Search Results

Search found 20283 results on 812 pages for 'security context'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 50/812 | < Previous Page | 46 47 48 49 50 51 52 53 54 55 56 57  | Next Page >

  • What type of security problems are mitigated by this .NET architecture?

    - by Jonno
    Given the following physical layout for a .NET web application: DB (sql server, windows) - No public route (no table access, only stored procs) Web Service DAL (iis, windows) - No public route (can be accessed by web server via port 80 and 443) Web Server (iis, windows) - Public route (only via port 80 and 443) What type(s) / examples of attack could be used to compromise the public web server but would be blocked by the Web Service DAL? i.e. can you think of concrete attack types that the DAL stops? Please note, I am interested only in the security aspect, not scaling / fault tolerance / performance / etc. In my mind if the web server has been compromised using an attack over port 80/443, then the same attack would work over port 80/443 to the Web Service DAL box.

    Read the article

  • Nginx 'if' statement in http context?

    - by andy
    I want to set a variable in the http context of nginx so it applies to all my servers. However, 'if' is only supported in server & location. How can I set a variable in the http context so it will affect all servers? Might the lua module be able to help with this (although I'd rather have a pure nginx solution). If so, please provide an example. I just want to set the following variable so it applies to all servers: # only allow gzip encoding. For all other cases, use identity (uncompressed) if ($http_accept_encoding ~* "gzip") { set $sanitised_accept_encoding "gzip"; } if ($http_accept_encoding != "gzip") { set $sanitised_accept_encoding ""; }

    Read the article

  • apache: lists of all directives for a context?

    - by ajsie
    in the apache online documentation each directive could belong to a context eg: server-config, virtualhost, directory, .htaccess and so on. i wonder if there is a list of all directives belonging to each context? eg. a list with all directives for virtualhost so i know exactly which one i can use? and also, where can i find directives for apache modules? on their page or does each module has its own page with documentation (eg. mod_rewrite)?

    Read the article

  • Oracle Key Vault - Hardware Security Modul für TDE und mehr

    - by Heinz-Wilhelm Fabry (DBA Community)
    Anfang August hat Oracle ein neues Produkt namens Oracle Key Vault (OKV) zum Einsatz freigegeben. Es handelt sich dabei um ein Hardware Security Modul (HSM) - also um ein Stück Hardware zum Speichern von Schlüsseln, Passwörtern und Dateien, die Schlüssel und Passwörter enthalten. Oracle Datenbank Installationen nutzen die zuletzt genannte Form des Speicherns von Passwörtern und Schlüsseln in Dateien für Oracle Advanced Security Transparent Data Encryption (TDE) und external password stores. Die Dateien werden in den Versionen 10 und 11 der Datenbank als Wallets bezeichnet, in der Version 12 als Keystores. Allerdings gibt es auch schon seit der Datenbankversion 11.2 beim Einsatz von TDE die Möglichkeit, statt der Wallets / Keystores HSMs einzusetzen. Da Oracle selbst kein eigenes HSM Produkt anbieten konnte, haben Unternehmenskunden dann auf Produkte anderer Anbieter zurückgegriffen. Das kann sich mit OKV nun ändern. Abhängig vom Bedrohungsszenario kann die Entscheidung gegen den Einsatz von Wallets / Keystores und für den Einsatz eines HSMs durchaus sinnvoll sein, denn ein HSM bietet mehr Sicherheit: Eine Betriebssystemdatei kann leichter gestohlen (kopiert) werden, als ein HSM, das in der Regel als speziell gesicherte Steckkarte in einem Rechner eingebaut ist oder als eigenes Gerät geschützt in einem Rechenzentrum steht. ein HSM kann anders als ein Wallet / Keystore systemübergreifend verwendet werden. Das erlaubt eine gemeinsame Nutzung von Schlüsseln - was wiederum zum Beispiel den Einsatz von TDE auf RAC Installationen perfekt unterstützt. ein HSM kann von mehreren Anwendungen genutzt werden. Das erleichtert das Konsolidieren und Verwalten von Passwörtern und Schlüsseln. Im aktuellen Tipp wird als Einführung in das neue Produkt dargestellt, wie OKV für TDE genutzt werden kann.

