Search Results

Search found 30819 results on 1233 pages for 'software security'.

Page 46/1233 | < Previous Page | 42 43 44 45 46 47 48 49 50 51 52 53 | Next Page >

filterSecurityInterceptor and metadatasource implementation spring-security

- by Mike

Hi! I created a class that implements the FilterInvocationSecurityMetadataSource interface. I implemented it like this: public List<ConfigAttribute> getAttributes(Object object) { FilterInvocation fi = (FilterInvocation) object; Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); Long companyId = ((ExtenededUser) principal).getCompany().getId(); String url = fi.getRequestUrl(); // String httpMethod = fi.getRequest().getMethod(); List<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(); FilterSecurityService service = (FilterSecurityService) SpringBeanFinder.findBean("filterSecurityService"); Collection<Role> roles = service.getRoles(companyId); for (Role role : roles) { for (View view : role.getViews()) { if (view.getUrl().equalsIgnoreCase(url)) attributes.add(new SecurityConfig(role.getName() + "_" + role.getCompany().getName())); } } return attributes; } when I debug my application I see it reaches this class, it only reaches getAllConfigAttributes method, that is empty as I said, and return null. after that it prints this warning: Could not validate configuration attributes as the SecurityMetadataSource did not return any attributes from getAllConfigAttributes(). My aplicationContext- security is like this: <beans:bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy"> <filter-chain-map path-type="ant"> <filter-chain filters="sif,filterSecurityInterceptor" pattern="/**" /> </filter-chain-map> </beans:bean> <beans:bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"> <beans:property name="authenticationManager" ref="authenticationManager" /> <beans:property name="accessDecisionManager" ref="accessDecisionManager" /> <beans:property name="securityMetadataSource" ref="filterSecurityMetadataSource" /> </beans:bean> <beans:bean id="filterSecurityMetadataSource" class="com.mycompany.filter.FilterSecurityMetadataSource"> </beans:bean> what could be the problem?

Read the article
implementing Ws-security within WCF proxy

- by harrisonmeister

Hi, I have imported an axis based wsdl into a VS 2008 project as a service reference. I need to be able to pass security details such as username/password and nonce values to call the axis based service. I have looked into doing it for wse, which i understand the world hates (no issues there) I have very little experience of WCF, but have worked how to physically call the endpoint now, thanks to SO, but have no idea how to set up the SoapHeaders as the schema below shows: <S:Envelope xmlns:S="http://www.w3.org/2001/12/soap-envelope" xmlns:ws="http://schemas.xmlsoap.org/ws/2002/04/secext"> <S:Header> <ws:Security> <ws:UsernameToken> <ws:Username>aarons</ws:Username> <ws:Password>snoraa</ws:Password> </ws:UsernameToken> </wsse:Security> ••• </S:Header> ••• </S:Envelope> Any help much appreciated Thanks, Mark

Read the article
WS-Security using the ASMX file in ASP.NET 3.5

- by Adam

Basically I need to setup my ASMX file so that when I pull it up in a browser to display the WebMethod specification the Soap Header conforms to this format: <soap:Header> <wsse:Security> <wsse:UsernameToken wsu:Id='SecurityToken-securityToken'> <wsse:Username>Username</wsse:Username> <wsse:Password>Password</wsse:Password> <wsu:Created>Timestamp</wsu:Created> </wsse:UsernameToken> </wsse:Security> </soap:Header> Back-story: I'm integrating with a client application that is already built (and owned by another company). Basically this client application already has their soap messages all set up from its past integrations with other companies. So we've opted to just build a web service using an ASMX file that matches the WSDL that they're already setup to consume. Is it possible to get WS-Security working on an ASMX file or is ASMX too simplistic and I have to upgrade to WFC (which I really don't want to do)?

