NAME= "SSN1" TYPE= "TEXT" SIZE= "3" MAXLENGTH= "3" VALUE= ""> <INPUT NAME= "SSN2" TYPE= "TEXT" SIZE= "2" MAXLENGTH= "2" VALUE= ""> <INPUT NAME= "SSN3" TYPE= "TEXT" SIZE= "4" MAXLENGTH= "4" VALUE= ""> </TD> </tr> also i wanted to restrict to have only numbers.

Read the article
Keystore and Aliases - is there a use to multiple aliases?

- by Steve H

When exporting a signed Android application using Eclipse, is there a purpose to using multiple aliases? According to the official guide about signing, it's recommended that you sign all applications with the same certificate to allow your applications to share data, code and be updated in modular fashion. Assuming that "alias", "key" and "certificate" are essentially interchangeable in this context, is there a reason why someone would want to use different aliases for all their applications? The only reason I can think of is that it adds more security to your applications, in the sense that a compromised key/password doesn't compromise everything. Are there other reasons? Also, is the generated key dependent on the name of the alias? In other words, if you change the name of the alias but not the password, would the generated certificate be different? Thanks.

Read the article
.Net SQL Server Connection String - hide password from other developers

- by Chris Klepeis

We're migrating one of our sites to ASP.Net. We do not want to use integrated security, which uses the windows account to connect to sql server (not going to get into why, its just out of the question). We created a username and password to connect to SQL Server, and would like to use that username and password, however, we also do not want other developers to see this information (easily read from the web.config).... I know it can be encrypted, but it can just as easily be decrypted by the developers - plus encryption has a performance hit. Is there any solution to this problem?

Read the article
Using an ActiveX object from an Outlook hosted webpage - possible?

- by Nic Wise

I'm trying to do the following: We have an outlook plugin, written in .NET (and C++). It does various things, and is manually installed on the end users machines (usually via AD deployment or similar) We are changing our search to use a webpage-based search, but from within outlook. That part is ok, however we want to communicate from the webpage to the surrounding outlook application. We can call into outlook by exposing an ActiveX object from our plugin, however we get security warnings, even if it's signed and marked as safe for scripting. Is this even possible? Has anyone done it? Anyone have a better way of doing it? We only need to pass in a small amount of data (a message id), and only from the webpage to outlook [update]: This is the error: automation server can't create object. We can get around it a bit by turning things off in IE, but thats not a good way to do it! Thanks

Read the article
Upload Image to Facebook Objective-C

- by boopyman

I'm currently trying to upload an image from my Mac application to Facebook. To do this, I'd like for the user to simply input his username and password, and to click a button. The only issue is, Facebook doesn't actually have an API for the Mac, it only has one for iOS. This shouldn't be a problem, except for the fact that to login, you must use a web view, something I'm not to keen on doing, since I'd like the interface to be two simple text fields. I've also looked into PHFacebook, a class I found online, but it also seems to utilize an NSWebView. I'm wondering if there's a security issue when you use text fields; indeed, it's slightly strange no available API offers this function ! So, to conclude, is it possible, or is there an API, that lets you upload an image and lets you provide the user's credentials through simple NSStrings?

Read the article
I want search a item frome database

- by vishal

I want search a item frome database bye date and id but if I want to search only by date or id tahn data are display but if I want to search by both date and id than not both are display but combine both and than display. my code: SqlConnection con = new SqlConnection("Data Source=NODE5-PC;Initial Catalog=hans;Persist Security Info=True;User ID=sa;Password=123"); cmd = new SqlCommand("SELECT UserId, Date, Report FROM Daily_Report WHERE (Date='" + txtdate.Text + "' or UserId='" + txtempid.Text + "') OR (UserId='" + txtempid.Text + "' and UserId='" + txtempid.Text + "')", con); con.Open(); SqlDataReader rdr = cmd.ExecuteReader(); GridView2.DataSource = rdr; GridView2.DataBind(); con.Close();

Read the article
Enableeventvalidation in web user control

- by Khushi

Hi, i have a web user control containing a repeater. The repeater contains three buttons. On button click it gives the following error : Invalid postback or callback argument. Event validation is enabled using in configuration or <%@ Page EnableEventValidation="true" % in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation. Since user control does not have page directive, so i changed the enableEventValidation to false, but it restricted the itemcommand event of the repeater. Can someone guide me, how to solve this problem?

Read the article
Dataset Binding stored procedures update/insert/delete

- by Jin

Hi all, I am currently having a problem since the DB has been changed. I am using Datasets for a c# application, and there is a user management system. For the security issues, our current DB design is like user log into app. DB returns a session ID On use of any other stored procedures, a session ID must be specified. BUT, the DB didn't request session ID before. since I am using the datasets, I used update/insert/delete stored procedures with "TableAdaptor Configuration Wizard". Bind Commands to Existing Stored Procedures (choose stored procedures to call and specify any reuiqred parameters) Now, it seems like I have to specify session ID for Insert/Update/Delete stored procedures. How do I specify session ID parameter here? It seems like I have to pick one return parameter variable from a select statement. Thanks,

Read the article
Set a session hash outside of RoR program?

- by Sindri Guðmundsson

Hi, I have had my new rails program up for a few days now. I'm running it on Ubuntu 10.4 with apache2 in another location than the website it's made for (it's a standalone database application for physiotherapists). The people I made it for now want me to deploy it to the public part of their website, only with one change. Those who open it via the link in the public-part should not be able to click one button! I was thinking of doing something like this in my view: <% if session[:inside]%> <%=button_to 'Sækja mælitæki', @link_to_mt%> <%end%> How could I set session[:inside] only to true if the program was started from within the private part of the webpage? I thought of creating two new actions, the other would set session[:inside] to true and the other to false, but that seems to me like a security risk, is it not? BR, Sindri

Read the article
couchdb: one database per account vs all in one database w. a namespace / property

- by thruflo

I'm modelling a document generation system in couchdb. It semi-automates the production of proposal and presentation documents from managable document fragments. Much like, say, Basecamp, it breaks down very simply into self-contained data per 'account'. Each account has multiple users, projects, documents, etc. However, nothing should be shared between accounts. I can see two ways of doing this: one couchdb database per account use a namespace / property to identify the account It seems to me that the first approach is conceptually sound and potentially has security and partitioning advantages. However, it seems to me to restrict some cross-database data querying (that I don't have a use case for now but you never know...) and to make updating views potentially require an awful lot of writes. Does anyone experienced with this kind of decision have any advice?

Read the article

< Previous Page | 394 395 396 397 398 399 400 401 402 403 404 405 | Next Page >