Search Results

Search found 6397 results on 256 pages for 'secure emails'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 47/256 | < Previous Page | 43 44 45 46 47 48 49 50 51 52 53 54  | Next Page >

  • is this a secure approach in ActiveRecords in Rails?

    - by Adnan
    Hello, I am using the following for my customers to unsubscribe from my mailing list; def index @user = User.find_by_salt(params[:subscribe_code]) if @user.nil? flash[:notice] = "the link is not valid...." render :action => 'index' else Notification.delete_all(:user_id => @user.id) flash[:notice] = "you have been unsubscribed....." redirect_to :controller => 'home' end end my link looks like; http://site.com/unsubscribe/32hj5h2j33j3h333 so the above compares the random string to a field in my user table and accordingly deletes data from the notification table. My question; is this approach secure? is there a better/more efficient way for doing this? All suggestions are welcome.

    Read the article

  • Architecture of a secure application that encrypts data in the database.

    - by Przemyslaw Rózycki
    I need to design an application that protects some data in a database against root attack. It means, that even if the aggressor takes control over the machine where data is stored or machine with the application server, he can't read some business critical data from the database. This is a customer's requirement. I'm going to encrypt data with some assymetric algorithm and I need some good ideas, where to store private keys, so that data is secure as well as the application usability was quite comfortable? We can assume, for simplicity, that only one key pair is used.

    Read the article

  • How do I secure a folder used to let users upload files?

    - by Eduardo Molteni
    I have a folder in my web server used for the users to upload photos using an ASP page. Is it safe enough to give IUSR write permissions to the folder? Must I secure something else? I am afraid of hackers bypassing the ASP page and uploading content directly to the folder. I'm using ASP classic and IIS6 on Windows 2003 Server. The upload is through HTTP, not FTP. Edit: Changing the question for clarity and changing my answers as comments.

    Read the article

  • How do I secure password parameters in RESTful web service URIs?

    - by adam
    i'm a newbie to server-side programming, so please forgive me if this gets messy. i've been contracted to create a web service to allow authenticated users to access a database. users have to enter a login and password. been reading and reading about REST vs SOAP, and i thought i'd settled on a RESTful design when i came across this statement: "Data that needs to be secure should not be sent as parameters in URIs." this seems like a major demerit against a RESTful approach. i'm aware that with https the password would be encrypted to prevent man-in-the-middle interception, but that leaves the server logs and client history as possible exposure points. is there a RESTful solution out there for this problem, or do i need to go SOAPy? any advice appreciated.

    Read the article

  • Secure xml messages being read from database into app.

    - by scope-creep
    I have an app that reads xml from a database using NHibernate Dal. The dal calls stored procedures to read and encapsulate the data from the schema into an xml message, wrap it up to a message and enqueue it on an internal queue for processing. I would to secure the channel from the database reads to the dequeue action. What would be the best way to do it. I was thinking of signing the xml using System.Security.Cryptography.Xml namespace, but is their any other techniques or approaches I need to know about? Any help would be appreciated. Bob.

    Read the article

  • Post data with jQuery to ASP.net, am I doing this secure enough?

    - by Wim Haanstra
    For a website I am building, I am using jQuery to post data to Generic Handlers I created for this purpose. Because you need to be logged in, to do most post actions (like 'rate a picture'), I am currently using the following technique: User visits page Page determines if user is logged in On Page_Load the page fills a hidden field with an encrypted string, which contains several needed variables, like User ID, Picture ID (of the picture they are currently viewing), the DateTime when the page was rendered. When the user clicks a "I like this picture"-button, I do a $.ajax post to my Generic Handler, with the encrypted string and the value whether or not they liked the picture. The Generic Handler decrypts the supplied encrypted string and takes a look at the DateTime to determine if it was not too long ago When everything works out, the vote is submitted to the database. In my understanding this is a pretty secure way to handle a situation like this. But maybe I am missing a very important point here. Any advice would be very welcome.

    Read the article

  • Is there an easy way to add a secure file upload form (username, password, select file) to a website

    - by user346602
    Hi, I am very new to website design. Have an architect who wants his clients to enable his clients to upload (ftp - but don't know if http could be a better alternative?) files (plans etc.) to him, through the website I'm designing for him. I have seen similar things available on printers websites... I have seen uploadify, but it requires flash (I can only code HTML, CSS and a tiny bit of PHP), and don't think it is a secure option. I have also seen net2ftp, but don't really understand how it works. Any direction would be sincerely appreciated.

    Read the article

  • Python - Why ever use SHA1 when SHA512 is more secure?

