Search Results

Search found 3707 results on 149 pages for 'secure'.

Page 44/149 | < Previous Page | 40 41 42 43 44 45 46 47 48 49 50 51  | Next Page >

  • asp:Login control requests

    - by Dean
    Hi All, ran into an issue, we are using webforms with a site with this dir structure: root: / secure : /securepages/ we only want users who are logged in to access /securepages/. currently we are using the login control, 3.5, forms auth, all is working ok but know we have thrown assl cert into the mix and the issue is that the login control is requesting WebResource.axd?d=XukT0PE1PS-iOKw3RT8Z6g2&t=633834231612265882 from the non secure url e.g. ht tp://www.mysite.com/WebResource.axd?d=XukT0PE1PS-iOKw3RT8Z6g2&t=633834231612265882 . This causes the browser to prompt the user to download unsecure content. I am using some redirecting in the global.asax to handle redirection to https://xx xxxlogin.aspx if login.aspx it requested from http://. thanks

    Read the article

  • rpcbind authorization problems

    - by Milan
    Hy, I am using rpcbind (SunRPC) on Arch linux and python rpc.py (wich use standard python socket module) interface for comunication with it, but every time I try to send request for registration or unregistration to rpcbind I get message that I am rejected for security reasons. Only situation when everything works is that when I call rpcbind in insecure mode (rpcbind -i) but I realy want to make everything works in secure mode.I found information from rpcbind datasheet that i can make request in secure mode only from loopback address, but I have tried every aproach i had knew to make such socket and everything fall down. Please help me. Thank you

    Read the article

  • ASP.NET Request.ServerVariables["SERVER_PORT_SECURE"] and proxy SSL by load balancer

    - by frankadelic
    We have some legacy ASP.NET code that detects if a request is secure, and redirects to the https version of the page if required. This code uses Request.ServerVariables["SERVER_PORT_SECURE"] to detect if SSL is needed. Our operations team has suggested doing proxy SSL at the load balancer (F5 Big-IP) instead of on the web servers (assume for the purposes of this question that this is a requirement). The consequence would be that all requests appear as HTTP to the web server. My question: how can we let the web servers known that the incoming connection was secure before it hit the load balancer? Can we continue to use Request.ServerVariables["SERVER_PORT_SECURE"]? Do you know of a load balancer config that will send headers so that no application code changes are needed?

    Read the article

  • Is Eclipse Remote System Explorer broken on Windows?

    - by Kev
    I have the following setup on Windows 7 Ultimate x64: Eclipse Indigo 2.7.2 (Build: M20120208-0800) Remote System Explorer 3.3.2 (see screenshot) (Oracle/Sun) Java 1.6 Update 31 (x86) Despite all my best efforts I am unable to connect to a remote system (a Centos 5.6 server on my local LAN) using a Remote System Explorer SSH connection - I've tried both password authentication and using my SSH private key. Here is a screenshot of both the Eclipse error dialogue and what is logged in my /var/log/secure log file: /var/log/secure: Apr 1 12:00:21 nagios sshd[6176]: Received disconnect from 172.16.3.88: 3: com.jcraft.jsch.JSchException: Auth fail When I connect for the first time I do get prompted to verify the authenticity of the remote host and the RSA key fingerprint. But that's as far as things go. Performing the same operation with the same credentials on my Fedora Core 16 box (also running the same version of Eclipse and Java) to the same server is successful. This leads me to believe that RSE SSH support on Windows is either broken or there's some piece of the SSH-on-Windows puzzle I'm missing. Is this the case?

    Read the article

  • Quicken like Windows Forms application

    - by WinFXGuy
    Hi All, I need to build a quicken like application, where data needs to be secure. I don't see any database being used by Quicken. I could use XML, MDF or Access database, but data is not secure in the tables. What is the best option? How does Quicken handle it? My application may also have document attachments as well. The functionality of this application is similar to quicken but not an accounting/financial in functionality. Thanks a bunch!

    Read the article

  • IE6 https security message appearing after closing jQuery colorbox overlay

    - by RyanP13
    I am working on a secure site, https. I am using the colorbox jquery plugin to iframe another page from the same site over the current content. In IE6 when i close the colorbox overlay i get the following message: "This page contains both secure and nonsecure items. Do you want to display the nonsecure items?" Any ideas why this is happening? Can it be prevented? Assume i would have to make the whole site http rather than https but this is not possible as we have online payments.

    Read the article

  • What keying option does the keychain use?

    - by Rudiger
    I have read into the keychain and have found that it uses Triple DES. What I can't find is what keying option it uses. I am guessing / hoping that its keying option 1 where all 3 passwords are unique but if thats the case I can only think of two passwords it can use (user password and App ID that comes from your dev cert) so where is the third coming from? Is it a key private to Apple? If its keying option 2 (first and third key are the same) it might not be secure enough for our company to rely on. Although that might sound paranoid I have to justify to our security department that it is secure enough.

