Search Results

Search found 8253 results on 331 pages for 'secure coding'.

Page 40/331 | < Previous Page | 36 37 38 39 40 41 42 43 44 45 46 47  | Next Page >

  • Stuck with luasec LUA secure socket

    - by PeterMmm
    This example code fails: require("socket") require("ssl") -- TLS/SSL server parameters local params = { mode = "server", protocol = "sslv23", key = "server.key", certificate = "server.crt", cafile = "server.key", password = "123456", verify = {"peer", "fail_if_no_peer_cert"}, options = {"all", "no_sslv2"}, ciphers = "ALL:!ADH:@STRENGTH", } local socket = require("socket") local server = socket.bind("*", 8888) local client = server:accept() client:settimeout(10) -- TLS/SSL initialization local conn,emsg = ssl.wrap(client, params) print(emsg) conn:dohandshake() -- conn:send("one line\n") conn:close() request https://localhost:8888/ output error loading CA locations ((null)) lua: a.lua:25: attempt to index local 'conn' (a nil value) stack traceback: a.lua:25: in main chunk [C]: ? Not very much info. Any idea how to trace down to the problem ?

    Read the article

  • Is there anyone out there that codes like I do?

    - by Jacob Relkin
    Hi, Some people have told me that my coding style is a lot different than theirs. I think I am somewhat neurotic when it comes to spacing and indenting though. Here's a snippet to show you what I mean: - ( void ) applicationDidFinishLaunching: ( UIApplication *) application { SomeObject *object = [ [ SomeObject alloc ] init ]; int x = 100 / 5; object.someInstanceVariable = ( ( 4 * x ) + rand() ); [ object someMethod ]; } Notice how I space out all of my brackets/parentheses, start curly braces on the same line, "my code has room to breathe", so to speak. So my questions are a) is this normal and b) What's your coding style?

    Read the article

  • .NET WebService Security who can see and use.

    - by user295734
    Trying to firgure out how to test the security of a WebService. Is there some way to search a site for webservices? I have 2 applications one has a webservice and the other a reference to that service. I let visual studio build the reference in the App_WebReferences folder. The webservice works, but i started wondering, can anyone access this service from any website? If so, how can i test this? How do you search a site for webservices? Could I use jQuery/JSON code from a simple site to access a webservice? I guess if it is not secure, how do you secure a webservice?

    Read the article

  • How to secure phpMyAdmin

    - by Andrei
    Hi, I have noticed that there are strange requests to my website trying to find phpmyadmin, like /phpmyadmin/ /pma/ etc. Now I have installed PMA on Ubuntu via apt and would like to access it via webaddress different from /phpmyadmin/. What can I do to change it? Thanks

    Read the article

  • Secure database connection. DAL .net architecture best practice

    - by Andrew Florko
    We have several applications that are installed in several departments that interact with database via Intranet. Users tend to use weak passwords or store login/password written on a shits of paper where everybody can see them. I'm worried about login/password leakage & want to minimize consequences. Minimizing database-server attack surface by hiding database-server from Intranet access would be a great idea also. I'm thinking about intermediary data access service method-based security. It seems more flexible than table-based or connection-based database-server one. This approach also allows to hide database-server from public Intranet. What kind of .net technologies and best practices would you suggest? Thank in you in advance!

    Read the article

  • Creating secure .exe files in C#

    - by George
    Hi, I have heard some mutterings about C# being quite easy to "crack" and/or reverse engineer. Is this the case and if so, how can I go about preventing this, if possible ? Or at least making it more difficult ? Thanks, George.

    Read the article

  • Do you put a super() call a the beginning of your constructors?

    - by sleske
    This is a question about coding style and recommended practices: As explained in the answers to the question unnecessary to put super() in constructor?, if you write a constructor for a class that is supposed to use the default (no-arg) constructor from the superclass, you may call super() at the beginning of your constructor: public MyClass(int parm){ super(); // leaving this out makes no difference // do stuff... } but you can also omit the call; the compiler will in both cases act as if the super() call were there. So then, do you put the call into your constructors or not? On the one hand, one might argue that including the super() makes things more explicit. OTOH, I always dislike writing redundant code, so personally I tend to leave it out; I do however regularly see it in code from others. What are your experiences? Did you have problems with one or the other approach? Do you have coding guidelines which prescribe one approach?

    Read the article

  • How secure are GUIDs in terms of predictability?