Read the article
web.config + asp.net MVC + location > system.web > authorization + Integrated Security

- by vdh_ant

Hi guys I have an ASP.Net MVC app using Integrated Security that I need to be able grant open access to a specific route. The route in question is '~/Agreements/Upload' and the config I have setup looks like this: <configuration> ... <location path="~/Agreements/Upload"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> ... </configuration> I have tried a few things and nothing has worked thus far. In IIS under Directory Security Authentication Methods I only have "Integrated Windows Authentication" selected. Now this could be part of my problem (as even though IIS allows the above IIS doesn't). But if that's the case how do I configure it so that Integrated Security works but allows people who aren't authenticated to access the given route. Cheers Anthony

Read the article
Spring Security ACL: NotFoundException from JDBCMutableAclService.createAcl

- by user340202

Hello, I've been working on this task for too long to abandon the idea of using Spring Security to achieve it, but I wish that the community will provide with some support that will help reduce the regret that I have for choosing Spring Security. Enough ranting and now let's get to the point. I'm trying to create an ACL by using JDBCMutableAclService.createAcl as follows: [code] public void addPermission(IWFArtifact securedObject, Sid recipient, Permission permission, Class clazz) { ObjectIdentity oid = new ObjectIdentityImpl(clazz.getCanonicalName(), securedObject.getId()); this.addPermission(oid, recipient, permission); } @Override @Transactional(propagation = Propagation.REQUIRED, isolation = Isolation.READ_UNCOMMITTED, readOnly = false) public void addPermission(ObjectIdentity oid, Sid recipient, Permission permission) { SpringSecurityUtils.assureThreadLocalAuthSet(); MutableAcl acl; try { acl = this.mutableAclService.createAcl(oid); } catch (AlreadyExistsException e) { acl = (MutableAcl) this.mutableAclService.readAclById(oid); } // try { // acl = (MutableAcl) this.mutableAclService.readAclById(oid); // } catch (NotFoundException nfe) { // acl = this.mutableAclService.createAcl(oid); // } acl.insertAce(acl.getEntries().length, permission, recipient, true); this.mutableAclService.updateAcl(acl); } [/code] The call throws a NotFoundException from the line: [code] // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc) Acl acl = readAclById(objectIdentity); [/code] I believe this is caused by something related to Transactional, and that's why I have tested with many TransactionDefinition attributes. I have also doubted the annotation and tried with declarative transaction definition, but still with no luck. One important point is that I have used the statement used to insert the oid in the database earlier in the method directly on the database and it worked, and also threw a unique constraint exception at me when it tried to insert it in the method. I'm using Spring Security 2.0.8 and IceFaces 1.8 (which doesn't support spring 3.0 but definetely supprorts 2.0.x, specially when I keep caling SpringSecurityUtils.assureThreadLocalAuthSet()). My AppServer is Tomcat 6.0, and my DB Server is MySQL 6.0 I wish to get back a reply soon because I need to get this task off my way

Read the article
problem in handling menu - submenu based on spring security

- by Nirmal

Hi All... I have configured spring security core plugin using requestmap table inside the database.. Now inside requestmap table I have all the possible urls and it's equivalent roles who can access that url... Now I want to generate menus and submenus based on the urls stored in requestmap table... So my requirement is to check the urls of menu & submenus against the logged in users privileges... And if logged in user has any one privilege then I need to display that main menu and the available submenus.... For e.g. I have a menu in my project called user which has a following submenus : **Users (main menu)** Manage Users (sub menu) Import Users (sub menu) Now inside my header.gsp I have successfully achieved the above requirement using if else condition, like : if ( privs.contains("/users/manageUsers") || privs.contains("/users/importUsers")) here privs are the list of urls from requestmap table for logged in user. But I want to achieve these using spring security tag lib, so for comparing urls I have find following tag from spring security core documentation : <sec:access url="/users/manageUsers"> But i am bit confuse that how I can replace or condition using tag library.. Is there any tag available which checks from multiple urls and evaluate it to true or false ? Of course I can do using sec:access tag with some flag logic, but is there any tags available which can fulfill my requirement directly ? Thanks in advance...

