Search Results

Search found 25503 results on 1021 pages for 'browser security'.

Page 40/1021 | < Previous Page | 36 37 38 39 40 41 42 43 44 45 46 47  | Next Page >

  • E-Commerce Security: Only Credit Card Fields Encrypted?!

    - by bizarreunprofessionalanddangerous
    I'd like your opinions on how a major bricks-and-mortar company is running the security for its shopping Web site. After a recent update, when you are logged into your shopping account, the session is now not secured. No 'https', no browser 'lock'. All the personal contact info, shopping history -- and if I'm not mistaken submit and change password -- are being sent unencrypted. There is a small frame around the credit card fields that is https. There's a little notice: "Our website is secure. Our website uses frames and because of this the secure icon will not appear in your browser" On top of this the most prominent login fields for the site are broken, and haven't gotten fixed for a week or longer (giving the distinct impression they have no clue what's going on and can't be trusted with anything). Now is it just me -- or is this simply incomprehensible for a billion dollar company, significant shopping site, in the year 2010. No lock. "We use frames" (maybe they forget "Best viewed in IE4"). Customers complaining, as you can see from their FAQ "explaining" why you aren't seeing https. I'm getting nowhere trying to convince customer service that they REALLY need to do something about this, and am about to head for the CEO. But I just want to make sure this is as BIZARRE and unprofessional and dangerous a situation as I think it is. (I'm trying to visualize what their Web technical team consists of. I'm getting A) some customer service reps who were given a 3 hour training course on Web site maintenance, B) a 14 year old boy in his bedroom masquerading as a major technical services company, C) a guy in a hut in a jungle with an e-commerce book from 1996.)

    Read the article

  • Looking for resources to explain a security risk.

    - by Dave
    I've a developer which has given users the ability to download a zip archive which contains an html document which references a relative javascript file and flash document. The flash document accepts as one of it's parameters a url which is embedded in the html document. I believe that this archive is meant to be used as a means to transfer an advertisement to someone who would use the source to display the ad on their site, however the end user appears to want to view it locally. When one opens the html document the flash document is presented and when the user clicks on the flash document it redirects to this embedded url. However, if one extracts the archive on the desktop and opens the html document in a browser and clicks the flash object, nothing observable happens, they will not be redirected to the external url. I believe this is a security risk because one is transferring from the local computer zone to an external zone. I'm trying to determine the best way to explain this security risk in the simplest of terms to a very end user. They simply believe it's "broken" when it's not broken, they're being protected from a known vulnerability. The developer attempted to explain how to copy the files to a local iis instance, which I highly doubt is running on the users machine, and I do not consider this to be a viable explanation.

    Read the article

  • Security considerations processing emails

    - by Timmy O' Tool
    I have process that will be reading emails from an account. The objective of the process is saving to a database those emails with image(s) as attachments. I will be saving sender, subject body and image path (the image will be saved on the process). I will be showing this information on a page so I would like to know all (or most of them :) ) security aspects to cover. I plan to sanitize the subject and body of the email. I can remove most of the tags, probably it would be enough keeping the <p> tag. I'm not sure if I can trust just in a sanitizer. I would like to HTML encode everything except for the <p> tag after sanitize, just in case. Any suggestion? I'm only accepting images as attachment as I said above, any security risk I have to take into account in relation to the attachment? Thanks!

    Read the article

  • Cross Browser Issue

    - by dazedandconfused
    My background is in WinForms programming and I'm trying to branch out a bit. I'm finding cross-browser issues a frustrating barrier in general, but have a specific one that I just can't seem to work through. I want to display an image and place a semi-transparent bar across the top and bottom. This isn't my ultimate goal, of course, but it demonstrates the problem I'm having ina a relatively short code fragment so let's go with it. The sample code below displays as intended in Chrome, Safari, and Firefox. In IE8, the bar at the bottom doesn't appear at all. I've researched it for hours but just can't seem to come up with the solution. I'm sure this is some dumb rookie mistake, but gotta start somewhere. Code snippet... <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title></title> <script type="text/javascript" language="javascript"> </script> <style type="text/css"> .workarea { position: relative; border: 1px solid black; background-color: #ccc; overflow: hidden; cursor: move; -moz-user-focus: normal; -moz-user-select: none; unselectable: on; } .semitransparent { filter: alpha(opacity=70); -moz-opacity: 0.7; -khtml-opacity: 0.7; opacity: 0.7; background-color: Gray; } </style> </head> <body style="width: 800px; height: 600px;"> <div id="workArea" class="workarea" style="width: 800px; height: 350px; left: 100px; top: 50px; background-color: White; border: 1px solid black;"> <img alt="" src="images/TestImage.jpg" style="left: 0px; top: 0px; border: none; z-index: 1;" /> <div id="topBar" class="semitransparent" style="position: absolute;width: 800px; height: 75px; left: 0px; top: 0px; min-height: 75px; border: none; z-index: 2;" /> <div id="bottomBar" class="semitransparent" style="position: absolute; width: 800px; height: 75px; left: 0px; top: 275px; min-height: 75px; border: none; z-index: 2;" /> </div> </body> </html>

