Search Results

Search found 15648 results on 626 pages for 'wcf security'.

Page 44/626 | < Previous Page | 40 41 42 43 44 45 46 47 48 49 50 51  | Next Page >

  • Security issues of running PHP scripts as the owner of the PHP file with suexec

    - by thomasrutter
    I'm using suexec to ensure that PHP scripts (and other CGI/FastCGI apps) are run as the account holder associated with the relevant virtual host. This allows for securing each users' scripts from reading/writing by other users. However, it occurs to me that this opens up a different security hole. Previously, the web server ran as an unprivileged user, with read-only access to user's files (unless the user changed the file permissions for some reason). Now, the web server can also write to user's files. So while I've prevented different users taking advantage of each other's scripts, I've made it so that in the event that some application has a remote code injection vulnerability, it now has not only read access but also write access to all that user's scripts and website. How can I deal with this? One idea I've had is to create a second user account for each user account in the system, so that each user has their own user account, and all their scripts are run under another user account. But that seems cumbersome.

    Read the article

  • Chrome - SSL Security issue on Windows platforms?

    - by al nik
    Fortify.net is a service that displays what's the currently encryption key used by your browser in a https connection. If I browse this site with Chrome 4.1.249.1042 in WinXp SP3 the key used is RC4 cipher, 128-bit key This encryption is weak, and it's the one used by old browsers like IE6. Chrome works fine on Fedora9 and it uses AES cipher, 256-bit key as more modern browsers do (i.e.Firefox) I consider this a security issue. I'm considering to switch back to Firefox in Windows. Do you know if it's possible to change the default encryption key in Chrome?

    Read the article

  • Apache security for multi-user development web server.

    - by mrmartinblue
    I've been searching and reading through documents all morning and understand that I need to use some combination of chown and probably 'jailing' to securely give programmers access to directories on my centos webserver. Here's the situation: I have an apache web server that has any number of virtual sites located in /var/www/site1 /var/www/site2 etc.. I have different developers that need full access both ssh and vsFTP to only the site they are working on. What is the best way to create and maintain security in this scenario. My thought would be to create a new user for each coder, jail that user to the website directory they are allowed to work in, add their user to a group and set the webroot's owner to that group. Any thoughts? Good, bad, ugly? Thanks!

    Read the article

  • Set security on pattern of sub folders (Server 2003)

    - by Mark Major
    I have a folder structure similar to the one shown below these paragraphs. How do I change security on every 'Photos' folder without clicking through each individually in Windows Explorer? There are about 50 top level folders (Bob, Jim, Eva, etc, etc) which have the same layout of folders inside. I am keen for any suggestions, either scripting or GUI. I am on Windows Server 2003. Cheap/free method would be good, as the company is part of a registered charity. Ideally I would like to do this via DFS path. E.G. \\mycompany.local\Shared\Staff\Bob\ Thanks for reading. Thanks for any info. Mark Bob Review Profile Photos Jim Review Profile Photos Eva Review Profile Photos

    Read the article

  • Editing the Microsoft Security Essentials context-menu

    - by GPX
    As all MSE users would know, the context-menu item that it adds to Explorer is really long, with one whole sentence "Scan with Microsoft Security Essentials...". Is there a way to edit this and shorten it? I figured out the the file shellext.dll is responsible for registering the context menu. I used ResEdit to edit the DLL and changed the string table entry from Scan with ($BrandName) to Scan with MSE. But it still won't change. I've also tried de-registering the DLL and then registering it again. No luck! Any ideas? Or am I doing something wrong?

    Read the article

  • Security measures for CentOS

    - by cappuccinodrinker
    I have been tightening up my web server security and wanted to know what else I can do. I am running CentOS 5 with these measures: - All passwords to FTP, MySQL etc are generated from grc.com/passwords.htm and microsoft.com/protect/fraud/passwords/create.aspx (for the ones which cannot be too long). - Running iptables with all ports shut off except for http mail and smtp, the important ports like FTP SSH are blocked to all except my static office IP. There is also no response to pings. - Rootkit Hunter running daily - The server is PCI compliant according to Comodo - Not running any crappy made php apps, we use Zend Framework for our stuff and do have kayako installed and keep them up to date. Can't really think of anything else I can do... I could implement a brute force measure, but I think I already have by simply changing my SSH port to a number above 10000 and blocking it off with iptables.

    Read the article

  • Linux Security/Sysadmin Courses in London?

    - by mister k
    Hi, My employer has offered to send me on a couple of training courses and I'm just looking for some recommendations. I'm mainly looking to improve my security and general sysadmin skills. I would like to do something focused on UNIX as I mainly work with Linux boxes (but also a couple of FreeBSD boxes). I don't want to do a study-from-home course, so I would need to find somewhere based in London. It would be great to hear from anyone who has some experience with this kind of course. The courses I've found so far are: www.learningtree.co.uk/courses/uk433.htm www.city.ac.uk/cae/cfa/computing/systems_it/linux.html www.city.ac.uk/cae/cfa/computing/systems_it/unix_tools_ss.html I'm not sure the City University courses are advanced enough as I already have experience... Thanks!