Read the article
Web Applications Development: Security practices for Application design

- by Shyam

Hi, As I am creating more web applications that are targeted for multiple users, I figured out that I have to start thinking about user management and security. At a glance and in my ideal world, all users belong to a group. Permissions and access is thus defined per group (and inherited by the users of that group). Logically, I have my group of administrators, which are identified with a level "7" (integer) clearance. A group of webusers have for example level "1". This in generally all works great for me, but I need some kind of list that I have to keep in mind how I secure my system, and some general practices. I am not looking for a specific environment; I want to learn the why's and how's. An example is privilege escalation. If someone would be able to "push" themselves inside a group with higher privileges, for example the Administration, how can I prevent this, or what measures should I take to have some sort of precaution? I don't like in that case to walk into a caveat. My question is basically: where can I find a good resource, list, policy, book that explains the security of web applications, the why's, the how's and readable if you don't have any experience in the realm of advanced security? I prefer a free resource, as I believe I couldn't be the first one who thought about this. Thank you for your answers, comments and feedback.

Read the article
Is there a tool to do round trip software engineering between a sequence diagram and a group of objects that message back and forth?

- by DeveloperDon

Is there a tool to do round trip software engineering between a sequence diagram and a group of objects that message back and forth? Perhaps this seems a little exotic, but it seems like a function that includes message calls or even method invocations on other objects could be automatically converted to a sequence diagram given that it is not hard to do manually. Similarly, when a sequence diagram is modified, based on the message name and type of message, should it not be possible to add a message or method to the calling object?

Read the article
What is better Ubuntu Tweak or Ubuntu Software center?

- by S B

Ubuntu Tweak has served me very well over the past few release cycles, but there seems to be more and more of an overlap between Ubuntu Tweak and the Ubuntu Software Center. I wanted to know whether these two great apps are headed for a head-to-head crash (which would be a shame for the Ubuntu community) or is there some way for the two projects to complement each other, integrate and make my favorite distribution even better? Happy new year to everyone.

Read the article
how to write high quality GUI software with qt?

- by Opetmar

I want to write a project using QT library, so after learning the library and mastering it how should I start, what other libraries or things that I should learn? are there any other tools that will help me during the development or tools well help the end user to install the software and using it? What are the things that I should be aware? what are the things that I should avoid so it can run efficiently?

Read the article
How to process payments for a software (activation code)?

- by jsoldi

I want to sell software online and I need an easy to implement payment processing system. What I'm actually going to be selling is an activation code (one per purchase) that would activate the trial version of a product. I was about to use this one but I just found out that people without a paid email account (not hotmail or yahoo) can't process their orders, which I'm sure would discourage many, if not most, of the possible buyers.

Read the article
What are the alternatives to fixed-price or time-and-materials contracts for software development?

- by Fortuity

Where can I learn more about pros/cons of various pricing models for software development? Proponents of agile methodology suggest approaches such as multi-stage contracts, target cost contracts, target schedule contracts, shared benefit contracts, variable scope contracts (http://poppendieck.com/agilecontracts.htm). I'm looking for opinions, experience, case studies or informed discussion of these approaches.

Read the article
What are the alternatives to fixed-price or time-and-materials contracts for software development?

- by Fortuity

Where can I learn more about pros/cons of various pricing models for software development? Proponents of agile methodology suggest approaches such as multi-stage contracts, target cost contracts, target schedule contracts, shared benefit contracts, variable scope contracts (http://poppendieck.com/agilecontracts.htm). I'm looking for opinions, experience, case studies or informed discussion of these approaches.

Read the article
Default /etc/apt/sources.list?