    - by orokusaki
    I don't mean for this to be a debate, but I'm trying to understand the technical rationale behind why so many apps use SHA1, when SHA512 is more secure. Perhaps it's simply for backwards compatibility. Besides the obvious larger size (128 chars vs 40), or slight speed differences, is there any other reason why folks use the former? Also, SHA-1 I believe was first cracked by a VCR's processor years ago. Has anyone cracked 512 yet (perhaps with a leaf blower), or is it still safe to use without salting?

    Read the article

  • require user to login in at login screen before giving access to iPhone app that accesses secure web

    - by MikeN
    On iPhone, how do I show a login screen to get username and password before giving access to iPhone app? Also, does the iPhone store a cookie to the secure website like a web browser? I was thinking of giving users to my website a long API key to store in the settings of their iPhone instead of asking them to login with a username/password (seems to be the Slicehost iPhone app approach.) Which is the best way to get a user to login securely? I have full control over the design of the iPhone app and website so have a lot of flexibility.

    Read the article

  • Correcting an UPDATE statement (and making it more secure!)

    - by Jess
    I'm trying to a single value in my DB...When I run it through the console, it works correctly (as I'm replacing the variables with numbers and text).. However, My query is not running correctly. It's just prompting a syntax error Here is what I have: "UPDATE books SET readstatus='".$readstatus."' WHERE book_id=".$book_id; This won't work, I also tried doing something like this as I'm told this makes it a bit more secure? : "UPDATE books SET readstatus='{$readstatus}', WHERE read_id='{read_id}'"; This does not prompt any errors, but no change is happeneing to the value in the DB, I'm guessing the syntax is incorrect.

    Read the article

  • How to use perl for SMTP connection with user and SSL Auth and send emails with attachment

    - by Octopus
    I am using a SMTP mail server which require user + ssl authentication for connection. I am looking for the perl modules to connect to the mail server and send emails but doesn't found anything helpful. Any suggestion for perl module or any perl code would be really appreciated. EDIT I have tried to use Mail::Sendmail and Net::SMTP::SSL to connect to the sendmail server and send mail. Below is the sample code but getting the error user unknown. Error: mail: Net::SMTP::SSL=GLOB(0x9599850) not found RCPT TO: error (550 5.1.1 <[email protected]>... User unknown). Code: #!/usr/bin/perl use strict; use warnings; use Mail::Sendmail; use Net::SMTP::SSL; my %mail = ( #To=> 'No to field this time, only Bcc and Cc', From=> '[email protected]', Cc=> '[email protected]', # Cc will appear in the header. (Bcc will not) Subject => 'Test message', 'X-Mailer' => "Mail::Sendmail version $Mail::Sendmail::VERSION", ); $mail{Smtp} = Net::SMTP::SSL->new("mail.server.com", Port=> 465); $mail{auth} = {user=>'username', password=>"password", required=>1 }; $mail{'X-custom'} = 'My custom additionnal header'; $mail{Message} = "The message key looks terrible, but works."; # cheat on the date: $mail{Date} = Mail::Sendmail::time_to_date( time() - 86400 ); if (sendmail %mail) { print "Mail sent OK.\n" } else { print "Error sending mail: $Mail::Sendmail::error \n" } print "\n\$Mail::Sendmail::log says:\n", $Mail::Sendmail::log;

    Read the article

  • How secure is a bluetooth keyboard against password sniffing?

    - by jhs
    In a situation where an admin will enter sensitive information into a keyboard (the root password), what is the risk that a bluetooth keyboard (ship by default with Mac systems these days) would put those passwords at risk? Another way of asking would be: what security and encryption protocols are used, if any, to establish a bluetooth connection between a keyboard and host system?

    Read the article

  • Optimized CSF LFD to miminize false positive emails on new install? Centos6.2 + ISPConfig3

    - by Damainman
    I have a remote dedicated server running CentOS 6.2 x64bit with ISPConfig3. This is a brand new install. Server Purpose: Basic LAMP Web Hosting with PureFTPD, BIND, CLAMAV, RKHunter. Any advice or link to a guide which will clearly explain how to optimize the CSF+LFD configuration is greatly appreciated. I am not exactly sure on where to start what I shouldn't loosen the restrictions on. At the moment my inbox is flooding with alerts from LFD such as: Suspicious process running under user postfix Excessive resource usage: haldaemon Account: haldaemon Resource: Process Time Exceeded: 1823 1800 (seconds) Executable: /usr/sbin/hald Command Line: hald PID: 1031 Killed: No Excessive resource usage: amavis Time: Tue Jun 5 12:43:35 2012 -0700 Account: amavis Resource: Virtual Memory Size Exceeded: 330 200 (MB) Executable: /usr/bin/perl Command Line: amavisd (virgin child) PID: 27931 Killed: No Excessive resource usage: apache Time: Tue Jun 5 12:35:33 2012 -0700 Account: apache Resource: Virtual Memory Size Exceeded: 437 200 (MB) Executable: /usr/sbin/httpd Command Line: /usr/sbin/httpd PID: 27286 Killed: No

