Search Results

Search found 13196 results on 528 pages for 'security audit'.

Page 405/528 | < Previous Page | 401 402 403 404 405 406 407 408 409 410 411 412 | Next Page >

accessing pdf via https URL

- by Paul

I send out a newsletter email containing URLs to a https website that then redirects to a pdf document. On first invocation of a URL the user is prompted with the typical https browser "security alert" popup, on selecting "Yes" the display of the PDF fails. The HTTP Header on the failed response is: HTTP/1.1 200 OK Server: ECS/HTTP-Server Date: Tue, 16 Mar 2010 15:57:26 GMT Content-type: application/pdf Content-language: en-US Set-cookie: JSESSIONID=0000r111cRz1Vc-PtCJg8Cdu4eR:-1; Path=/ Expires: Thu, 01 Dec 1994 16:00:00 GMT Cache-control: no-cache="set-cookie, set-cookie2" Connection: close Subsequent invocations of the URL successfully opens the PDF (at this point we have the session id cookie set by the initial failed request). The HTTP Header on the successful response is: HTTP/1.1 200 OK Server: ECS/HTTP-Server Date: Tue, 16 Mar 2010 16:53:03 GMT Content-type: application/pdf Content-language: en-US Connection: close The email client is Lotus Notes 6.5 which launches an IE6 browser Any ideas?

Read the article
samba windows gvim & "READ ERRORS"

- by l.thee.a

I have a samba server on my embedded box. I was planning to use it to edit files easily. However when I open files on my windows machine, I get read errors. I have tried textpad, gvim and kate(andLinux). On gvim I first get "write error in swap file" and it is replaced by "[READ ERRORS]". If I access the same file through pyNeighborhood (ubuntu) I can read/write/delete etc. Samba security is set to share and guest user is root. Also if I move the file to my ubuntu samba server, I get no problems. Any ideas? PS: I am using smbd 3.0.25b.

Read the article
Salting example in Zend Framework

- by Geoffrey

Hello all, I am pretty new to the Zend framework and looking to build an application with pretty tight password security. I have been trying to follow the user guides in relation to password salting but haven't had any luck so far. I have setup my database and table adapter (As described in the documentation on the Zend Framework site but it didn't seem to finish the example (or I am not following well enough!) I have started with: $authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter, 'users', 'username', 'password', "MD5(CONCAT('".Zend_Registry::get('staticSalt')."', ?, password_salt))" ); But from here, what is done with the password salt? I just need an example and I'll be away! Does anyone have an example or point me in the right direction?? Many thanks!

Read the article
What is a read only collection in C#?

- by acidzombie24

I ran a security code analyst i found myself having a CA2105 warning. I looked at the grade tampering example. I didnt realize you can assign int[] to a readonly int. I thought readonly was like the C++ const and makes it illegal. The How to Fix Violations suggest i clone the object (which i dont want to do) or 'Replace the array with a strongly typed collection that cannot be changed'. I clicked the link and see 'ArrayList' and adding each element one by one and it doesnt look like you can prevent something adding more. So when i have this piece of code what is the easiest or best way to make it a read only collection? public static readonly string[] example = { "a", "b", "sfsdg", "sdgfhf", "erfdgf", "last one"};

Read the article
What are the main benefits of implementing a virtual machine as part of an application?

- by Marplesoft

Several databases I've been looking at recently implement a virtual machine internally to perform the respective data reads and writes. For an example, check out this article on SQLite's virtual machine they call the 'VDBE'. I'm curious as to what the benefits of such an architecture are. I would assume performance is one but why would a virtual machine like this run faster? In fact, it seems to be that this extra layer could cause it to run slower. So perhaps it's for security? Or portability? Anyway, just curious about this.

Read the article
protect flash files

- by user172697

Hello Ive a website that create avatars for users and provide them with link for avatar to use it in their website or singuters etc , my problems is the website based on flash . the main page has 1 swf file that load other swfs used to create avatars , if someone knows the link for the these swf files he can download them which means he can have all the website lets say: www.test.com as main page which load main swf and other swfs files which located at www.test.com/resources/flash/swffiles/file1.swf anyone can grap these files and have all the website which is a big security breach ive trying so many way protect these files from not download but protecting them means the main swf cant talk to them and cant load the main page correctaly , any suggestion for these .. thanks in advance

Read the article
How to generate a cryptographically secure Double between 0 and 1?

