Search Results

Search found 8253 results on 331 pages for 'secure coding'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 41/331 | < Previous Page | 37 38 39 40 41 42 43 44 45 46 47 48  | Next Page >

  • What are some arguments to support the position that the Dojo JavasScript library is secure, accessi

    - by LES2
    We have developed a small web application for a client. We decided on the Dojo framework to develop the app (requirements included were full i18n and a11y). Originally, the web app we developed was to be a "prototype", but we made the prototype production quality anyway, just in case. It turns out that the app we developed (or a variant of it) is going to production (many months hence), but it's so awesome that the enterprise architecture group is a little afraid. 508c compliant is a concern, as is security for this group. I now need to justify the use of Dojo to this architecture group, explicitly making the case that Dojo does not pose a security risk and that Dojo will not hurt accessibility (and that Dojo is there to help meet core requirements). Note: the web app currently requires JavaScript to be turned on and a stylesheet to work. We use a relatively minor subset of Dojo: of course, dojo core, and dijit.form.Form, ValidationTextBox and a few others. We do use dojox.grid.DataGrid (but no drag N drop or editable cells, which are not fully a11y). I have done some research of my own, of course, but I any information or advice you have would be most helpful. Regards, LES2

    Read the article

  • Secure automated SSH/SFTP after reboot

    - by mozillalives
    I need to give a daemon ssh access to a particular server. Currently I have it setup to use ssh keys and a keychain, but the trouble with this method is if a reboot occurs. Unless I'm missing something, I would need to login after a system reboot and add the key to the keychain. Is there a way I could avoid/automate this? I'm considering using expect if I can't find any other way.

    Read the article

  • Making AJAX calls secure

    - by iamdadude
    What happens if a user looks at my JavaScript file, copies the content of a function and sends a request to my server using AJAX? And is there a way to properly protect against this from happening?

    Read the article

  • How to secure images with Rails?

    - by NotDan
    I have a gallery in my rails app that needs to only allow certain images to be shown to specific, logged in users. I am using Paperclip for image processing now, but it saves all images in a public folder available to anyone. Note that I don't have to use Paperclip if there is a better way, and I already have the login system in place. I just need a way to place the images in a non-public location, but still be able to serve them as needed. Is it possible to only allow these images to be served to authenticated users?

    Read the article

  • Symfony: Routing 'secure' and 'login' actions to another application

    - by Darmen
    Hello, Suppose we have 3 apps - appMain, app1 and app2. Applications 1 and 2 are protected, they have is_secure: true and everything works fine with sfDoctrineGuard plugin. A behavior I want to achieve is when a user is not authenticated, current application to forward him to another one, say appMain with defined module and action. Is that possible? Or can someone tell me where to dig about security mechanisms in symfony?

    Read the article

  • The 80 column limit, still useful?

    - by Tim Post
    Related: While coding, how many columns do you format for? Is there a valid reason for enforcing a maximum width of 80 characters in a code file, this day and age? I mostly use C, however this question is language agnostic. Its also subjective, so I'll tag it as such. Many individual projects set their own various coding standards, a guide to adjust your coding style. Many enforce an 80 column limit on code, i.e. don't force a dumb 80 x 25 terminal to wrap your lines in someone else's editor of choice if they are stuck with such a display, don't force them to turn off wrapping. Both private and open source projects usually have some style guidelines. My question is, in this day and age, is that requirement more of a pest than a helper? Does anyone still login via the local console with no framebuffer and actually edit code? If so, how often and why cant you use SSH? I help to manage a few open source projects, I was considering extending this limit to 110 columns, but I wanted to get feedback first. So, any feedback is appreciated. I can see the need to make certain OUTPUT of programs (i.e. a --help /h display) 80 columns or less, but I really don't see the need to force people to break up code under 110 columns long into 2 lines, when its easier to read on one line. I can also see the case for adhering to an 80 column limit if you're writing code that will be used on micro controllers that have to be serviced in the field with a god-knows-what terminal emulator. Beyond that, what are your thoughts? Edit: This is not an exact duplicate. I am asking very specific questions, such as how many people are actually still using such a display. I am also not asking "what is a good column limit", I'm proposing one and hoping to gather feedback. Beyond that, I'm also citing cases where the 80 column limit is still a good idea. I don't want a guide to my own "c-style", I'm hoping to adjust standards for several projects. If the duplicate in question had answered all of my questions, I would not have posted this one :) That will teach me to mention it next time. Edit 2 question |= COMMUNITY_WIKI

