Search Results

Search found 52277 results on 2092 pages for 'web security'.

Page 40/2092 | < Previous Page | 36 37 38 39 40 41 42 43 44 45 46 47  | Next Page >

  • Security issues of running PHP scripts as the owner of the PHP file with suexec

    - by thomasrutter
    I'm using suexec to ensure that PHP scripts (and other CGI/FastCGI apps) are run as the account holder associated with the relevant virtual host. This allows for securing each users' scripts from reading/writing by other users. However, it occurs to me that this opens up a different security hole. Previously, the web server ran as an unprivileged user, with read-only access to user's files (unless the user changed the file permissions for some reason). Now, the web server can also write to user's files. So while I've prevented different users taking advantage of each other's scripts, I've made it so that in the event that some application has a remote code injection vulnerability, it now has not only read access but also write access to all that user's scripts and website. How can I deal with this? One idea I've had is to create a second user account for each user account in the system, so that each user has their own user account, and all their scripts are run under another user account. But that seems cumbersome.

    Read the article

  • How to share memory buffer across sessions in Django?

    - by afriza
    I want to have one party (or more) sends a stream of data via HTTP request(s). Other parties will be able to receive the same stream of data in almost real-time. The data stream should be accessible across sessions (according to access control list). How can I do this in Django? If possible I would like to avoid database access and use in memory buffer (along with some synchronization mechanism)

    Read the article

  • Exposing server uptime a potential security vulnerability?

    - by Edward Mazur
    I run a browser-based game and as part of a page with a bunch of game statistics, I have the server uptime listed. It's currently at 177 days and so someone mentioned to me that I shouldn't do this because a long uptime indicates the kernel is old and therefore missing security updates. This certainly sounds logical, but I searched around and couldn't find any evidence to support it. So I'm just wondering, is this indeed something I should not have exposed?

    Read the article

  • Creating avatar from uploaded image

    - by mamu
    We are using asp.net with .net 4.0 We want to allow users to upload any image and we want to create tiny avatar for uploaded image? What is the best way to convert uploaded images for avatar? We want to keep the same height width ratio if we can convert gif, bmp, jpg, png to one standard format it would be greate. Which could be the best format to convert it to? i think converting gif would be best option. am i correct? any open source option i can look at

    Read the article

  • Server Config on Github Security Considerations?

    - by Alan Griffith
    What are the security considerations of having my server configs in a repo on Github with world read-only access. I know to not include /etc/shadow and other password files. I'd like to share any of my good ideas and allow others to contribute, but I don't want to roll out a welcome mat for crackers.

    Read the article

  • Creating a modular web app?

    - by Khou
    If i was to design this application in modules (ie split a large app in smaller modular applications) I might design it like this, is this correct? MainApplicaionX the following 5 modules? Company Customer Employee Supplier Banking if Not How would you create this into a modular app?

    Read the article

  • Hosting images from unsecured servers (travelnow.com)

    - by i.am.not.aids
    Hi, My application needs to serve images hosted in travelnow.com (ie. this image) but the application only allow images hosted on a secured server (ie. https). What are my options? TravelNow's suggestion is as follows. How do I do this? Akamai image servers are not secure. Therefore you are unable to serve any of the image urls with a secure HTTPS URL. If you need to serve an image with HTTPS, you must temporarily save the image to your own secure server. This is suggested only for images to be saved as you use them or need them temporarily on the secure page. The hotel images file available from the Affiliate Center provides up to 1.5 million URLs at any time for all properties storing images in the Akamai system. It is not recommended or advised to store all files in advance on your own system since properties change and update images frequently. Although we are not responsible for the images each property stores on the Akamai system, YOU will be responsible for any customer issues arising from displaying outdated or saved image files on your own pages. Thanks! Adrian

    Read the article

  • Cache Web Application files locally (for responsiveness)

    - by jiewmeng
    is there a way i can cache all required application files on the local computer for speed without any disruption (at least those that can be run locally)? i want it to be able to start even without connection right from the start, isit possible? is Google Gears what i shld use? i heard theres a HTML5 feature/module for it?

    Read the article

  • Belarc Advisor (Store Passwords using Reversible Encryption)

    - by Steve
    Hi, I'm using Belarc Advisor to examine my PC. Part of BA is a security benchmark summary, which examines components of windows security and provides a benchmark rating. Two items are marked as Fail: - Store Passwords using Reversible Encryption - Password History Size I have opened the Local Security Settings tool from the Control Panel Administrative Tools, and ensured that the "Store passwords using reversible encryption" setting is enabled. Also, I've set the password history to a number. So I'm a bit miffed about the Fail marks. Any idea why the Fail marks appear? Any clues how I can Pass them? Thanks, Steve.

    Read the article

  • Security camera for HQ and remote sites?

    - by Atlas
    We want to install security cams at HQ site and 3 remotes sites. Basically: (1) Each site would have N cams (2) Each site should have DVR locally to record everything. What we want is that HQ to be able to see the live/recorded videos of each remote site and including itself. Preferably HQ would have 1 large screen, and display all cams of itself and remotes sites, say showing it in 32x32 cells. Does such system exists?

    Read the article

  • web service exception handling

    - by Jack
    I have a WebMethod that recevives following types of parameters: [WebMethod] User(long userid,int number) When Client send parameter with different types, I have to catch this error and write to database etc.. How can I solve this? Thanks.