- by Portman

I know how to generate a random number between 0 and 1 using the NextDouble method of the pseudo-random number generator. var rng1 = new System.Random(); var random1 = rng1.NextDouble(); // generates a random double between 0 and 1.0 And I know how to fill a random byte array using the cryptographically secure random number generator. Byte[] bytes = new Byte[8]; var rng2 = new System.Security.Cryptography.RNGCryptoServiceProvider(); rng2.GetBytes(bytes); // generates 8 random bytes But how can I convert the byte-array output of RNGCryptoServiceProvider into a random number between 0 (inclusive) and 1 (exclusive)?

Read the article
Class Not found exception in JApplet.

- by Nitesh Panchal

Hello, I created a simple Applet using JApplet and everything seems to work fine but as soon i create an object of my userdefined class named ChatUser in my applet, i get this error :- SEVERE: java.lang.ClassNotFoundException: applet.ChatUser at com.sun.enterprise.loader.ASURLClassLoader.findClassData(ASURLClassLoader.java:713) at com.sun.enterprise.loader.ASURLClassLoader.findClass(ASURLClassLoader.java:626) at java.lang.ClassLoader.loadClass(ClassLoader.java:307) at java.lang.ClassLoader.loadClass(ClassLoader.java:252) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:247) at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:604) at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1575) at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1496) at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1732) at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:351) at misc.ChatClient.run(ChatClient.java:43) Any idea what can be wrong? It only happens when i create an object of any user defined class. Do i need to set some security settings or something? Please help :(

Read the article
How can I launch a system command via Javascript in Google Chrome?

- by kvsn

I want to execute a local program on my computer via Javascript in Chrome. In Firefox, it can be done as follows (after setting 'signed.applets.codebase_principal_support' to true in about:config): function run_cmd(cmd, args) { netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect"); var file = Components.classes["@mozilla.org/file/local;1"] .createInstance(Components.interfaces.nsILocalFile); file.initWithPath(cmd); var process = Components.classes["@mozilla.org/process/util;1"] .createInstance(Components.interfaces.nsIProcess); process.init(file); process.run(false, args, args.length); } What's the equivalent code for Chrome?

Read the article
c# xml string special characters

- by sam

Please help explain why the dataset cannot read the encoded xml? string xml = "<?xml version=\"1.0\" standalone=\"yes\" ?> <DataSet><node>it's my \"node\" & i like it</node></DataSet>"; string encodedXml = System.Security.SecurityElement.Escape(xml); DataSet ds = new DataSet(); ds.ReadXml(New XmlTextReader(new StringReader(encodedXml))); I have checked the link http://weblogs.sqlteam.com/mladenp/archive/2008/10/21/Different-ways-how-to-escape-an-XML-string-in-C.aspx What i want to do is to read a string with special characters into a dataset. But the code cannot locate the special characters in the string, c# added all the \ so the linenumber is not accurate generated by XmlException object. Anyone could provide the code to read a string with special characters into a dataset. thanks very much

Read the article
database design suggesion

- by Bharanikumar

Hi , am going to start new travel site, I want some advise from guru's regarding database design , Things coming to picture are, Book taxi online , This is the core idea, So i like to implement lot of jquery,ajax stuff in my site , Main thing site must run veryt fast,safe,security, In mysql , which typw shall i use, MYISAM OR INNODB Which is best type for ajax works, fast,safe ,secure ,performance view . This is my demo site, Just look this site, i implemented some ajax stuff here, my-url In this site please choose the postcode in the taxifrom tab, It ask you value please enter, just enter nw7 , See How long it will take for response,some time no response and system goes to hang or idle mode, Also please look the diversion , select No diversion, There you will list of textbox, enter the nw3 then hit the search icon , See after 80seconds only , you will get response from DB, See this too bad response ... This is DB , my Database type if myisam ,no idexing , no fulltext and nothing...no constraints, So please advise me , which database type i choose, Myisam or innodb, Thanks Bharanikumar

Read the article
NoClassDefFoundError points to the wrong class.