- by piemesons

I need default source list for ubuntu 10.04. Can anybody help me? Here is Mine:--- Ubuntu supported packages deb http://archive.ubuntu.com/ubuntu/ lucid main restricted multiverse universe deb http://archive.ubuntu.com/ubuntu/ lucid-backports main restricted universe multiverse deb http://archive.ubuntu.com/ubuntu/ lucid-updates main restricted multiverse universe deb http://security.ubuntu.com/ubuntu lucid-security main restricted universe multiverse deb http://security.ubuntu.com/ubuntu lucid-proposed main restricted universe multiverse deb-src http://archive.ubuntu.com/ubuntu/ lucid main restricted multiverse universe deb-src http://archive.ubuntu.com/ubuntu/ lucid-backports main restricted universe multiverse deb-src http://archive.ubuntu.com/ubuntu/ lucid-updates main restricted multiverse universe deb-src http://security.ubuntu.com/ubuntu lucid-security main restricted universe multiverse deb-src http://security.ubuntu.com/ubuntu lucid-proposed main restricted universe multiverse Canonical Commercial Repository deb http://archive.canonical.com/ubuntu lucid partner deb http://archive.canonical.com/ubuntu lucid-backports partner deb http://archive.canonical.com/ubuntu lucid-updates partner deb http://archive.canonical.com/ubuntu lucid-security partner deb http://archive.canonical.com/ubuntu lucid-proposed partner deb-src http://archive.canonical.com/ubuntu lucid partner deb-src http://archive.canonical.com/ubuntu lucid-backports partner deb-src http://archive.canonical.com/ubuntu lucid-updates partner deb-src http://archive.canonical.com/ubuntu lucid-security partner deb-src http://archive.canonical.com/ubuntu lucid-proposed partner medibuntu deb http://packages.medibuntu.org/ lucid free non-free deb-src http://packages.medibuntu.org/ lucid free non-free PlayOnLinux deb http://deb.playonlinux.com/ lucid main opera deb http://deb.opera.com/opera/ lenny non-free google deb http://dl.google.com/linux/deb/ stable non-free main Dropbox Official Source deb http://linux.dropbox.com/ubuntu karmic main Skype deb http://download.skype.com/linux/repos/debian/ stable non-free This is the error i am getting:-- (sudo apt-get update) Get:9 http://dl.google.com stable/main Packages [1,076B] Err http://ppa.launchpad.net lucid/main Packages 404 Not Found Get:10 http://dl.google.com stable/main Packages [735B] and finally :-- Fetched 9,724B in 3s (2,645B/s) W: Failed to fetch http://ppa.launchpad.net/bisig/ppa/ubuntu/dists/lucid/main/binary-i386/Packages.gz 404 Not Found E: Some index files failed to download, they have been ignored, or old ones used instead.

Read the article
PPA causing 404 error?

- by piemesons

I need default source list for ubuntu 10.04. Can anybody help me? Here is Mine:--- Ubuntu supported packages deb http://archive.ubuntu.com/ubuntu/ lucid main restricted multiverse universe deb http://archive.ubuntu.com/ubuntu/ lucid-backports main restricted universe multiverse deb http://archive.ubuntu.com/ubuntu/ lucid-updates main restricted multiverse universe deb http://security.ubuntu.com/ubuntu lucid-security main restricted universe multiverse deb http://security.ubuntu.com/ubuntu lucid-proposed main restricted universe multiverse deb-src http://archive.ubuntu.com/ubuntu/ lucid main restricted multiverse universe deb-src http://archive.ubuntu.com/ubuntu/ lucid-backports main restricted universe multiverse deb-src http://archive.ubuntu.com/ubuntu/ lucid-updates main restricted multiverse universe deb-src http://security.ubuntu.com/ubuntu lucid-security main restricted universe multiverse deb-src http://security.ubuntu.com/ubuntu lucid-proposed main restricted universe multiverse Canonical Commercial Repository deb http://archive.canonical.com/ubuntu lucid partner deb http://archive.canonical.com/ubuntu lucid-backports partner deb http://archive.canonical.com/ubuntu lucid-updates partner deb http://archive.canonical.com/ubuntu lucid-security partner deb http://archive.canonical.com/ubuntu lucid-proposed partner deb-src http://archive.canonical.com/ubuntu lucid partner deb-src http://archive.canonical.com/ubuntu lucid-backports partner deb-src http://archive.canonical.com/ubuntu lucid-updates partner deb-src http://archive.canonical.com/ubuntu lucid-security partner deb-src http://archive.canonical.com/ubuntu lucid-proposed partner medibuntu deb http://packages.medibuntu.org/ lucid free non-free deb-src http://packages.medibuntu.org/ lucid free non-free PlayOnLinux deb http://deb.playonlinux.com/ lucid main opera deb http://deb.opera.com/opera/ lenny non-free google deb http://dl.google.com/linux/deb/ stable non-free main Dropbox Official Source deb http://linux.dropbox.com/ubuntu karmic main Skype deb http://download.skype.com/linux/repos/debian/ stable non-free This is the error i am getting:-- (sudo apt-get update) Get:9 http://dl.google.com stable/main Packages [1,076B] Err http://ppa.launchpad.net lucid/main Packages 404 Not Found Get:10 http://dl.google.com stable/main Packages [735B] and finally :-- Fetched 9,724B in 3s (2,645B/s) W: Failed to fetch http://ppa.launchpad.net/bisig/ppa/ubuntu/dists/lucid/main/binary-i386/Packages.gz 404 Not Found E: Some index files failed to download, they have been ignored, or old ones used instead.