    Read the article

  • can't implement jquery jScrollPane to replace browser's scrollbars

    - by Zack
    I am trying to replace browser's scrollbars with jScrollPane (jQuery), it won't work. Here are two attempts to implement it: a basic attempt, and an attempt to imitate the full page demo for jScrollPane. I've been trying everything I could think of to figure out what didn't work, but couldn't. here is my code: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title></title> <!-- styles needed by jScrollPane --> <link type="text/css" href="style/jquery.jscrollpane.css" rel="stylesheet" media="all" /> <style type="text/css" id="page-css"> /* Styles specific to this particular page */ html { overflow: auto; } #full-page-container { overflow: auto; } .scroll-pane { width: 100%; height: 200px; overflow: auto; } .horizontal-only { height: auto; max-height: 200px; } </style> <!-- latest jQuery direct from google's CDN --> <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script> <!-- the mousewheel plugin --> <script type="text/javascript" src="script/jquery.mousewheel.js"></script> <!-- the jScrollPane script --> <script type="text/javascript" src="script/jquery.jscrollpane.min.js"></script> <script type="text/javascript" id="sourcecode"> $(function () { var win = $(window); // Full body scroll var isResizing = false; win.bind( 'resize', function () { if (!isResizing) { isResizing = true; var container = $('#full-page-container'); // Temporarily make the container tiny so it doesn't influence the // calculation of the size of the document container.css( { 'width': 1, 'height': 1 } ); // Now make it the size of the window... container.css( { 'width': win.width(), 'height': win.height() } ); isResizing = false; container.jScrollPane( { 'showArrows': true } ); } } ).trigger('resize'); // Workaround for known Opera issue which breaks demo (see // http://jscrollpane.kelvinluck.com/known_issues.html#opera-scrollbar ) $('body').css('overflow', 'hidden'); // IE calculates the width incorrectly first time round (it // doesn't count the space used by the native scrollbar) so // we re-trigger if necessary. if ($('#full-page-container').width() != win.width()) { win.trigger('resize'); } }); </script> </head> <body> <div id="full-page-container"> This is the most basic implementation of jScrollPane I could create, if I am not wrong this has all it should take, yet it doesn't work. a little lorem ipsum to make the scrollbars show up: [here come's lot's of lorem ipsum text in the actual page...] </div> </body> </html> The other option is the same, with a link to demo.css and demo.js.

    Read the article

  • How do I remove a root kit from Windows XP?

    - by Chloe
    I was looking for root kits following these instructions http://computersight.com/software/how-to-manually-remove-rootkit/ and saw this in my boot log: Loaded driver \SystemRoot\System32\Drivers\awhk9fmc.SYS I tried to search for that filename in Google but there was absolutely nothing found. I tried to look at the file on the disk but could not find it. Nearly every other file is there. I even tried to boot in Windows 98 and mount the NTFS and see the file, but it still wasn't there. I ran a full scan with Microsoft Security Essentials but it found nothing. When I rebooted, I saw this line instead: Loaded driver \SystemRoot\System32\Drivers\a6n163gl.SYS How can I remove this? How can I find out what it does? How can I find out when it was put in? How can I find out who wrote it? Here is my full boot log: Service Pack 3 10 31 2012 17:35:36.500 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver sptd.sys Loaded driver ACPI.sys Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver pciide.sys Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver disk.sys Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver MpFilter.sys Loaded driver KSecDD.sys Loaded driver WudfPf.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver uagp35.sys Loaded driver Mup.sys Loaded driver \SystemRoot\system32\DRIVERS\amdk7.sys Loaded driver \SystemRoot\system32\DRIVERS\sisgrp.sys Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys Loaded driver \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys Loaded driver \SystemRoot\system32\drivers\cmuda.sys Loaded driver \SystemRoot\system32\DRIVERS\usbohci.sys Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\system32\DRIVERS\sisnicxp.sys Loaded driver \SystemRoot\System32\Drivers\avzk9sf5.SYS Loaded driver \SystemRoot\system32\DRIVERS\fdc.sys Loaded driver \SystemRoot\system32\DRIVERS\serial.sys Loaded driver \SystemRoot\system32\DRIVERS\serenum.sys Loaded driver \SystemRoot\system32\DRIVERS\parport.sys Loaded driver \SystemRoot\system32\DRIVERS\gameenum.sys Loaded driver \SystemRoot\system32\DRIVERS\serscan.sys Loaded driver \SystemRoot\system32\drivers\DrmCAudio.sys Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\system32\DRIVERS\psched.sys Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys Loaded driver \SystemRoot\system32\DRIVERS\tap0901.sys Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys Loaded driver \SystemRoot\system32\DRIVERS\update.sys Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\system32\DRIVERS\dtsoftbus01.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\system32\DRIVERS\flpydisk.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\system32\DRIVERS\srvkp.sys Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\system32\DRIVERS\ctxusbm.sys Loaded driver \??\C:\WINDOWS\system32\drivers\cbfs3.sys Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Did not load driver \SystemRoot\System32\Drivers\StarOpen.SYS Loaded driver \SystemRoot\system32\DRIVERS\srv.sys Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\Drivers\HTTP.sys