    Read the article

  • MVP Pattern Philsophical Question - Security Checking in UI

    - by Brian
    Hello, I have a philosophical question about the MVP pattern: I have a component that checks whether a user has access to a certain privilege. This privilege turns on or off certain UI features. For instance, suppose you have a UI grid, and for each row that gets bound, I do a security check to see if certain features in the grid should be enabled or disabled. There are two ways to do this: have the UI/view call the component's method, determine if it has access, and enable/disable or show/hide. The other is have the view fire an event to the presenter, have the presenter do the check and return the access back down to the view through the model or through the event arg. As per the MVP pattern, which component should security checks fit into, the presenter or the view? Since the view is using it to determine its accessibility, it seems more fitting in the view, but it is doing database checks and all inside this business component, and there is business logic there, so I can see the reverse argument too. Thoughts? Thanks.

    Read the article

  • Top 25 security issues for developers of web sites

    - by BizTalk Visionary
    Sourced from: CWE This is a brief listing of the Top 25 items, using the general ranking. NOTE: 16 other weaknesses were considered for inclusion in the Top 25, but their general scores were not high enough. They are listed in the On the Cusp focus profile. Rank Score ID Name [1] 346 CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') [2] 330 CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') [3] 273 CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') [4] 261 CWE-352 Cross-Site Request Forgery (CSRF) [5] 219 CWE-285 Improper Access Control (Authorization) [6] 202 CWE-807 Reliance on Untrusted Inputs in a Security Decision [7] 197 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [8] 194 CWE-434 Unrestricted Upload of File with Dangerous Type [9] 188 CWE-78 Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') [10] 188 CWE-311 Missing Encryption of Sensitive Data [11] 176 CWE-798 Use of Hard-coded Credentials [12] 158 CWE-805 Buffer Access with Incorrect Length Value [13] 157 CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion') [14] 156 CWE-129 Improper Validation of Array Index [15] 155 CWE-754 Improper Check for Unusual or Exceptional Conditions [16] 154 CWE-209 Information Exposure Through an Error Message [17] 154 CWE-190 Integer Overflow or Wraparound [18] 153 CWE-131 Incorrect Calculation of Buffer Size [19] 147 CWE-306 Missing Authentication for Critical Function [20] 146 CWE-494 Download of Code Without Integrity Check [21] 145 CWE-732 Incorrect Permission Assignment for Critical Resource [22] 145 CWE-770 Allocation of Resources Without Limits or Throttling [23] 142 CWE-601 URL Redirection to Untrusted Site ('Open Redirect') [24] 141 CWE-327 Use of a Broken or Risky Cryptographic Algorithm [25] 138 CWE-362 Race Condition Cross-site scripting and SQL injection are the 1-2 punch of security weaknesses in 2010. Even when a software package doesn't primarily run on the web, there's a good chance that it has a web-based management interface or HTML-based output formats that allow cross-site scripting. For data-rich software applications, SQL injection is the means to steal the keys to the kingdom. The classic buffer overflow comes in third, while more complex buffer overflow variants are sprinkled in the rest of the Top 25.

    Read the article

  • Fuzzing for Security

    - by Sylvain Duloutre
    Yesterday, I attended an internal workshop about ethical hacking. Hacking skills like fuzzing can be used to quantitatively assess and measure security threats in software.  Fuzzing is a software testing technique used to discover coding errors and security loopholes in software, operating systems or networks by injecting massive amounts of random data, called fuzz, to the system in an attempt to make it crash. If the program contains a vulnerability that can leads to an exception, crash or server error (in the case of web apps), it can be determined that a vulnerability has been discovered.A fuzzer is a program that generates and injects random (and in general faulty) input to an application. Its main purpose is to make things easier and automated.There are typically two methods for producing fuzz data that is sent to a target, Generation or Mutation. Generational fuzzers are capable of building the data being sent based on a data model provided by the fuzzer creator. Sometimes this is simple and dumb as sending random bytes, swapping bytes or much smarter by knowing good values and combining them in interesting ways.Mutation on the other hand starts out with a known good "template" which is then modified. However, nothing that is not present in the "template" or "seed" will be produced.Generally fuzzers are good at finding buffer overflow, DoS, SQL Injection, Format String bugs etc. They do a poor job at finding vulnerabilites related to information disclosure, encryption flaws and any other vulnerability that does not cause the program to crash.  Fuzzing is simple and offers a high benefit-to-cost ratio but does not replace other proven testing techniques.What is your computer doing over the week-end ?