Read the article
Transport Security with Certificate Authentication

- by Brian T

I'm getting the following error when I access my webservice localhost/MyService/MyService.svc The SSL settings for the service 'SslRequireCert' does not match those of the IIS 'Ssl, SslNegotiateCert'. I've following the web.config examples as specified in http://msdn.microsoft.com/en-us/library/ms731074.aspx Here is my wcf server web.config: <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"> <appSettings /> <system.web> <identity impersonate="false" /> <roleManager enabled="true" /> <authentication mode="Windows" /> <customErrors mode="Off" /> <webServices> <protocols> <add name="HttpGet" /> <add name="HttpPost" /> </protocols> </webServices> </system.web> <system.webServer> <directoryBrowse enabled="true" /> <validation validateIntegratedModeConfiguration="false" /> <security> <authorization> <remove users="*" roles="" verbs="" /> <add accessType="Allow" users="*" roles="" /> </authorization> </security> </system.webServer> <system.serviceModel> <services> <service name="AspNetSqlProviderService" behaviorConfiguration="MyServiceBehavior"> <endpoint binding="wsHttpBinding" contract="Interface1" bindingConfiguration="CertificateWithTransportWSHttpBinding" /> <endpoint binding="wsHttpBinding" contract="Interface2" bindingConfiguration="CertificateWithTransportWSHttpBinding" /> <endpoint address="mex" binding="wsHttpBinding" bindingConfiguration="CertificateWithTransportWSHttpBinding" name="Metadata_Exchange" contract="IMetadataExchange" /> </service> </services> <behaviors> <serviceBehaviors> <behavior name="MyServiceBehavior"> <serviceDebug includeExceptionDetailInFaults="True" /> <serviceMetadata /> <serviceCredentials> <clientCertificate> <authentication trustedStoreLocation="LocalMachine" revocationMode="Online"/> </clientCertificate> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> <bindings> <wsHttpBinding> <binding name="CertificateWithTransportWSHttpBinding"> <security mode="Transport"> <transport clientCredentialType="Certificate" /> </security> </binding> </wsHttpBinding> </bindings> </system.serviceModel> </configuration> I've configured IIS as follows: https binding added using self signed certificate Under SSL settings, require SSL and accept client certificates is checked The self signed certificate has been added to the Local Computer Trusted Root CA. I can browse and execute the .asmx service definition, but the .svc gives me the error described above.

Read the article
Learn Lean Software Development and Kanban Systems

- by Ben Griswold

I did an in-house presentation on Lean Software Development (LSD) and Kanban Systems this week. Beyond what I had previously learned from various podcasts, I knew little about either topic prior to compiling my slide deck. In the process of building my presentation, I learned a ton. I found the concepts weren’t very difficult to grok; however, I found little detailed information was available online. Hence this post which is merely a list of valuable resources. Principles of Lean Thinking, Mary Poppendieck Lean Software Development, May Poppendieck Lean Programming, Mary Poppendieck Lean Software Development, Wikipedia Implementing Lean Software Thinking: From Concept to Cash, Poppendieck Lean Software Development Overview, Darrell Norton Lean Thinking: Banish Waste and Create Wealth in Your Corporation The Goal: A Process of Ongoing Improvement The Toyota Way Extreme Toyota: Radical Contradictions That Drive Success at the World’s Best Manufacturer Elegant Code Cast 17 – David Laribee on Lean / Kanban Herding Code Episode 42: Scott Bellware on BDD and Lean Development Seven Principles of Lean Software Development, Przemys?aw Bielicki Kanban Boards for Agile Project Management with Zen Author Nate Kohari Herding Code 55: Nate Kohari brings Your Moment of Zen James Shore on Kanban Systems Agile Zen Product Site A Leaner Form of Agile, David Laribee Kanban as Alternative Agile Implementation, Mark Levison Lean Software Development, Dr. Christoph Steindl Glossary of Lean Manufacturing Terms Why Pull? Why Kanban?, Corey Ladas