- by Sora

I'm validating the installation of a program that consists of a few separate modules. They are not co-dependent. I have apple.jar and orange.jar, they are placed in the same folder and were developed in the same project, but run independent of each other. Running apple.jar goes fine, but orange.jar gives me a NoClassDefFoundError pointing to apple.jar. /usr/java/jre1.6.0_14/bin/java -jar validator.jar Exception in thread "main" java.lang.NoClassDefFoundError: orange/client/Apple Caused by: java.lang.ClassNotFoundException: orange.client.Apple at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClassInternal(Unknown Source) Could not find the main class: validator/client/StormDataXMLGenerator. Program will exit. The manifest file lists Orange as the correct main class. Main-Class: orange/client/Orange Anybody know why it's giving me the NoClassDefFoundError? Thanks in advance!

Read the article
Check for Existence of a Result in Linq-to-xml

- by NateD

I'm using Linq-to-XML to do a simple "is this user registered" check (no security here, just making a list of registered users for a desktop app). How do I handle the result from a query like this: var people = from person in currentDoc.Descendants("Users") where (string)person.Element("User") == searchBox.Text select person; I understand the most common way to use the result would be something like foreach (var line in people){ //do something here } but what do you do if person comes back empty, which is what would happen if the person isn't registered? I've looked around on this site and on MSDN and haven't found a really clear answer yet. Extra credit: Give a good explanation of what people contains.

Read the article
Prepend 'www' to an HTTPS url using .htaccess & mod_rewrite

- by webfac

I have a dilemma with this one. With the following code I am able to force SSL on any non SSL url, however when the user (and results from Google) take the user to http://mysite.co.za then we hit an issue as the url is then rewritten to https://mysite.co.za Due to the fact that my certificate is bound to www.mysite.co.za it immediately throws a security error because of the missing 'www' in the url. Can someone point out a way to add the www to the domain when the domain starts with HTTPS and not HTTP? Much appreciated. And the current code to add the https:// is as follows: RewriteCond %{HTTP_HOST} !^www\. RewriteCond %{HTTPS}s ^on(s)| RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Read the article
Possible to use Javascript to get data from other sites?

- by Xavier

Is it possible for a web page using Javascript to get data from another website? In my case I want to get it for calculations and graphing a chart. But I'm not sure if this is possible or not due to security concerns. If it is considered a no no but there is a work around I would appreciate being told the work around. I don't want to have to gather this information on the server side if possible. Any and all help is appreciated.

Read the article
What are the app pool identity and account for anonymous access for?

- by apollodude217

I understand what the two are used for, except I don't know what each does--i.e. what one is for vs. what the other is for. (I usually set them to the same account anyway.) If you're not sure what accounts I'm talking about, in the IIS manager thingy: Right-click on the app pool in question, go to Properties, and click the Identity tab to see the App Pool Identity. Right-click a Web site, go to Properties - Directory Security, and click Edit under Anonymous Access and authentication control to view the Account for anonymous access.

Read the article
SQL Server Agent 2005 job runs but no output

- by alimack

Essentially I have a job which runs in BIDS and as as a stand lone package and while it runs under the SQL Server Agent it doesn't complete properly (no error messages though). The job steps are: 1) Delete all rows from table; 2) Use For each loop to fill up table from Excel spreasheets; 3) Clean up table. I've tried this [MS page][1] (steps 1 & 2), didn't see any need to start changing from Server side security. Also SQLServerCentral.com for [this page][2], no resolution. How can I get error logging or a fix? Note I've reposted this from Server Fault as it's one of those questions that's not pure admin or programming. I have logged in as the proxy account I'm running this under, and the job runs stand alone but complains that the Excel tables are empty?

Read the article
What keying option does the keychain use?

- by Rudiger

I have read into the keychain and have found that it uses Triple DES. What I can't find is what keying option it uses. I am guessing / hoping that its keying option 1 where all 3 passwords are unique but if thats the case I can only think of two passwords it can use (user password and App ID that comes from your dev cert) so where is the third coming from? Is it a key private to Apple? If its keying option 2 (first and third key are the same) it might not be secure enough for our company to rely on. Although that might sound paranoid I have to justify to our security department that it is secure enough.

Read the article
Multitenant shared user account?

- by jpartogi

Dear all, Based on your experience, which is the route to go for a multi-tenant user login? One user login per account. Which means if there is one user that has access to multiple account, there will be redundancy of record in the database One user login for all account that she has privileges to. Which means one user record has access to multiple account if she has privileges to that account. From your experience, which one is better and why? I was thinking to choose the latter, but I don't know whether it will cause security issue or less flexibility. Thank you for sharing your experience.