    Read the article

  • Security in Robots and Automated Systems

    - by Roger Brinkley
    Alex Dropplinger posted a Freescale blog on Securing Robotics and Automated Systems where she asks the question,“How should we secure robotics and automated systems?”.My first thought on this was duh, make sure your robot is running Java. Java's built-in services for authentication, authorization, encryption/confidentiality, and the like can be leveraged and benefit robotic or autonomous implementations. Leveraging these built-in services and pluggable encryption models of Java makes adding security to an exist bot implementation much easier. But then I thought I should ask an expert on robotics so I fired the question off to Paul Perrone of Perrone Robotics. Paul's build automated vehicles and other forms of embedded devices like auto monitoring of commercial vehicles on highways.He says that most of the works that robots do now are autonomous so it isn't a problem in the short term. But long term projects like collision avoidance technology in automobiles are going to require it.Some of the work he's doing with his Java-based MAX, set of software building blocks containing a wide range of low level and higher level software modules that developers can use to build simple to complex robot and automation applications faster and cheaper, already provide some support for JAUS compliance and because their based on Java, access to standards based security APIs.But, as Paul explained to me, "the bottom line is…it depends on the criticality level of the bot, it's network connectivity, and whether or not a standards compliance is required."

    Read the article

  • Oracle BI Mobile Security Toolkit For iPad Available for Download

    - by Mike.Hallett(at)Oracle-BI&EPM
    Normal 0 false false false EN-GB X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} Oracle BI Mobile Security Toolkit for Apple iPad is now available for download from the Oracle Technology Network here. This toolkit provides the ability to generate a signed version of the Oracle BI Mobile HD application; making use of Apple’s Xcode and the IOS SDKs. With this, partners and customers can get the unsigned, unpacked version of the Oracle BI Mobile app, and combine it with a third-party mobile security vendor of your choice to create a more secure, “containerized” version of Oracle BI Mobile.

    Read the article

  • How can I use a custom configured RememberMeAuthenticationFilter in spring security?

    - by Sebastian
    I want to use a slightly customized rememberme functionality with spring security (3.1.0). I declare the rememberme tag like this: <security:remember-me key="JNJRMBM" user-service-ref="gymUserDetailService" /> As I have my own rememberme service I need to inject that into the RememberMeAuthenticationFilter which I define like this: <bean id="rememberMeFilter" class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter"> <property name="rememberMeServices" ref="gymRememberMeService"/> <property name="authenticationManager" ref="authenticationManager" /> </bean> I have spring security integrated in a standard way in my web.xml: <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> Everything works fine, except that the RememberMeAuthenticationFilter uses the standard RememberMeService, so I think that my defined RememberMeAuthenticationFilter is not being used. How can I make sure that my definition of the filter is being used? Do I need to create a custom filterchain? And if so, how can I see my current "implicit" filterchain and make sure I use the same one except my RememberMeAuthenticationFilter instead of the default one? Thanks for any advice and/or pointers!

    Read the article

  • Finding JNP port in JBoss from Servlet

    - by Steve Jackson
    I have a servlet running in JBoss (4.2.2.GA and 4.3-eap) that needs to connect to an EJB to do work. In general this code works fine to get the Context to connect and make RMI calls (all in the same server). public class ContextFactory { public static final int DEFAULT_JNDI_PORT = 1099; public static final String DEFAULT_CONTEXT_FACTORY_CLASS = "org.jnp.interfaces.NamingContextFactory"; public static final String DEFAULT_URL_PREFIXES = "org.jboss.naming:org.jnp.interfaces"; public Context createContext(String serverAddress) { //combine provider name and port String providerUrl = serverAddress + ":" + DEFAULT_JNDI_PORT; //Set properties needed for Context: factory, provider, and package prefixes. Hashtable<String, String> env = new Hashtable<String, String>(3); env.put(Context.INITIAL_CONTEXT_FACTORY, DEFAULT_CONTEXT_FACTORY_CLASS); env.put(Context.PROVIDER_URL, providerUrl); env.put(Context.URL_PKG_PREFIXES, DEFAULT_URL_PREFIXES); return new InitialContext(env); } Now, when I change the JNDI bind port from 1099 in server/conf/jboss-service.xml I can't figure out how to programatically find the correct port for the providerUrl above. I've dumped System.getProperties() and System.getEnv() and it doesn't appear there. I'm pretty sure I can set it in server/conf/jndi.properties as well, but I was hoping to avoid another magic config file. I've tried the HttpNamingContextFactory but that fails "java.net.ProtocolException: Server redirected too many times (20)" env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.HttpNamingContextFactory"); env.put(Context.PROVIDER_URL, "http://" + serverAddress + ":8080/invoker/JNDIFactory"); Any ideas?