Read the article
Auszeichnung für Oracle beim Channel Marketing Award 2010: IT-Security Kampagne "Keine Aufregung" belegt 2. Platz

- by A&C Redaktion

Am 18. November wurde in Augsburg der Channel Marketing Award 2010 verliehen. Gesucht wurden die besten Kampagnen der IT-Branche, mit denen wirtschaftlich und kreativ herausragende Marketing-Aktivitäten rund um das Partner Business umgesetzt wurden. In der Kategorie With/Through Partner hat Oracle mit der IT-Security Kampagne www.keine-aufregung.de hinter Xerox den 2. Platz belegt! Damit verwies „Keine Aufregung", durchgeführt von Bozana Pistorius im Januar 2010, Kampagnen von IBM, Corel und E-Plus auf die Plätze. Bilder der Kampagnen sind hier zu finden. Die Berichterstattung zum CMA Award gibt es online bei IT-Business inklusive Video und Bildergalerie. V.l.n.r.: Alexander Woelke (Woelke von der Brüggen), Sarah Olbrich (Woelke von der Brüggen), Bozana Pistorius (Oracle), Claudine Petit (Cloudbridge Consulting) und Werner Nieberle (Vogel IT Medien)

Read the article
Why does an error appear every time I try to open the Ubuntu Software Center? [duplicate]

- by askubuntu7639

This question already has an answer here: How do I remove a broken software source? 3 answers There is a glitch on the Ubuntu Software Center and whenever I open it an error appears and it keeps loading and never opens. Why does this happen? I have installed Ubuntu 13.04 on a disk and partitioned it. Please help me and ask for excess information if you need it. If you know of any duplicates please show me them!! This is the output of a question someone asked me. SystemError: E:Type '<!DOCTYPE' is not known on line 1 in source list /etc/apt/sources.list.d/medibuntu.list This next output is the output of cat /etc/apt/sources.list.d/medibuntu.list </div> <div style="float:left;"> <div class="textwidget"><script type="text/javascript"> </div> Unixmen Archive Select Month September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 Tags Cloudandroid apache browser Centos chrome command line Debian eyecandy Fedora firefox games gaming gnome google karmic koala kde libreoffice Linux linux distribution LinuxMint lucid lynx maverick meerkat mysql news oneiric ocelot openoffice opensource opensuse oracle ppa Precise Pangolin release RHEL security server software themes tools ubuntu unix upgrade virtualbox vlc windows wine Unixmen Twitts Firefox 16, a treat for developers http://t.co/cnd27CzT Ubuntu 12.10 ‘Quantal Quetzal’: Beta 2 Sneak Peek http://t.co/hd4LwDOy Top 5 security Myths about Linux; and their realities http://t.co/zO1LgHST About Us Advertising Sitemap Privacy Contact Us Hire Us Copyright © 2008-2013 Unixmen.com . Maintained by Unixmen . /* */ jQuery(document).on('ready post-load', easy_fancybox_handler ); http://www.w3-edge.com/wordpress-plugins/ Page Caching using apc Database Caching 3/186 queries in 0.035 seconds using apc Content Delivery Network via 180016988.r.cdn77.net Served from: www.unixmen.com @ 2013-09-25 01:38:14 by W3 Total Cache

Read the article
Is an 'if password == XXXXXXX' enough for minimum security?