    Read the article

  • Using mercurial for web-design version control (dealing with images)

    - by Acorn
    I'm very new to Version Control, and I was wondering if I could get some advice on how it can fit into website design. At the moment I'm working on a typical, simple website that includes images: A few .html files and a .css file One folder full of photographs Another folder with the corresponding thumbnails Can I just put the whole lot in a repository? Or is there a better way I could apply Version Control to it? How should I deal with the images? edit: How well will it work with changes to the images? What if I decide to try and optimise my photographs or resize them. I wont be able to see what exactly changed about the images, should comments be enough to keep track of that?

    Read the article

  • Where can I find a deliberately insecure open source web application?

    - by Phil Laliberte
    As a developer, I've learned that I usually gain a better understanding of best/worst practices through experience. The area of web application security isn't really somewhere where my organization can afford to let developers learn through trial and error. So looking for a hands-on approach to knowledge sharing of best practices in web application security, I was thinking that it would be useful to have an open source application that was deliberately built to be insecure in order to help teach junior developers about application security. Does anyone out there know where to find something like this?

    Read the article

  • Limiting database security

    - by Torbal
    A number of texts signify that the most important aspects offered by a DBMS are availability, integrity and secrecy. As part of a homework assignment I have been tasked with mentioning attacks which would affect each aspect. This is what I have come up with - are they any good? Availability - DDOS attack Integrity Secrecy - SQL Injection attack Integrity - Use of trojans to gain access to objects with higher security roles

    Read the article

  • Should I host my entire web application using https?

    - by user54455
    Actually my only requirement for using SSL encryption is that when a user logs in, the password is transferred encrypted. However after reading a bit about protocol switching, that an HTTPS session can't be taken over as an HTTP session etc. I've been asking myself if it's so bad to just have the entire application use HTTPS only. What are the reasons against it and how would you rate their importance? Please also mention: How much performance do I lose on server side (roughly)? How much performance do I lose on client side (roughly)? Any other problems on server / client side?

    Read the article

  • If I implement a web-service, how do I respond to POST requests with JSON?

    - by Vova Stajilov
    I have to make a rather complex system for my diploma work. Logically it will consist of the following components: Database Web-service Management with web interface Client iOS application that will consume web-service I decided to implement all the first three components under .NET. Firstly I will create a database depending on the information load - this is clear. But then I need a web-service that will return data in JSON format for iOS clients to consume - that's obvious and not that hard to implement. For this I will use WCF technology. Now I have a question, if I implement the web-service, how will I be able to respond to POST requests with JSON? It probably involves WCF JSON or something related? But I also need some web pages as admin part, so will this web-application be able to consume my centralized web-services as well or I should develop it separately? I just want my web service to act like a set of controllers. There is a related question here but this doesn't quite reflect my question.

    Read the article

  • One codebase - lots of hosted services (similar to a basecamp style service) - planning structure

    - by RickM
    We have built a service (PHP Based) for a client, and are now looking to offer it to other clients as a hosted service. For this example, think of it like a hosted forum service, where a client signs up on our site, and is given a subdomain or can use their own domain, and the code picks up the domain, checks it against a 'master' users table, and then loads the content as needed. I'm trying to work out the best way of handling multiple clients. At the moment I can only think of two options that would work: Option 1 - Have 1 set of database tables, but on each table have a column called 'siteid' - this would mean every query has to check the siteid. This would effectively work with just 1 codebase, and 1 database. Option 2 - Have 1 'master' database with all the core stuff such as the client details and their domain. Then when the systen checks the domain, it pulls the clients database details (username/password/dbname) from a table, and loads a second database. The issue here is security of the mysql server details, however it does have the benefit that they are running their own database instead of sharing one. Which option would I be better taking here, and why? Ideally I want it to be fairly easy to convert the 'standalone' script to the 'multi-domain' script as we're on a tight deadline.

    Read the article

  • Advice on designing web application with a 40+ year lifetime

    - by user2708395
    Scenario Currently, I am apart of a health care project whose main requirement is to capture data with unknown attributes using user generated forms by health care providers. The second requirement is that data integrity is key and that the application will be used for 40+ years. We are currently migrating the client's data from the past 40 years from various sources (Paper, Excel, Access, etc...) to the database. Future requirements are: Workflow management of forms Schedule management of forms Security/Role based management Reporting engine Mobile/Tablet support Situation Only 6 months in, the current (contracted) architect/senior programmer has taken the "fast" approach and has designed a poor system. The database is not normalized, the code is coupled, the tiers have no dedicated purpose and data is starting to go missing since he has designed some beans to perform "deletes" on the database. The code base is extremely bloated and there are jobs just to synchronize data since the database is not normalized. His approach has been to rely on backup jobs to restore missing data and doesn't seem to believe in re-factoring. Having presented my findings to the PM, the architect will be removed when his contract ends. I have been given the task to re-architect this application. My team consists of me and one junior programmer. We have no other resources. We have been granted a 6-month requirement freeze in which we can focus on re-building this system. I suggested using a CMS system like Drupal, but for policy reasons at the client's organization, the system must be built from scratch. This is the first time that I will be designing a system with a 40+ lifespan. I have only worked on projects with 3-5 year lifespans, so this situation is very new, yet exciting. Questions What design considerations will make the system more "future proof"? What experiences have you had in designing such systems - both failures and successes? What questions should be asked to the client/PM to make the system more "future proof"?

    Read the article

< Previous Page | 36 37 38 39 40 41 42 43 44 45 46 47  | Next Page >