    Read the article

  • How to Create a New Signature in Outlook 2013

    - by Lori Kaufman
    If you sign your emails the same way most of the time, you can create signatures in Outlook that you can attach to your emails. Easily create a signature for business emails and a different one for personal emails. To create a new signature, open Outlook and click the File tab. Click Options in the menu list on the left side of the Account Information screen. On the Outlook Options dialog box, click Mail in the list of options on the left side of the dialog box. On the Mail screen, click Signatures in the Compose messages section. Click New under the Select signature to edit box on the Signatures and Stationery dialog box. A dialog box displays asking for a name for this signature. Enter a descriptive name in the edit box and click OK. You are returned to the Signatures and Stationery dialog box and the name you entered displays in the Select signature to edit box. If it’s the only signature, it will be automatically selected. Enter the text for your signature in the Edit signature box. Select the text and apply font, size, and other character and paragraph formatting as desired. Click OK to accept your changes and close the dialog box. Click OK on the Outlook Options dialog box to close it. Now, when you create a new email message, the default signature is added to the body of your email automatically. If you only have one signature set up, that will be the default signature. Stay tuned for information about setting the default signature, using the signature editor, inserting and changing signatures manually, backing up and restoring your signatures, and modifying a signature for plain text emails, in future articles.     

    Read the article

  • How Do I Secure WordPress Blogs Against Elemento_pcx Exploit?

    - by Volomike
    I have a client who has several WordPress 2.9.2 blogs that he hosts. They are getting a deface kind of hack with the Elemento_pcx exploit somehow. It drops these files in the root folder of the blog: -rw-r--r-- 1 userx userx 1459 Apr 16 04:25 default.htm -rw-r--r-- 1 userx userx 1459 Apr 16 04:25 default.php -rw-r--r-- 1 userx userx 1459 Apr 16 04:25 index.asp -rw-r--r-- 1 userx userx 1459 Apr 16 04:25 index.aspx -rw-r--r-- 1 userx userx 1459 Apr 16 04:25 index.htm -rw-r--r-- 1 userx userx 1459 Apr 16 04:25 index.html -rwxr-xr-x 1 userx userx 1459 Apr 16 04:25 index.php* It overwrites index.php. A keyword inside each file is "Elemento_pcx". It shows a white fist with a black background and the phrase "HACKED" in bold letters above it. We cannot determine how it gets in to do what it does. The wp-admin password isn't hard, but it's also not very easy either. I'll change it up a little to show you what the password sort of looks like: wviking10. Do you think it's using an engine to crack the password? If so, how come our server logs aren't flooded with wp-admin requests as it runs down a random password list? The wp-content folder has no changes inside it, but is run as chmod 777 because wp-cache required it. Also, the wp-content/cache folder is run as chmod 777 too.

    Read the article

  • In Puppet, how would I secure a password variable (in this case a MySQL password)?

    - by Beaming Mel-Bin
    I am using Puppet to provision MySQL with a parameterised class: class mysql::server( $password ) { package { 'mysql-server': ensure => installed } package { 'mysql': ensure => installed } service { 'mysqld': enable => true, ensure => running, require => Package['mysql-server'], } exec { 'set-mysql-password': unless => "mysqladmin -uroot -p$password status", path => ['/bin', '/usr/bin'], command => "mysqladmin -uroot password $password", require => Service['mysqld'], } } How can I protect $password? Currently, I removed the default world readable permission from the node definition file and explicitly gave puppet read permission via ACL. I'm assuming others have come across a similar situation so perhaps there's a better practice.

    Read the article

  • How can we use Microsoft Groove with peers existing in both secure and unsecured network segments?

    - by MikeHerrera
    We have been instructed to implement a Microsoft Groove workspace. This would normally not be a concern, but the workspace will be utilized by machines which exist in our internal/restricted network as well as from peers from an outside/unknown network. Does there exist a best-practice for such an implementation?... or would this potentially expose the restricted network too broadly?

    Read the article

  • How can I secure Postgres for remote access when not in a private network?

    - by orokusaki
    I have a database server on a VMWare VM (Ubuntu 12.04.1 LTS server), and it just occurred to me that the server is accessible via the web, since the same physical server contains a VM that hosts public websites. My iptables in the database are such that only SSH traffic, loopback traffic, and TCP on port 5432 are allowed. I will only allow host access to the Postgres server from the IP of the other VM on the same physical machine. Does this seem sufficient for security, assuming there aren't gaping holes in my general OS configuration, or is Postgres one of those services that should never be web facing, (assuming there are some of "those"). Will I need to use hostssl instead of host in my pg_hba.conf, even though the data will travel only on my own network, presumably?