    Read the article

  • How to set up Mercurial with ssl/security

    - by Sam Lee
    I've been following the hginit.com tutorial on how to use mercurial. Everything is going fine except it uses push_ssl=False. This does not work for my situation because I want pushes (and pulls if possible) to be secure. All the tutorials I've been able to find also use push_ssl=False. Can anyone give me pointers on how to set up ssl/security for Mercurial? Thanks.

    Read the article

  • Relative connection string to AzMan XML store when using security application block

    - by David Hall
    Is it possible to specify a relative connection string for an AzMan XML store? My current connection string is connectionString="msxml://c:/azman.xml" but I really need to make that relative so other developers and automated builds can get the latest authorization store. MS documentation seems to suggest that connectionString="msxml://azman.xml" should work but that throws a The request is not supported error. EDIT: I realised that the fact I'm using AzMan through the Enterprise Library Security Application Block was important to the question.

    Read the article

  • Error: java.security.AccessControlException: Access denied

    - by RMD
    Hi, I have to connect to a https url with username and password to read a file. I am not able to connect to the server (see the error log below). I do not have much java experience so I need help with this code. I would really appreciate some help to solve this! Thank you. Raquel CODE: import lotus.domino.; import java.net.; import java.io.*; import javax.net.ssl.HttpsURLConnection; public class JavaAgent extends AgentBase { public void NotesMain() { try { String username = "123"; String password = "456"; String input = username + ":" + password; String encoding = new sun.misc.BASE64Encoder().encode (input.getBytes()); //Open the URL and read the text into a Buffer String urlName = "https://server.org/Export.mvc/GetMeetings?modifiedSince=4/9/2010"; URL url = new URL(urlName); HttpsURLConnection connection = (HttpsURLConnection)url.openConnection(); connection.setRequestMethod("POST"); connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); connection.setRequestProperty("Content-Length", String.valueOf (encoding.length())); connection.setUseCaches(false); connection.setDoInput(true); connection.setDoOutput(true); connection.setAllowUserInteraction(true); connection.setRequestProperty("Authorization", "Basic " + encoding); connection.setRequestProperty("Cookie", "LocationCode=Geneva"); connection.connect(); BufferedReader rd = null; try{ rd = new BufferedReader(new InputStreamReader(connection.getInputStream())); } catch (IOException e) { System.out.println("Read failed"); System.exit(-1); } String line; while((line = rd.readLine()) != null) { System.out.println(line.toString()); } rd.close(); connection.disconnect(); } catch(Exception e) { e.printStackTrace(); } } } LOG: java.security.AccessControlException: Access denied (java.lang.RuntimePermission exitVM.-1) at java.security.AccessController.checkPermission(AccessController.java:108) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at COM.ibm.JEmpower.applet.AppletSecurity.superDotCheckPermission(AppletSecurity.java:1449) at COM.ibm.JEmpower.applet.AppletSecurity.checkRuntimePermission(AppletSecurity.java:1311) at COM.ibm.JEmpower.applet.AppletSecurity.checkPermission(AppletSecurity.java:1611) at COM.ibm.JEmpower.applet.AppletSecurity.checkPermission(AppletSecurity.java:1464) at java.lang.SecurityManager.checkExit(SecurityManager.java:744) at java.lang.Runtime.exit(Runtime.java:99) at java.lang.System.exit(System.java:275) at JavaAgent.NotesMain(Unknown Source) at lotus.domino.AgentBase.runNotes(Unknown Source) at lotus.domino.NotesThread.run(Unknown Source)