    - by ssg
    We're using .NET's Guid.NewGuid() to generate activation codes and API keys currently. I wonder if that poses a security problem since their algorithm is open. .NET Guid uses Win32 CoCreateGuid and I don't know it's internals (possibly MAC address + timestamp?). Can someone derive a second GUID out of the first one, or can he hit it with some smart guesses or is the randomness good enough so search space becomes too big? Generating random keys have the problem of collision, they need a double check before adding to a database. That's why we stuck with GUIDs but I'm unsure about their security for these purposes. Here are the 4 consecutive UUIDGEN outputs: c44dc549-5d92-4330-b451-b29a87848993 d56d4c8d-bfba-4b95-8332-e86d7f204c1c 63cdf958-9d5a-4b63-ae65-74e4237888ea 6fd09369-0fbd-456d-9c06-27fef4c8eca5 Here are 4 of them by Guid.NewGuid(): 0652b193-64c6-4c5e-ad06-9990e1ee3791 374b6313-34a0-4c28-b336-bb2ecd879d0f 3c5a345f-3865-4420-a62c-1cdfd2defed9 5b09d7dc-8546-4ccf-9c85-de0bf4f43bf0

    Read the article

  • connecting to secure database from website host

    - by jim
    Hello all, I've got a requirement to both read and write data via a .net webservice to a sqlserver database that's on a private network. this database is currently accessed via a vpn connection by remote client software (on standard desktop machines) to get latest product prices and to upload product stock sales. I've been tasked with finding a way to centralise this access from a webservice that the clients then access, rather than them using the vpn route to connect directly to the database. My question is related to my .net service's relationship to the sqlserver database. What are the options for connecting to a private network vpn from a domain host in order to achive the functionality of allowing the webservice to both read and write data to the database. For now, I'm not too concerned about the client connectivity and security (tho i appreciate that this will have to be worked out too), I'm really just interested in discovering the options available in order to allow my .net webservice to connect to the private network in as painless and transparent a way as posible. The option of switching the database onto public hosting is not an option, so I have to work with the sdcenario as described above for now, unless there's a compelling rationale presented to do otherwise. thanks all... jim

    Read the article

  • Secure web service works in Firefox but not in IE7

    - by tridium
    I am trying to call a C# web service from one data center to another. I am able to load the web service properly in Firefox 3.6.3 but it does not load at all in Internet Explorer 7. When I try to install the application which relies on this web service, it can't find the web service at all, just like IE7. Is there any setting or configuration that would allow one browser to load it properly but not the other? I suspect that there's no firewall or that sort of problem because the web service loads for at least one browser.

    Read the article

  • connecting to secure database on private network from website host

    - by jim
    Hello all, I've got a requirement to both read and write data via a .net webservice to a sqlserver database that's on a private network. this database is currently accessed via a vpn connection by remote client software (on standard desktop machines) to get latest product prices and to upload product stock sales. I've been tasked with finding a way to centralise this access from a webservice that the clients then access, rather than them using the vpn route to connect directly to the database. My question is related to my .net service's relationship to the sqlserver database. What are the options for connecting to a private network vpn from a domain host in order to achive the functionality of allowing the webservice to both read and write data to the database. For now, I'm not too concerned about the client connectivity and security (tho i appreciate that this will have to be worked out too), I'm really just interested in discovering the options available in order to allow my .net webservice to connect to the private network in as painless and transparent a way as posible. [edit] the webservice will also be available to the retail website in order for it to lookup product info as well as allocate stock transfers to the same sqlserver db. it will therefore be located on the same domain as the retail site The option of switching the database onto public hosting is not feasible, so I have to work with the scenario as described above for now, unless there's a compelling rationale presented to do otherwise. thanks all... jim

    Read the article

  • Captcha Alternative, how secure?

    - by aslum
    I do the web page for my local library, and I was thinking it might be kind of appealing to have a "custom" captcha based on book covers. So serve up one of several dozen book covers, and have the patron filling out the form type the book title to prove they're human. Assuming I stripped the title/author info from the image and filename, would that be enough? Would the fact that it was a unique system on a fairly small website be enough to make it effective? Just how tricky are the spam bots these days? Would having the image name be the ISBN # be too obvious?

    Read the article

  • Secure Copy File from remote server via scp and os module in Python

    - by user1063572
    I'm pretty new to Python and programming. I'm trying to copy a file between two computers via a python script. However the code os.system("ssh " + hostname + " scp " + filepath + " " + user + "@" + localhost + ":" cwd) won't work. I think it needs a password, as descriped in How do I copy a file to a remote server in python using scp or ssh?. I didn't get any error logs, the file just won't show in my current working directory. However every other command with os.system("ssh " + hostname + "command") or os.popen("ssh " + hostname + "command") does work. - command = e.g. ls When I try ssh hostname scp file user@local:directory in the commandline it works without entering a password. I tried to combine os.popen commands with getpass and pxssh module to establish a ssh connection to the remote server and use it to send commands directly (I only tested it for an easy command): import pxssh import getpass ssh = pxssh.pxssh() ssh.force_password = True hostname = raw_input("Hostname: ") user = raw_input("Username: ") password = getpass.getpass("Password: ") ssh.login(hostname, user, password) test = os.popen("hostname") print test But I'm not able to put commands through to the remote server (print test shows, that hostname = local and not the remote server), however I'm sure, the conection is established. I thought it would be easier to establish a connection than always use "ssh " + hostname in the bash commands. I also tried some of the workarounds in How do I copy a file to a remote server in python using scp or ssh?, but I must admit due to lack of expirience I didn't get them to work. Thanks a lot for helping me.