    Read the article

  • Run context.drawWindow method through a bookmarklet

    - by Kapil
    I want to capture a webpage as an image. I am able to do this using a firefox extension using context.drawWindow method. Now I want to strech myself and see if I can do this using a bookmarklet :) I remember reading somewhere that context.drawWindow() works only from the firefox toolbars. I dont know if that's still true or not. Can anyone shed some light if I can execute context.drawWindow() from a bookmarklet or no? Thanks Kapil

    Read the article

  • XSLT: look for a word and it's context

    - by farhad
    Hello! I need to search a word and it's context into an xml. For example <line>hello world, my name is farhad and i'm having trouble with xslt</line> looking for 'and', context of 3 words: <line>hello world, my <span class="context">name is farhad <span class="word">and</span> i'm having</span> trouble with xslt</line> How can i do? I wrote some xslt to find the word, but i can't go back 3 words to set span. This is my xslt: <xsl:variable name="delimiters">[,.;!?\s"()]+</xsl:variable> <xsl:template match="/"> <xsl:apply-templates select="//line"/> </xsl:template> <xsl:template match="line"> <line> <xsl:for-each select="tokenize(.,'\s')"> <xsl:choose> <!-- se l'ultimo carattere è di punteggiatura, prendo la sottostringa senza la punteggiatura --> <xsl:when test="compare(replace(.,$delimiters,'$1'),'red') = 0"> <span class="word"> <xsl:value-of select="."/> </span> </xsl:when> <xsl:otherwise> <xsl:value-of select="."/> <xsl:choose> <xsl:when test="position()=last()"> <xsl:text></xsl:text> </xsl:when> <xsl:otherwise> <xsl:text> </xsl:text> </xsl:otherwise> </xsl:choose> </xsl:otherwise> </xsl:choose> </xsl:for-each> </line><xsl:text> </xsl:text> </xsl:template> This is an example xml: http://pastebin.com/eAVM9CDQ . I have to search for context also on preceding tags, for example: <line>hello world,</line> <line>my name</line> <line>is farhad </line> <line>and i'm having</line> <line>trouble with xslt</line> so, looking for 'and', context of 3 words: <line>hello world,</line> <line>my <span class="context">name</line> <line>is farhad </line> <line><span class="word">and</span> i'm having</span></line> <line>trouble with xslt</line> with problems of overlapping, but now it's not a problem (i think i know how manage it). How can i search a word and its context? Thank you very much.

    Read the article

  • using context menu in silverlight 3

    - by ashishtripathi.hcu
    Hi all I am new in silverlight. I want to use context menu in treeview item in my silverlight 3 application . I have searched in the net regarding this I have found my custom application for this but I am not getting them .How to use context menu, how to add rightclick event for using context menu . Thanks in addvance

    Read the article

  • Recursive languages vs context-sensitive languages

    - by teehoo
    In Chomsky's hierarchy, the set of recursive languages is not defined. I know that recursive languages are a subset of recursively enumerable languages and that all recursive languages are decidable. What I'm curious about is how recursive languages compare to context-sensitive languages. Can I assume that context-sensitive languages are a strict subset of recursive languages, and therefore all context-sensitive languages are decidable?

    Read the article

  • list box items context menu WPF

    - by Eran
    hey guys, I have list box that contains UserControl as item template the user control contains few text blocks in a grid, the thing is that I want to add context menu to my user control that will show on the list item right click but currently only right clicking the textbox inside the user control triggers the context menu appearance clicking the spaces between those textboxes triggers nothing, any idea about how can I trigger the context menu from the container list box? Thanks Eran

    Read the article

  • How to change the security level of a local assembly to internet or customized permission set?