    Read the article

  • How secure is .htaccess protected pages

    - by Steven smethurst
    Are there any known flaws with htaccess protected pages? I know they are acceptable to brute force attacks as there is no limit to the amount of times someone can attempt to login. And a user can uploaded and execute a file on the server all bets are off... Anything other .htaccess flaws?

    Read the article

  • Best Practices For Secure APIs?

    - by Ferrett Steinmetz
    Let's say I have a website that has a lot of information on our products. I'd like some of our customers (including us!) to be able to look up our products for various methods, including: 1) Pulling data from AJAX calls that return data in cool, JavaScripty-ways 2) Creating iPhone applications that use that data; 3) Having other web applications use that data for their own end. Normally, I'd just create an API and be done with it. However, this data is in fact mildly confidential - which is to say that we don't want our competitors to be able to look up all our products every morning and then automatically set their prices to undercut us. And we also want to be able to look at who might be abusing the system, so if someone's making ten million complex calls to our API a day and bogging down our server, we can cut them off. My next logical step would be then to create a developers' key to restrict access - which would work fine for web apps, but not so much for any AJAX calls. (As I see it, they'd need to provide the key in the JavaScript, which is in plaintext and easily seen, and hence there's actually no security at all. Particularly if we'd be using our own developers' keys on our site to make these AJAX calls.) So my question: after looking around at Oauth and OpenID for some time, I'm not sure there is a solution that would handle all three of the above. Is there some sort of canonical "best practices" for developers' keys, or can Oauth and OpenID handle AJAX calls easily in some fashion I have yet to grok, or am I missing something entirely?

    Read the article

  • How to secure connection strings in VS?

    - by salvationishere
    I see several others have posted this question, however, none of the solutions I've tried have fixed this yet. I have a 32-bit XP running VS 2008 and I am trying to encrypt my connection string in my web.config file. But I am getting the error: The configuration section '...' was not found. Failed! The command I give it: C:\Program Files\Microsoft Visual Studio 9.0\VCAspnet_regiis.exe -pe "system.we b/AdventureWorksConnectionString2" -app "/Documents and Settings/Admin/My Docume nts/Visual Studio 2008/Projects/AddFileToSQL2" Also, how does -app map virtual directory? In other words the path above is the directory right below c:. Is this the correct path to use? And AddFileToSQL2 is the name of my project, although it is part of the AddFileToSQL solution. I have this folder web shared with all of the permissions. And the relevant part of my web.config file: <add name="AdventureWorksConnectionString2" connectionString="Data Source=SIDEKICK;Initial Catalog=AdventureWorks;Persist Security Info=true; User ID=AdventureWorks;Password=sqlMagic" providerName="System.Data.SqlClient" />

    Read the article

  • Cross domain secure cookie usage?

    - by asdasda
    I have a website that came with a SSL site for HTTPS but its on a different server. Example being my website: http://example.com my SSL site: http://myhostingcompany.com/~myuseraccount/ So I can do transactions over HTTPS and we have user accounts and everything but it is located on a different domain. The cookie domain is set for that one. Is there a way I can check on my actual site to see if a cookie is set for the other one? And possibly grab its data and auth a user? I think this violates a major principle of security and can't be done for good reasons, but am i wrong? is this possible?