    Read the article

  • Is there a secure p2p distributed database?

    - by p2pgirl
    I'm looking for a distributed hash table to store and retrieve values securely. These are my requirements: It must use an existing popular p2p network (I must guarantee my key/value will be stored and kept in multiple peers). None but myself should be able to edit or delete the key/value. Ideally an encryption key that only I have access to would be required to edit my key value. All peers would be able to read the key value (read-only access, only the key holder would be able to edit the value) Is there such p2p distributed hash table? Would the bittorrent distributed hash table meet my requirements?' Where could I find documentation?

    Read the article

  • Gathering entropy in web apps to create (more) secure random numbers

    - by H M
    after several days of research and discussion i came up with this method to gather entropy from visitors (u can see the history of my research here) when a user visits i run this code: $entropy=sha1(microtime().$pepper.$_SERVER['REMOTE_ADDR'].$_SERVER['REMOTE_PORT']. $_SERVER['HTTP_USER_AGENT'].serialize($_POST).serialize($_GET).serialize($_COOKIE)); note: pepper is a per site/setup random string set by hand. then i execute the following (My)SQL query: $query="update `crypto` set `value`=sha1(concat(`value`, '$entropy')) where name='entropy'"; that means we combine the entropy of the visitor's request with the others' gathered already. that's all. then when we want to generate random numbers we combine the gathered entropy with the output: $query="select `value` from `crypto` where `name`='entropy'"; //... extract(unpack('Nrandom', pack('H*', sha1(mt_rand(0, 0x7FFFFFFF).$entropy.microtime())))); note: the last line is a part of a modified version of the crypt_rand function of the phpseclib. please tell me your opinion about the scheme and other ideas/info regarding entropy gathering/random number generation. ps: i know about randomness sources like /dev/urandom. this system is just an auxiliary system or (when we don't have (access to) these sources) a fallback scheme.

    Read the article

  • Where to place web.xml outside WAR file for secure redirect?

    - by Silverhalide
    I am running Tomcat 7 and am deploying a bunch of applications delivered to me by a third party as WAR files. I'd like to force some of those apps to always use SSL. (All the "SSL" apps are in one service; other apps outside this discussion are in another service.) I've figured out how to use conf\web.xml to redirect apps from HTTP to HTTPS, but that applies to all applications hosted by Tomcat. I've also figured out how to put web.xml in an unpacked app's web-inf directory; that does the trick for that specific app, but runs the risk of being overwritten if our vendor gives us a new war file to deploy. I've also tried placing the web.xml file in various places under conf\service\host, or under appbase, but none seem to work. Is it possible to redirect some apps to SSL without forcing all apps to redirect, or to put the web.xml file inside the extracted WAR file? Here's my server.xml: <Service name="secure"> <Connector port="80" connectionTimeout="20000" redirectPort="443" URIEncoding="UTF-8" enableLookups="false" compression="on" protocol="org.apache.coyote.http11.Http11Protocol" compressableMimeType="text/html,text/xml,text/plain,text/javascript,application/json,text/css"/> <Connector port="443" URIEncoding="UTF-8" enableLookups="false" compression="on" protocol="org.apache.coyote.http11.Http11Protocol" compressableMimeType="text/html,text/xml,text/plain,text/javascript,application/json,text/css" scheme="https" secure="true" SSLEnabled="true" sslProtocol="TLS" keystoreFile="..." keystorePass="..." keystoreType="PKCS12" truststoreFile="..." truststorePass="..." truststoreType="JKS" clientAuth="false" ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA"/> <Engine name="secure" defaultHost="localhost"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> <Host name="localhost" appBase="webapps" unpackWARs="false" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"> </Host> </Engine> </Service> <Service name="mutual-secure"> ... </Service> The content of the web.xml files I'm playing with is: <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0" metadata-complete="true"> <security-constraint> <web-resource-collection> <web-resource-name>All applications</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <description>Redirect all requests to HTTPS</description> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> </web-app> (For conf\web.xml the security-constraint is added just before the end of the existing file, rather than create a new file.) My webapps directory (currently) contains only the WAR files.