    Read the article

  • Security in API authentication

    - by Carlos
    We are in the process of revamping our server side API, and we need to manage security. Our current model requires that a credentials object (containing user, password, and pin) be included in each method invocation. Our development team, however, has decided that we should have session objects instead (which is fine by me), but the new credentials are just a GUID. This is very different from what I've seen in other APIs in our industry, so I'm a bit concerned about how secure the new model will be. I asked them if they had analyzed both alternatives, and they said they haven't. Does anyone know if there're any clear advantages, disadvantages, risks, etc. of using a set of credentials versus just one element (complex as it may be)? PS: the communication channel would be secure in either case, and it's separate from this particular topic

    Read the article

  • How to add SSL to subdomain that points to a different server?

    - by Travis
    I don't know much about secure certificates, so please bear with me... I've got a webserver that has a single domain SSL certificate https://secure.mysite.com I also have a couple of subdomains that point to different servers. http://www.mysite.com ( main server) http://subdomain.mysite.com (completely different server) I am wondering: What is the best way to add SSL to the subdomain: https://subdomain.mysite.com Is it possible to configure something like this with a wildcard certificate? Or is it better to purchase another single-domain certificate and install it on the seperate server? Are there any special considerations / pitfalls in doing something like this? Thanks, in advance, for your help.

    Read the article

  • Facebook Feed Dialog Returns API Error Code: 191

    - by Kris
    In my Facebook App I'll always get the following error : An error occurred. Please try again later. API Error Code: 191 API Error Description: The specified URL is not owned by the application Error Message: redirect_uri is not owned by the application. I just want to feed a post via button my code is function postToFeed() { // calling the API ... var obj = { method: 'feed', link: 'https://mydomain.com/', picture: 'https://mydomain.com/img/feed.png', name: 'BLABLADialog', caption: 'UeberschriftBLABLA', description: 'DescriptionBLABLA', show_error: true }; function callback(response) { document.getElementById('msg').innerHTML = "Post ID: " + response['post_id']; } FB.ui(obj, callback); } my Canvas-URL is "http://mydomain.com/" my Secure Canvas-URL is "https://mydomain.com/" my Tab-URL is "https://mydomain.com/tab.php" my Secure Tab-URL is "https://mydomain.com/tab.php" my Website with Facebook Login SITE URL is "https://mydomain.com/" so what I am doing wrong ?

    Read the article

  • What goes between SQL Server and Client?

    - by worlds-apart89
    This question is an updated version of a previous question I have asked on here. I am new to client-server model with SQL Server as the relational database. I have read that public access to SQL Server is not secure. If direct access to the database is not a good practice, then what kind of layer should be placed between the server and the client? Note that I have a desktop application that will serve as the client and a remote SQL Server database that will provide data to the client. The client will input their username and password in order to see their data. I have heard of terms like VPN, ISA, TMG, Terminal Services, proxy server, and so on. I need a fast and secure n-tier architecture. P.S. I have heard of web services in front of the database. Can I use WCF to retrieve, update, insert data? Would it be a good approach in terms of security and performance?

    Read the article

  • Security & Authentication: SSL vs SASL

    - by 4herpsand7derpsago
    My understanding is that SSL combines an encryption algorithm (like AES, DES, etc.) with akey exchange method (like Diffier-Hellman) to provide secure encryption and identification services between two endpoints on an un-secure network (like the Internet). My understanding is that SASL is an MD5/Kerberos protocol that pretty much does the same thing. So my question: what are the pros/cons to choosing both and what scenarios make both more preferable? Basically, I'm looking for a guidelines to follow when choosing SSL or to go with SASL instead. Thanks in advance!

    Read the article

  • Can Tomcat provide seperate (or HTTPS only) sessions for HTTPS requests?

    - by Joe
    I have a web application which contains both secure (SSL) and non-secure pages. A user can login to the site and must appear logged-in in both the SSL and non-SSL areas. (NB. SSL isn't implemented via Tomcat, but via Apache HTTPD servers which sit in front of Tomcat - so Tomcat has no SSL configuration.) The logged-in state is currently maintained via a servlet session (using Tomcat's vanilla session management). The obvious issue with this approach is that the JSESSIONID cookie is transported over both HTTP and HTTPS connections, meaning that it's potentially possible to intercept it and hijack the session. Are there any solutions to this without rolling our own session management (i.e. does Tomcat cater for this situation)? I'm prepared to implement our own session management, but don't want to reinvent something that may already be supported.