    Read the article

  • Notepad++ regular expression find and replace $_REQUEST with $_GET but a more secure

    - by David
    What I am doing is replacing, in a large program, all $_REQUEST['var'] and mysql_escape_string($_REQUEST['var']) with either the 1st or 2nd line below the dotted line. Now, I have figured out this much of the regular expression but I would like to make it simpler. Instead of having to run the top one first then the 2nd one I would like to just run one all together. I tried this but it did not work. (mysql_escape_string\()*$_REQUEST\[\'([^']*)\'\]\)(\)*) So below is what works but again have to do it twice. $_REQUEST\[\'([^']*)\'\] mysql_escape_string\($_REQUEST\[\'([^']*)\'\]\) (isset($_GET['\1'])?mysql_real_escape_string($_GET['\1']):false) (isset($_POST['\1'])?mysql_real_escape_string($_POST['\1']):false) ============================ Update: Yeah, after some research I figured out that Notepad++ does not support most regular expressions. I guess one additional step can not hurt a person. It's just laziness. *NOTE: BUT if anyone wants to try feel free to comment. At least it is just 2 steps and not 20.

    Read the article

  • MVC Pages that require the user to be logged in

    - by keithjgrant
    I'm working on a little MVC framework and I'm wondering what the "best way" is to structure things so secure pages/controllers always ensure the user is logged in (and thus automatically redirects to a login page--or elsewhere--if not). Obviously, there are a lot of ways to do it, but I'm wondering what solution(s) are the most common or are considered the best practice. Some ideas I had: Explicitly call user->isLoggedIn() at the beginning of your controller action method? (Seems far too easy to forget and leave an important page unsecure on accident) Make your controller extend a secureController that always checks for login in the constructor? Do this check in the model when secure information is requested? (Seems like redundant calls would be made) Something else entirely? Note: I'm working in PHP, though the question is not language-dependent.

    Read the article

  • How secure is encryption?

    - by Stomped
    Let me preface this by saying I know nothing about encryption. I understand the basic concept of public key / private key encryption but I don't how easily it can be broken, if at all. If one were to believe the movies, encrypted data can be broken by a teenager with a decent computer in a few hours. I have a client who wants credit card information sent via email - encrypted of course, but I'm still not feeling terribly good about the idea. I feel it would be safer to store the info on the VPS, but even then its an unmanaged server and there's nobody watching it who knows much about security. So can anyone tell me if there's a safe way to store and/or send this data out? Thanks

    Read the article

  • How can I secure my $_GETs in PHP?

    - by ggfan
    My profile.php displays all the user's postings,comments,pictures. If the user wants to delete, it sends the posting's id to the remove.php so it's like remove.php?action=removeposting&posting_id=2. If they want to remove a picture, it's remove.php?action=removepicture&picture_id=1. Using the get data, I do a query to the database to display the info they want to delete and if they want to delete it, they click "yes". So the data is deleted via $POST NOT $GET to prevent cross-site request forgery. My question is how do I make sure the GETs are not some javascript code, sql injection that will mess me up. here is my remove.php //how do I make $action safe? //should I use mysqli_real_escape_string? //use strip_tags()? $action=trim($_GET['action']); if (($action != 'removeposting') && ($action != 'removefriend') && ($action != 'removecomment')) { echo "please don't change the action. go back and refresh"; header("Location: index.php"); exit(); } if ($action == 'removeposting') { //get the info and display it in a form. if user clicks "yes", deletes } if ($action =='removepicture') { //remove pic } I know I can't be 100% safe, but what are some common defenses I can use. EDIT Do this to prevent xss $action=trim($_GET['action']); htmlspecialchars(strip_tags($action)); Then when I am 'recalling' the data back via POST, I would use $posting_id = mysqli_real_escape_string($dbc, trim($_POST['posting_id']));

    Read the article

  • Best way to secure a file.

    - by JACK IN THE CRACK
    Basically I need to like IDK encrypt a .zip file with some images and documents etc. Like it doesn't need to be .zip tho, just how can I encrypt a bunch of files with like a password or something. I NEED tHE ULTIMATE UNCRACKED PROTECTION. Now I'm a hacker, I know that anything can be hacked given enough time and effort. But I'm looking for top of the line....

    Read the article

  • How should I compress a file with multiple bytes that are the same with Huffman coding?