    Read the article

  • Is there anyone out there that codes like me?

    - by Jacob Relkin
    Hi, Some people have told me that my coding style is a lot different than theirs. I think I am somewhat neurotic when it comes to spacing and indenting though. Here's a snippet to show you what I mean: - ( void ) applicationDidFinishLaunching: ( UIApplication *) application { SomeObject *object = [ [ SomeObject alloc ] init ]; int x = 100 / 5; object.someInstanceVariable = ( ( 4 * x ) + rand() ); [ object someMethod ]; } Notice how I space out all of my brackets/parentheses, start curly braces on the same line, "my code has room to breathe", so to speak. So my questions are a) is this normal and b) What's your coding style?

    Read the article

  • Does HTML5 make Javascript gaming safer (more secure)?

    - by Sean Madigan
    I know that Javascript is an incredibly unsecure way of programming a persistent game, where for instance you are doing battle calculations in an RPG and then award XP through linking to a PHP page when they win that adds XP to a database (since the player could make their own javascript to always win or just look at the PHP page that you get sent to when you win and just go there anyway). So with that said, I'm wondering if HTML5 makes multiplayer/persistent games any safer in this regard, since I know it still uses Javascript. Or am I still doomed to rely entirely on server-side scripting for doing any calculations that award the player?

    Read the article

  • ASP .NET MVC Secure all resources

    - by Tim
    How to enable Authentication on whole controller and disable only for certain action methods. I want authentication for all resources. If I write something like that: [Authorize] public class HomeController : BaseController { //This is public [UnAuthorized] public ActionResult Index() { ViewData["Message"] = "Welcome to ASP.NET MVC!"; return View(); } //This is private resource public ActionResult PrivateResource() { return View(); } } Then anyone can access this resource. Do you have any ideas how to make it better way?

    Read the article

  • PHP REMOTE_ADDR and secure sessions

    - by Christopher McCann
    One of the ways I have used to make securer sessions in the past is to also record the clients IP address and user agent at the handshake. Each time the client moves a page and calls session_start() I also check that the IP address and user agent stored is still the same to prevent hiijacking. But if someone is connecting from say a company network then all the users will probably have the same external static IP address and they could also really easily be using the same user agent. Is there other metrics I can use which are local only to the physical machine? Thanks

    Read the article

  • Unexpected key-value behavior in a Core Data Context

    - by ????
    If I create an array of strings (via key-value coding) containing the names of a Managed Object entity's attributes which are stored in the App Delegate the first time, I get an array of NSStrings without any problems. If I subsequently make the same call later from the same entry point in code, that same collection becomes an array of NULL objects- even though nothing in the Core Data Context has changed. One unappealing work-around involves re-creating the string array every time, but I'm wondering if anyone has a guess as to what's happening behind the scenes. // Return an array of strings with the names of attributes the Activity entity - (NSArray *)activityAttributeNames { #pragma mark ALWAYS REFRESH THE ENTITY NAMES? //if (activityAttributeNames == nil) { // Create an entity pointer for Activity NSEntityDescription *entity = [NSEntityDescription entityForName:@"Activity" inManagedObjectContext:managedObjectContext]; NSArray *entityAttributeArray = [[NSArray alloc] initWithArray:[[entity attributesByName] allValues]]; // Extract the names of the attributes with Key-Value Coding activityAttributeNames = [entityAttributeArray valueForKeyPath:@"name"]; [entityAttributeArray release]; //} return activityAttributeNames; }

    Read the article

  • What are some arguments to support the position that the Dojo JavasScript library is secure, accessi

    - by LES2
    We have developed a small web application for a client. We decided on the Dojo framework to develop the app (requirements included were full i18n and a11y). Originally, the web app we developed was to be a "prototype", but we made the prototype production quality anyway, just in case. It turns out that the app we developed (or a variant of it) is going to production (many months hence), but it's so awesome that the enterprise architecture group is a little afraid. 508c compliant is a concern, as is security for this group. I now need to justify the use of Dojo to this architecture group, explicitly making the case that Dojo does not pose a security risk and that Dojo will not hurt accessibility (and that Dojo is there to help meet core requirements). Note: the web app currently requires JavaScript to be turned on and a stylesheet to work. We use a relatively minor subset of Dojo: of course, dojo core, and dijit.form.Form, ValidationTextBox and a few others. We do use dojox.grid.DataGrid (but no drag N drop or editable cells, which are not fully a11y). I have done some research of my own, of course, but I any information or advice you have would be most helpful. Regards, LES2

    Read the article

< Previous Page | 36 37 38 39 40 41 42 43 44 45 46 47  | Next Page >