- by Morgan Herlocker

If I create a login for an app that has middle to low security risk (in other words, its not a banking app or anything), is it acceptable for me to verify a password entered by the user by just saying something like: if(enteredPassword == verifiedPassword) SendToRestrictedArea(); else DisplayPasswordUnknownMessage(); It seems to easy to be effective, but I certainly would not mind if that was all that was required. Is a simple check on username/password combo enough? Update: The particular project happens to be a web service, the verification is entirely server side, and it is not open-source. Does the domain change how you would deal with this?

Read the article
What sort of security method is this called (if it has a name)?

- by loosebruce

I have thought of a way of securing access to an application interacting with another application. Using this method Application 1 - "What is the sum of 1+1?" Application 2 - "3" Application 1 - "Access granted" Is this method used a lot, does it have a classification in the programming world? The advantages for me of using this is that I do not have to spend more effort implementing security keys/certificates. Any unauthorized machine trying to interpret it would give the correct result and identify itself as untrusted. What sort of weaknesses are there to doing this?

Read the article
My very first serious project and I'm concerned about security.

- by ilhan

I'm making a small social networking web site for a specific university's students (where I study) and I'm concerned about security (access to the database). What should I do? What I have to check for last time until I went online? (Yeah, Facebook Facebook. Facebook don't have that community sense. You cannot find all your department mates on Facebook. You cannot see all foreign students on Facebook. You cannot hide your identity on Facebook while commenting, etc etc. Just please don't compare it with Facebook, we had a great local social network until it went public . * ))

Read the article
Why does my Ubuntu Software Center not work? [closed]

- by Alex Mundy

Possible Duplicate: How do I fix a “Problem with MergeList” error when trying to do an update? I've been having trouble with my Software Center. Whenever I try to open it, or even do an apt-get in the terminal I get this message: Reading package lists... Error! E: Encountered a section with no Package: header E: Problem with MergeList /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_precise-security_restricted_binary-i386_Packages E: The package lists or status file could not be parsed or opened. How do I fix it? Note: I'm new to Ubuntu. I need simple instructions for the moment.

Read the article
Is an 'if password == XXXXXXX' enough for minimum security?

- by Prof Plum

If I create a login for an app that has middle to low security risk (in other words, its not a banking app or anything), is it acceptable for me to verify a password entered by the user by just saying something like: if(enteredPassword == verifiedPassword) SendToRestrictedArea(); else DisplayPasswordUnknownMessage(); It seems to easy to be effective, but I certainly would not mind if that was all that was required. Is a simple check on username/password combo enough? Update: The particular project happens to be a web service, the verification is entirely server side, and it is not open-source. Does the domain change how you would deal with this?

Read the article
Software Center does not load

- by eim

I'm having problems with opening my Software center and it just shuts off after loading a few seconds. I can't even get it to the main page of the Software Center. I did try to follow these commands but of no avail: sudo apt-get purge software-center sudo apt-get update sudo apt-get install software-center Instead, I get an error after entering the first command: eim@eim-VAIO:~$ sudo apt-get purge software-cente Reading package lists... Error! E: Encountered a section with no Package: header E: **Problem with MergeList** /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_precise-security_universe_i18n_Translation-en E: The package lists or status file could not be parsed or opened. I tried doing this aswell: Run : cd ~/.cache; rm -r software-center (nothing happened) And this: Add /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1 to the Startup applications error message: eim@eim-VAIO:~$ /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1 Gtk-Message: Not loading module "atk-bridge": The functionality is provided by GTK natively. Please try to not load it. ** (polkit-gnome-authentication-agent-1:3563): WARNING **: Unable to register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: An authentication agent already exists for the given subject Cannot register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: An authentication agent already exists for the given subject I think I've done all the possible fix to this problem as suggested on my research. But I can't seem to get this work. Can someone please help? NOTE: Okay... Guess I just found the solution to my problem. I'll just post the answer here since I can't answer my own question yet. Open terminal: sudo rm /var/lib/apt/lists/* -vf sudo apt-get update Now I can open my Software Center! I found the answer here: How do I fix a "Problem with MergeList" error when trying to do an update?

Read the article

< Previous Page | 42 43 44 45 46 47 48 49 50 51 52 53 | Next Page >