    - by Jamebo
    I built a assembly which is a class library, for example lib.dll . And I also have a application to access this lib, for example test.exe. I changed the security permission for the test.exe to "intranet". At the same time, I want to change lib.dll to "Internet" like this: (Because I want to do some testing for security.) CasPol.exe -m -ag 1.2 -strong -file lib.dll lib 1.0.0.0 Internent But it seems the lib.dll can not get the security permission as I wanted. What is wrong with the command? Or maybe there are some other better solutions? Thanks -Jamebo

    Read the article

  • How to read spring-application-context.xml and AnnotationConfigWebApplicationContext both in spring mvc

    - by Suvasis
    In case I want to read bean definitions from spring-application-context.xml, I would do this in web.xml file. <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/applicationContext.xml </param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> In case I want to read bean definitions through Java Configuration Class (AnnotationConfigWebApplicationContext), I would do this in web.xml <servlet> <servlet-name>appServlet</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextClass</param-name> <param-value> org.springframework.web.context.support.AnnotationConfigWebApplicationContext </param-value> </init-param> <init-param> <param-name>contextConfigLocation</param-name> <param-value> org.package.MyConfigAnnotatedClass </param-value> </init-param> </servlet> How do I use both in my application. like reading beans from both configuration xml file and annotated class. Is there a way to load spring beans in xml file while we are using AppConfigAnnotatedClass to instantiate/use rest of the beans.

    Read the article

  • How to tell if any entities in context are dirty with .Net Entity Framework 4.0

    - by Mike Gates
    I want to be able to tell if there is any unsaved data in an entity framework context. I have figured out how to use the ObjectStateManager to check the states of existing entities, but there are two issues I have with this. I would prefer a single function to call to see if any entities are unsaved instead of looping though all entities in the context. I can't figure out how to detect entities I have added. This suggests to me that I do not fully understand how the entity context works. For example, if I have the ObjectSet myContext.Employees, and I add a new employee to this set (with .AddObject), I do not see the new entity when I look at the ObjectSet and I also don't see the .Count increase. However, when I do a context.SaveChanges(), my new entity is persisted...huh? I have been unable to find an answer to this in my msdn searches, so I was hoping someone here would be able to clue me in. Thanks in advance.

    Read the article

  • How to use a different path name in ProxyPass than the Tomcat context name

    - by Diptendu Dutta
    Hello, I am using Tomcat 5.5.9 and Apache 2.x We are trying to use a path name in ProxyPass that is different than the Tomcat context name. ProxyPass /path http://localhost:8080/contextname However, this does not work. When these two are the same then everything works fine. Most examples I see on the net also have the path equal to the Tomcat context name. I am using "context.xml" within the Tomcat context and do NOT have "server.xml" entries. Also, I am using plain httd.conf and NOT using any VirtualHost entries. Any help is appreciated. Regards, Diptenu

    Read the article

  • At what level should security be implemented in a social network web application ?

    - by Rajkumar Gupta
    I am developing a social web application in php/mysql, I would like to hear your advice about what would be a better way to implement security. I am planning something like this:- At the presentation level, I restricting the user to see only those items/content he is eligible to see with the rights he is eligible & at the database level, whenever my data is read/ written or updated I verify that the person has rights to such interactions with that part of data. So for each action there is 2 layers of security one at the view level & another at the database level. Would double checking be much overhead ? ofcourse this handles only with the internal security issues ..

    Read the article

  • Merging a custom ContextMenuStrip with the system edit context menu in a DataGridView

    - by Tom
    I have a DataGridView in a VB.NET app that I have limited to cell selection only. The control has two columns, the first is not editable, the second is editable. I have a ContextMenuStrip that provides some additional functionality and I am able to make it appear when an editable cell receives a right click and is not in edit mode. Based on an example in a Microsoft forum, I am able to now show the context menu when an editable cell receives a right click while also in edit mode. That code is as follows: Private Sub DataGridView1_EditingControlShowing(ByVal sender As System.Object, ByVal e As System.Windows.Forms.DataGridViewEditingControlShowingEventArgs) Handles DataGridView1.EditingControlShowing If TypeOf e.Control Is TextBox Then With DirectCast(e.Control, TextBox) .ContextMenuStrip = ContextMenuStrip1 End With End If End Sub This, however, completely overwrites the system context menu of the editing control. How can I merge my Context Menu Strip (ContextMenuStrip1) with the system context menu? For further information, I am using VS2008, but targeting the .NET 2.0 platform.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 46 47 48 49 50 51 52 53 54 55 56 57  | Next Page >