    Read the article

  • Handling form security

    - by Harun Baris Bulut
    So how do you maintain the form security about posting data to different page problem? For instance you have a member and he/she tries to change the personal settings and you redirected member to www.domain.com/member/change/member_id member changed the values and post the data to another page by changing the action with firebug or something else. For instance www.domain.com/member/change/member_id_2 How do you handle this problem without using sessions?

    Read the article

  • Which Secure Software Development Practices do you Employ?

    - by Michael Howard-MSFT
    I work on a project known as the Security Development Lifecycle (SDL) project at Microsoft (http://microsoft.com/sdl) - in short it's a set of practices that must be used by product groups before they ship products to help improve security. Over the last couple of years, we have published a great deal of SDL documentation, as customers ask for more information about what we're doing. But what I'd like to know is: 1) What are you doing within your organization to help improve the security of your product? 2) What works? What doesn't work? 3) How did you get management to agree to this work? Thanks.

    Read the article

  • How To Save Spring Security Logged In User In Session

    - by Brad Rhoads
    This code get's the currently logged in user, using the Spring Security Plugin (acegi): def principalInfo = authenticateService.principal() def person = null if (principalInfo != "anonymousUser" && principalInfo.username) { person = Person.findByUsername(principalInfo.username) } I would like then do: session.user = person This needs to be done after the user logs in. I can't figure out where to put my code to do this. It seem like it should be some place in the Login Controller, but I can't see where.

    Read the article

  • HTML5 Web DB Security

    - by darrenc
    Hi all! I'm looking into an offline web app solution using HTML5. The functionality is everything I need BUT the data stored can be directly queried right in the browser and therefore completely unsecure! Is there anyway to encrypt/hide so that the data is secure? Thanks, D.

    Read the article

  • Mobile security solutions

    - by techzen
    What are the mobile security solutions used by you / your organization. What are the pro's and cons of usage of these solution - and how far have you been successful in implementing these - were there any loopholes / issues faced in using them?. In general, can you suggest a set of guidelines to watch for when going for going for selecting a specific solution in this context.

    Read the article

  • Grails + Spring Security one field login

    - by Miguel
    Hi all Is it possible, using spring security plugin 0.5.3 with Grails 1.2.1, to authenticate a user using only one field? I mean, for example, making j_username and j_password fields in the authentication form equal previous to the authentication. I read it was possible to define j_username field in Config.groovy with acegi plugin, in older versions of the plugin. Now it uses SecurityConfig.groovy but the possibility of defining the field exists no more. Any ideas?? Thanks a lot, Miguel

    Read the article

  • Security of executing a command from php

    - by Nicolò Martini
    I'm writing a web application in which i use several thirdy party commands calling them with the exec function in PHP (for example, I render Latex formulas through a command-line program). My question is: what are the security issues of executing external command-line programs in php? What I have to be aware of? Can you give me a list of points to check? Thanks in advance.

    Read the article

  • HTML/JavaScript compation for security.

    - by BCS
    I just ran across this point that references a security vulnerability in Web Apps that depends on looking at the size of encrypted web pages to deduce what the uses is doing. The simplest solution to this I can think of would be to use a tool to minify all static content so that (after encryption) only a small number of result sizes exist so as to minimize the information available to an eavesdropper. Are there any tools for doing this?

    Read the article

  • Security Suggestions

    - by Kumar
    I am currently working on an ASP.NET 3.5 and C# web application which deals with users secure information like credit card numbers. What are some of the security measures which I need to take from an application development stand point so that I can sleep peacefully at night :)

    Read the article

  • Spring Security User

    - by DD
    What is best practise in Spring when creating a new user with custom attributes...to extend org.springframework.security.core.userdetails.User or to create the User in the UserDetailsService (this is the approach taken in the IceFaces tutorial). public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { AppUser user = userDAO.findUser(username); if (user == null) throw new UsernameNotFoundException("User not found: " + username); else { return makeUser(user); } } private User makeUser(AppUser user) { return new User(user.getLogin(), user .getPassword(), true, true, true, true, makeGrantedAuthorities(user)); }

    Read the article

< Previous Page | 36 37 38 39 40 41 42 43 44 45 46 47  | Next Page >