Read the article
anonymous access disabled but...

- by Melody Friedenthal

My web app (asp VB 2005) uses Windows authentication. If the user isn't part of a specific AD security group they don't get to edit the data; instead I redirect the user to a read-only page. The program works fine in the IDE. I published the web app to my laptop and Disabled anonymous access. When I ran the program I got redirected to the read-only page. I added a write event to the application event log to see what was going on, and found that the WindowsPrincipal.Identity.Name contained my laptop's ID, not my user name. I reassert: anonymous access is disabled in IIS and the web.config file has Windows Authentication. Can anyone suggest what else to check? Or can you explain what's going on?

Read the article
Authenticating to multiple OUs in Active Directory

- by Jaxidian

I'm using the Active Directory Membership Provider with the following configuration: <connectionStrings> <add name="MyConnString" connectionString="LDAP://domaincontroller/OU=Product Users,DC=my,DC=domain,DC=com" /> </connectionStrings> <membership defaultProvider="MyProvider"> <providers> <clear /> <add name="MyProvider" connectionStringName="MyConnString" connectionUsername="my.domain.com\service_account" connectionPassword="biguglypassword" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </membership> This works perfectly except it requires ALL of my users to be in the "Product Users" OU when I would actually like to have all of my users organized into various child OUs under our "Product Users" OU. Is this possible? (Note that this is a partial repost of this question but the question I'm asking here was never answered there.)

Read the article
How safe is JSONP implementation for login functionality

- by MKS

Hi Guys, I am using JSONP for login authentication, below is sample JQuery Code: $.ajax({ type:"GET", url: "https://staging/login/Login.aspx", // Send the login info to this page data: str, dataType: "jsonp", timeout: 200000, jsonp:"skywardDetails", success: function(result) { //Do something after the success } }); In above code, I am having HTTPS page for authentication, from my login dailog box, I am sending username and password to my login.aspx page, which calls "WEB SERVICE" taking input send by the login dialog page and return the users details as JSONP object. My question is that, how safe is above implementation and do also suggest how can I improve my security implementation. Thanks!

Read the article
cURL PHP Proper SSL between private servers with self-signed certificate

- by PolishHurricane

I originally had a connection between my 2 servers running with CURLOPT_SSL_VERIFYPEER set to "false" with no Common Name in the SSL cert to avoid errors. The following is the client code that connected to the server with the certificate: curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,FALSE); curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,2); However, I recently changed this code (set it to true) and specified the computers certificate in PEM format. curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,TRUE); curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,2); curl_setopt($ch,CURLOPT_CAINFO,getcwd().'/includes/hostcert/Hostname.crt'); This worked great on the local network from a test machine, as the certificate is signed with it's hostname for a CN. How can I setup the PHP code so it only trusts the hostname computer and maintains a secure connection. I'm well aware you can just set CURLOPT_SSL_VERIFYHOST to "0" or "1" and CURLOPT_SSL_VERIFYPEER to "false", but these are not valid solutions as they break the SSL security.

Read the article
App logicstics & changes due to scope creep

- by Kevin Brown

I started an app that was initially a testing platform--user management, and managers that can view their employees tests. Recently, functionality has been extended (not built yet) to allow users to complete a test in place of an employee--basically adding a record, but no user. I have three tables in use for this: users(contains user info for login/security), profiles (all personal info: address, height, etc.), and survey (contains survey answers for user). How do I extend my application to encompass this functionality with minimal change to the structure? I assume that the best way to do this would be to insert records to the tables profiles and survey, and have no username/password/email? There MUST be a user_id associated b/c the tables are linked through the user_ids...

Read the article
How to communicate/share a session between pages over HTTP and HTTPS

- by spirytus

What is common practice for coding web applications where part of the site has to be secured (e.g. checkout section) and part not necessarily, let's say homepage? As far as I know sharing sessions in between HTTP and HTTPS parts of the site is not easily possible (or is it?). What would be common approach if I wanted to display on HTTP page like homepage, shopping cart data (items) that users ordered on HTTPS pages? How those two parts of the site would communicate if necessary? Also isn't it security flaw in popular shopping carts as it seems that many of these have only checkout pages secured (SSL) and the rest not? I'm using PHP if it makes any difference.

Read the article

< Previous Page | 401 402 403 404 405 406 407 408 409 410 411 412 | Next Page >