    Read the article

  • Which video types are considered secure/trusted by Windows Vista Media Center?

    - by Page Brooks
    I've been working to set up a Windows Vista Media Center and I noticed that when I play certain DVDs, the video is scrambled. After watching this video, I think it is because Windows Vista considers Component Cables to be untrusted and therefore scrambles the video. The video says that VGA is a trusted video type, but I was curious of which other types are trusted? If I were to use a DVI to HDMI cable, would that be trusted? Edit: Scrambled as in: The video looks like a rainbow checkerboard. The audio plays as expected. I'm using component cables for the connection to my TV.

    Read the article

  • How to grant secure access to an untrusted developer to an exisiting virtual host?

    - by Margaret Thorpe
    Our security policy does not permit ftpd on our servers. Our trusted developers use ftps to access our webservers and they have full access to the server. How do we grant limited access to a single untrusted developer for an existing virtual host. Ive configured rssh to only allow sftp to our untrusted developer, but we dont want him browsing around our other sites. I've investigated chroot, but it seems overly complex and more for restricting access to their home folders. I want to limit access to /srv/www/vhostx/ and below. Whats the best solution?

    Read the article

  • Can I rely on S3 to keep my data secure?

    - by Jamie Hale
    I want to back up sensitive personal data to S3 via an rsync-style interface. I'm currently using s3cmd - a great tool - but it doesn't yet support encrypted syncs. This means that while my data is encrypted (via SSL) during transfer, it's stored on their end unencrypted. I want to know if this is a big deal. The S3 FAQ says "Amazon S3 uses proven cryptographic methods to authenticate users... If you would like extra security, there is no restriction on encrypting your data before storing it in Amazon S3." Why would I like extra security? Is there some way my buckets could be opened to prying eyes without my knowing? Or are they just trying to save you when you accidentally change your ACLs and make your buckets world-readable?

    Read the article

  • How to configure Dovecot to not serve large emails to high-latency clients?

    - by Daniel Quinn
    I have a Dovecot mailserver running at home on a flaky cable connection. For the most part, the IMAP functionality works beautifully, but I'd like to add one feature if I can: I want Dovecot not to serve large messages to high-latency clients. That is to say, if someone decides that it's a good idea to send me a 9.3mb email to me, I don't want to get it unless I'm on my LAN at home. This can't be an uncommon request, but I'm having trouble finding the configuration option in their documentation. Any ideas and/or good keywords to use in Googling would be awesome.

    Read the article

  • Can any postfix guru assist me determine how emails are still being sent via my server from unauthorized sources?

    - by Dave
    Hi all, I'm getting a little concerned as I run a small server hosting a number of websites and manage the email for a few dozen people. Just recently though I've had a couple of notifications from spamcop alerting me that spam has been sent from my server, and when I have a look over the logs from time to time I can indeed see that there are many repeated attempts of mail being sent from my server. Most of the time it gets knocked back from the destination servers but sometimes its getting through. Unfortunately I'm not linux or postfix expert, I can get by but had though I had my machine locked down quite securely, I don't allow relaying, when I check the online DNS/MX tools they tend to report my server as being OK so I'm not sure where to take it now and hoping someone might be able to throw me a few pointers. I get lots of entries like this in my MAIL.INFO log Jan 2 08:39:34 Debian-50-lenny-64-LAMP postfix/qmgr[15993]: 66B88257C12F: from=<>, size=3116, nrcpt=1 (queue active) Jan 2 08:39:34 Debian-50-lenny-64-LAMP postfix/qmgr[15993]: 614C2257C1BC: from=<[email protected]>, size=2490, nrcpt=3 (queue active) and Jan 7 16:09:37 Debian-50-lenny-64-LAMP postfix/error[6471]: 0A316257C204: to=<[email protected]>, relay=none, delay=384387, delays=384384/3/0/0.01, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mx.fakemx.net[46.4.35.23] refused to talk to me: 421 mx.fakemx.net Service Unavailable) Jan 7 16:09:37 Debian-50-lenny-64-LAMP postfix/error[6470]: 5848C257C20D: to=<[email protected]>, relay=none, delay=384373, delays=384370/3/0/0.01, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mx.fakemx.net[46.4.35.23] refused to talk to me: 421 mx.fakemx.net Service Unavailable) then there tends to be connection timeouts, so from what I see even though I had relaying disabled.. something is getting by and trying to send.. So if you can help that will be greatly appreciated, and any further logging/config info I can supply. Thanks

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 43 44 45 46 47 48 49 50 51 52 53 54  | Next Page >