    Read the article

  • Convert VB6 Randomize to C#

    - by Thomas G. Mayfield
    I'm writing a C# frontend to a legacy database that uses VB6 Rnd() and Randomize() methods for user password encryption. The encryption function is very simplistic and really not all that secure, but it's what all current passwords are stored with. What I'd like to be able to do is authenticate legacy users from a C# application. I can write new encryption (or preferably hashing) code for VB6 so that all future users have a more secure password, and that can be duplicated in C#. But I don't want to require current users to have had their password reset before they can use the new frontend. Is there any way I can reimplement that algorithm in C# so that it produces identical results to the legacy VB6 code?

    Read the article

  • Apache MOD_REWRITE Domain Level Cookie

    - by BigMadKev
    I need to deal with Affiliate Tracking on our website. In our .htaccess we have: RewriteCond %{QUERY_STRING} affiliate=(.*) RewriteRule ^(.*)$ $1? [NC,R,L,co=AFFID:%1:%{HTTP:Host}:7200:/] Which creates a COOKIE called AFFID with the value of the URL Parameter affiliate. But the Cookie is not for the whole domain, i.e. Going to http://www.domain.com/?affiliate=bmk sets the AFFID cookie with the value bmk for .www.domain.com but I would like ti to be for .domain.com so that it can be used across our secure domain which will be secure.domain.com Any help would be appreciated Cheers

    Read the article

  • App Engine remote_api with OpenID

    - by hawkettc
    Hi, I've recently tried to switch my app engine app to using openID, but I'm having an issue authenticating with remote_api. The old authentication mechanism for remote_api doesn't seem to work (which makes sense) - I'm getting a 'urllib2.HTTPError: HTTP Error 302: Found', which I assume is appengine redirecting me to the openid login page I've set up. I guess I'm missing something fairly obvious. Currently my remote_api script has the following in it - remote_api_stub.ConfigureRemoteDatastore(app_id=app_id, path='/remote_api', auth_func=auth_func, servername=host, secure=secure) where auth_func is def auth_func(): return raw_input('Username:'), getpass.getpass('Password:') Any ideas what I need to supply to remote_api? I guess similar issues would be encountered with bulkloader too. Cheers, Colin

    Read the article

  • Does it make sense to study COBOL?

    - by Alon
    I have had a talk with a friend of mine about the relative vulnerability of different types of IT workers to unexpected unemployment (e.g. layoffs, company going out of business, obsolete skills etc.) as it seems COBOL developers (or maintainers?) seems very secure in their positions, regardless of the state if the economy or even how good they are. With so much critical COBOL code being around on the one side and the deminishing number of COBOL know-hows on the other , it actually makes sense to recommend someone starting their way in the IT world and looking for a relativity secure job to study and intern in COBOL! what do you think ?

    Read the article

  • .NET desktop App remembering login to a webservice

    - by pete the pagan-gerbil
    I am in the planning stages of a .NET desktop app that will communicate with a web service. The web service requires a username and password, and a common feature in this sort of app is to save the user's credentials for the next logon. I've thought of a few ways of achieving this, but I am not sure what the most secure way would be. Should it be stored encrypted in a file (and could someone nefarious copy that file to their own machine and hence logon as the original person), or in the registry somehow (I've not done any registry work before, is it secure and would it work)? Are there any other options I might not have thought of?

    Read the article

  • HTTPS-Compliant Sharepoint Web Parts

    - by bporter
    We are planning to create a new sub-site within our company's intranet site. The intranet is built on SharePoint 2007. My question is this: Suppose I want to add a 3rd-party weather web part to the home page of my new intranet site. Since the new site uses HTTPS, do I need to make sure to find an HTTPS-compliant web part? If I use a standard web part, will users get a "This page contains both secure and non-secure items" error message when they load the page? Thanks in advance!

    Read the article

  • Securing a REST API

    - by Christopher McCann
    I am in the middle of developing a REST API - the first one I ever have. The data being passed through the API is not of such a critical nature that there will be loss of life, economics etc if it was intercepted but at the same time I would like it to be secure. The data being transferred is simply like the data that would be transferred on Twitter or Facebook - not overly confidential but still should be kept private. What is the best way to secure this data? Am I best to use HTTP Basic Auth over SSL or should I be looking into something like OAuth. I have never really used REST much before so bit of a first for me. Thanks

    Read the article

  • Does an HTTPS SharePoint Site Need to Use HTTPS-Compliant Web Parts?

    - by bporter
    I am new to SharePoint, so this question may be a little naive. However, I sincerely appreciate any help with this. We are planning to create a new sub-site within our company's intranet site, which is built on SharePoint 2007. We want to add a 3rd-party weather web part (which is just a widget to display the local weather forecast) to the home page of the new intranet site. Since the intranet site uses HTTPS, do we need to find an HTTPS-compliant web part? Or, is it possible to use any web part and then configure it to use HTTPS? I'm assuming that if we use a non-HTTPS web part, then users will get some sort of "This page contains both secure and non-secure items" error message when they load the page.

    Read the article

< Previous Page | 40 41 42 43 44 45 46 47 48 49 50 51  | Next Page >