    Read the article

  • Security considerations for my first eStore.

    - by Rohit
    I have a website through which I am going to sell few products. It is hosted on a simple shared-hosting and does not have SSL. On the products page, each product has a Buy Now button created from my PayPal Merchant account. PayPal recommends to use it's Button Factory to create secure buttons and save it inside PayPal itself. I have followed the same advice and the code of any button is secure and does not disclose any information on either a product or it's price. When the user clicks on a Buy Now button, he/she is taken to PayPal site where a page is opened in SSL for the user to fill in the credit card and shipping details. After a successful transaction, the control is passed back to my site. I want to know whether there is still any chance when security could be compromised.

    Read the article

  • Security considerations in providing VPN access to non-company issued computers [migrated]

    - by DKNUCKLES
    There have been a few people at my office that have requested the installation of DropBox on their computers to synchronize files so they can work on them at home. I have always been wary about cloud computing, mainly because we are a Canadian company and enjoy the privacy and being outside the reach of the Patriot Act. The policy before I started was that employees with company issued notebooks could be issued a VPN account, and everyone else had to have a remote desktop connection. The theory behind this logic (as I understand it) was that we had the potential to lock down the notebooks whereas the employees home computers were outside of our grasp. We had no ability to ensure they weren't running as administrator all the time / were running AV so they were a higher risk at being infected with malware and could compromise network security. With the increase in people wanting DropBox I'm curious as to whether or not this policy is too restrictive and overly paranoid. Is it generally safe to provide VPN access to an employee without knowing what their computing environment looks like?

    Read the article

  • How can I programatically create this custom binding?

    - by user277040
    We've got to access a web service that uses soap11... no problem I'll just set the binding as: BasicHttpBinding wsBinding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential); Nope. No dice. So I asked the host of the service why we're having authentication issues and he said that our config needed to have this custom binding: <bindings> <customBinding> <binding name="lbinding"> <security authenticationMode="UserNameOverTransport" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11" securityHeaderLayout="Strict" includeTimestamp="false" requireDerivedKeys="true" keyEntropyMode="ServerEntropy"> </security> <textMessageEncoding messageVersion="Soap11" /> <httpsTransport authenticationScheme ="Negotiate" requireClientCertificate ="false" realm =""/> </binding> </customBinding> </bindings> Only problem is we're creating our binding programmatically not via the config. So if someone could point me in the right direction in regards to changing my BasicHttpBinding into a custombinding that conforms to the .config value provided I'll give them a big shiny gold star for the day.

    Read the article

  • Calling WCF service with parameters from VBScript

    - by Mick Mason
    http://stackoverflow.com/questions/944975 I'm trying to use the code from the above stack article, but my WCF service method requires parameters: SaveCheckData int,int,string,string I've tried frigging with the code to incorporate this, but to be honest, I may as well be trying to perform heart surgery. Can anyone shed any light on how i'd need to modify the code to call a SOAPAction that requires parameters? Thanks Mick

    Read the article

  • WCF Service behind F5 Bigip endpoint issue

    - by John
    we have WCF services hosted on IIS in 4 web servers, these web servers are behind the F5 Bigip load balancing system, SSL accelarator. When the client calls the service it'll be calling https myserver.com/myservices.svc but actually .svc will be in different servers like http web1.mysever.com/myservices.svc, http web2.mysever.com/myservices.svc, etc how do we handle this issue?

    Read the article

  • Best way to mock WCF Client proxy

    - by chugh97
    Are there any ways to mock a WCF client proxy using Rhino mocks framework so I have access to the Channel property? I am trying to unit test Proxy.Close() method but as the proxy is constructed using the abstract base class ClientBast which has the ICommunication interface, my unit test is failing as the internal infrastructure of the class is absent in the mock object. Any good ways with code samples would be greatly appreciated.

    Read the article

  • Creating WCF Services using Dynamic Languages and DLR

    - by Perpetualcoder
    I was curious how anyone would go about creating WCF based services using a dynamic language like IronPython or IronRuby. These languages do not have the concept of interfaces. How would someone define service contracts? Would we need to rely on static languages for such kind of tasks? I am a big fan of Python in particular and would like to know if this can be done at this point.

    Read the article

  • Looking for tutorial to call WCF service from classic ASP

    - by George2
    Hello everyone, I have some legacy classic ASP code (not ASP.Net, but ASP), and I want to call a WCF service which I developed by using VSTS 2008 + C# + .Net 3.5 and using basic Http Binding. Any reference samples? I heard the only way is -- we have to manually generate the tricky SOAP message, and parse SOAP response, is that true? :-) thanks in advance, George

    Read the article

  • WCF ResponseFormat For WebGet

    - by michael lucas
    WCF offers two options for ResponseFormat attribute in WebGet annotation in ServiceContract. [ServiceContract] public interface IService1 { [OperationContract] [WebGet(UriTemplate = "greet/{value}", BodyStyle = WebMessageBodyStyle.Bare)] string GetData(string value); [OperationContract] [WebGet(UriTemplate = "foo", BodyStyle = WebMessageBodyStyle.Bare, ResponseFormat = WebMessageFormat.Json)] string Foo(); The options for ResponseForamt are WebMessageFormat.Json and WebMessageFormat.Xml. Is it possible to write my own web message format? I would like that when client calls foo() method he gets raw string - without json or xml wrappers.