    - by Omega
    On my great quest for compressing/decompressing files with a Java implementation of Huffman coding (http://en.wikipedia.org/wiki/Huffman_coding) for a school assignment, I am now at the point of building a list of prefix codes. Such codes are used when decompressing a file. Basically, the code is made of zeroes and ones, that are used to follow a path in a Huffman tree (left or right) for, ultimately, finding a byte. In this Wikipedia image, to reach the character m the prefix code would be 0111 The idea is that when you compress the file, you will basically convert all the bytes of the file into prefix codes instead (they tend to be smaller than 8 bits, so there's some gain). So every time the character m appears in a file (which in binary is actually 1101101), it will be replaced by 0111 (if we used the tree above). Therefore, 1101101110110111011011101101 becomes 0111011101110111 in the compressed file. I'm okay with that. But what if the following happens: In the file to be compressed there exists only one unique byte, say 1101101. There are 1000 of such byte. Technically, the prefix code of such byte would be... none, because there is no path to follow, right? I mean, there is only one unique byte anyway, so the tree has just one node. Therefore, if the prefix code is none, I would not be able to write the prefix code in the compressed file, because, well, there is nothing to write. Which brings this problem: how would I compress/decompress such file if it is impossible to write a prefix code when compressing? (using Huffman coding, due to the school assignment's rules) This tutorial seems to explain a bit better about prefix codes: http://www.cprogramming.com/tutorial/computersciencetheory/huffman.html but doesn't seem to address this issue either.

    Read the article

  • How to make MAMP PRO / XAMPP secure enough to serve as production webserver? Is it possible?

    - by Andrei
    Hi, my task is to setup a MAMP webserver for our website in the easiest way so it can be managed by my colleagues without experience in server administration. MAMP PRO is an excellent solution, but some guys don't suggest to use it for serving external requests. Could you explain why it is bad (in details if possible) and how to make it secure enough to be a full-scale and not-only-local webserver? Is there a better solution? Update There is a discussion on the MAMP website. XAMPP developers say that one can make their product secure: The default configuration is not good from a securtiy point of view and it's not secure enough for a production environment - please don't use XAMPP in such environment. Since LAMPP 0.9.5 you can make your XAMPP installation secure by calling »/opt/lampp/lampp security«. Could you comment it?

    Read the article

  • Which is more secure: Tomcat standalone or Tomcat behind Apache?

    - by NoozNooz42
    This question is not about performance, nor about load-balancing, etc. Which would be more secure: running Tomcat in standalone mode or running Tomcat behind apache? The thing is, Tomcat is written in Java and hence it is pretty much immune to buffer overrun/overflow (unless a buffer overrun in a C-written lib used by Tomcat can be triggered, but they're rare [the last I remember was in zlib, many many moons ago] and one heck of a hack to actually exploit), which gets rid of a lot of potential exploits. This page: http://wiki.apache.org/tomcat/FAQ/Security has this to say: There have been no public cases of damage done to a company, organization, or individual due to a Tomcat security issue... there have been only theoretical vulnerabilities found. All of those were addressed even though there were no documented cases of actual exploitation of these vulnerabilities. This, combined with the fact that buffer overrun/overflow are pretty much non-existent in Java, makes me believe that Tomcat in standalone mode is pretty secure. In addition to that, I can install both Java and Tomcat on Linux without needing to be root. The only moment I need to be root is to set up a transparent port 8080 to port 80 forwarding (and 8443 to 443). Two iptables line as root, that's all root is needed for. (I don't know for Apache). Apache is much more used than Tomcat and definitely does not have a security track record as good as Tomcat. What would make Tomcat + Apache more secure? What would make Tomcat + Apache less secure? In short: which is more secure, Tomcat standalone or Tomcat with Apache? (remembering that performance aren't an issue here)

    Read the article

  • How should I store and secure self-signed certificates?

    - by Anthony Mastrean
    I'm fairly certain I shouldn't commit certificates into source control. Even if the repository is private and only authenticated coworkers (for example) have access to it. That would allow for accidental exposure (thumb drives, leaked credentials, whatever). But, how should I store and secure certificates? I don't suppose I should just plop them on the network file server, for some of the same reasons I wouldn't put them into source control, right? Is there some kind of secure certificate store that I can run? Does the Java "keystore" do that generally or is it specific for like weblogic servers or something?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 37 38 39 40 41 42 43 44 45 46 47 48  | Next Page >