    Read the article

  • Business enum to DatContract Enum conversion in WCF

    - by chugh97
    I have an enum namespace Business { public enum Color { Red,Green,Blue } } namespace DataContract { [DataContract] public enum Color { [EnumMember] Red, [EnumMember] Green, [EnumMember] Blue } } I have the same enum as a datacontract in WCF with same values. I need to convert the Business enum to the DataContract enum using a translator. Hoe can I achieve this?

    Read the article

  • WCF Webservices and FaultContract - Client's receiving SoapExc insted of FaultException<TDetails>

    - by Alessandro Di Lello
    Hi All, i'm developing a WCF Webservice and consuming it within a mvc2 application. My problem is that i'm using FaultContracts on my methods with a custom FaultDetail and i'm throwing manyally the faultexception but when the client receive the exception , it receives a normal SoapException instead of my FaultException that i throwed from the service side. Here is some code: Custom Fault Detail Class: [DataContract] public class MyFaultDetails { [DataMember] public string Message { get; set; } } Operation on service contract: [OperationContract] [FaultContract(typeof(MyFaultDetails))] void ThrowException(); Implementation: public void ThrowException() { var details = new MyFaultDetails { Message = "Exception Test" }; throw new FaultException<MyFaultDetails >(details , new FaultReason(details .Message), new FaultCode("MyFault")); } Client side: try { // Obv proxy init etc.. service.ThrowException(); } catch (FaultException<MyFaultDetails> ex) { // stuff } catch (Exception ex) { // stuff } What i expect is to catch the FaultException , instead that catch is skipped and the next catch is taken with an exception of type SoapException. Am i missing something ? i red a lot of threads about using faultcontracts within wcf and what i did seems to be good. I had a look at the wsdl and xsd generated and they look fine. here's a snippet regarding this method: <wsdl:operation name="ThrowException"> <wsdl:input wsaw:Action="http://tempuri.org/IAnyJobService/ThrowException" message="tns:IAnyJobService_ThrowException_InputMessage" /> <wsdl:output wsaw:Action="http://tempuri.org/IAnyJobService/ThrowExceptionResponse" message="tns:IAnyJobService_ThrowException_OutputMessage" /> <wsdl:fault wsaw:Action="http://tempuri.org/IAnyJobService/ThrowExceptionAnyJobServiceFaultExceptionFault" name="AnyJobServiceFaultExceptionFault" message="tns:IAnyJobService_ThrowException_AnyJobServiceFaultExceptionFault_FaultMessage" /> </wsdl:operation> <wsdl:operation name="ThrowException"> <soap:operation soapAction="http://tempuri.org/IAnyJobService/ThrowException" style="document" /> <wsdl:input> <soap:body use="literal" /> </wsdl:input> <wsdl:output> <soap:body use="literal" /> </wsdl:output> <wsdl:fault name="AnyJobServiceFaultExceptionFault"> <soap:fault use="literal" name="AnyJobServiceFaultExceptionFault" namespace="" /> </wsdl:fault> </wsdl:operation> Any help ? Thanks in advance Regards Alessandro

    Read the article

  • WCF using Spring.NET woes

    - by demius
    Hi everyone, I've torn out all but two hairs on my head trying to get my WCF services hosted in IIS 7.5. I'm using Spring.NET to create my service instances, but I'm having no luck getting it up and running. I encounter the following exception: Could not find a base address that matches scheme http for the endpoint with binding MetadataExchangeHttpBinding. Registered base address schemes are []. My WCF configuration is as follows: <system.serviceModel> <bindings> <wsHttpBinding> <binding name="secureBinding" allowCookies="false"> <security mode="Transport"> <transport clientCredentialType="None"> <extendedProtectionPolicy policyEnforcement="Never" /> </transport> </security> </binding> </wsHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior> <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="false" /> </behavior> </serviceBehaviors> </behaviors> <services> <service name="TestService"> <host> <baseAddresses> <add baseAddress="https://ws.local.com/TestService.svc"/> </baseAddresses> </host> <endpoint name="secureEndpoint" contract="Services.Interfaces.ITestService" binding="wsHttpBinding" bindingConfiguration="secureBinding" address="https://ws.local.com/TestService.svc" /> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> </service> </services> <serviceHostingEnvironment multipleSiteBindingsEnabled="true" /> What am I missing here?

    Read the article

  • Can one instance of a WCF service pass work on to another instance where this 2nd instance would rep

    - by Matt
    Let's say I have 2 instances of the same web services. Is there a way that I can have the second instance of the web service perform a task at the behest of the first instance of the WCF service and reply directly to the original requester? I could code this and include logic in WCF-A to contact WCF-B under the right conditions and then passback the result, but returning to the requester directly from WCF-B would be easier. Also, I made a handy dandy chart.

    Read the article

< Previous Page | 40 41 42 43 44 45 46 47 48 49 50 51  | Next Page >