Search Results

Search found 25503 results on 1021 pages for 'browser security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 52/1021 | < Previous Page | 48 49 50 51 52 53 54 55 56 57 58 59  | Next Page >

  • Uploading PDF or .doc and security

    - by Kamo
    I have a script that lets the user upload text files (PDF or doc) to the server, then the plan is to convert them to raw text. But until the file is converted, it's in its raw format, which makes me worried about viruses and all kinds of nasty things. Any ideas what I need to do to minimize the risk of these unknown files. How to check if it's clean, or if it's even the format it claims to be and that it does not crash the server.

    Read the article

  • SSRS 2008 Snapshotting Security

    - by Holy Christ
    Hi, I'm writing a report that will show data based on the User!UserID built into the SSRS infrastructure. The data is sensitive to the user's department. In addition to these department users, there will be admins that should be able to run for all departments, or have a report parameter to run for a specific department. Ideally, I'd like to use SSRS snapshotting so that users can rerun a report they ran on a previous date. It's important that a user can only view the snapshots he created for his department. My questions are: 1.) Does SSRS snapshotting provide a mechanism to limit viewing snapshots by the user that created them? 2.) Will I need to write two reports, one for the admin and one for the department users? I think I do since there isn't a way to secure report parameters. Thanks!

    Read the article

  • Security when using GWT RPC

    - by gerdemb
    I have an POJO in Google Web Toolkit like this that I can retrieve from the server. class Person implements Serializable { String name; Date creationDate; } When the client makes changes, I save it back to the server using the GWT RemoteServiceServlet like this: rpcService.saveObject(myPerson,...) The problem is that the user shouldn't be able to change the creationDate. Since the RPC method is really just a HTTP POST to the server, it would be possible to modify the creationDate by changing the POST request. A simple solution would be to create a series of RPC functions like changeName(String newName), etc., but with a class with many fields would require many methods for each field, and would be inefficient to change many fields at once. I like the simplicity of having a single POJO that I can use on both the server and GWT client, but need a way to do it securely. Any ideas?

    Read the article

  • Security of WCF endpoints

    - by Matt
    For the sake of argument, lets say that I've got a basicHttp WCF service. Besides implementing authentication (login/logout methods), what is stopping someone from just cracking open Visual Studio, adding a web reference to my website's service, and then playing playing around with my service? I'm not familiar with a method of stopping someone from doing this. The idea of someone downloading all of my Data/Operation contracts and then start playing around is keeping me up at night, and I like my sleep!

    Read the article

  • adobe air google app engine session security

    - by iamgopal
    i am creating a ria in adobe air with google app engine based server side. i am using google client login for user login purpose. which is working , but how do i maintain session securely ? ( i.e. from man-in-middle attacks etc ) . what are the best practice in this kind of applications ?

    Read the article

  • ColdFusion Security

    - by Andrew
    What are the best practices for securing a coldfusion webpage from malicious users? (including, but not limited to, sql injection attacks) Is cfqueryparam enough?

    Read the article

  • Security concerns for a multi-language site.

    - by The Rook
    I am converting a PHP MySQL web application written for English language into a Multi-Language site. Do you know any vulnerabilities that affect web applications in another language? Or perhaps vulnerabilities that could be introduced in the conversion of code base to support multiple languages. (If you know any vulnerabilities of this type in another language I'll give you a +1)

    Read the article

  • Best approach to create a security environment in Java

    - by Tom Brito
    I need to create a desktop application that will run third party code, and I need to avoid the third party code from export by any way (web, clipboard, file io) informations from the application. Somethig like: public class MyClass { private String protectedData; public void doThirdPartyTask() { String unprotedtedData = unprotect(protectedData); ThirdPartyClass.doTask(unprotectedData); } private String unprotect(String data) { // ... } } class ThirdPartyClass { public static void doTask(String unprotectedData) { // Do task using unprotected data. // Malicious code may try to externalize the data. } } I'm reading about SecurityManager and AccessControler, but I'm still not sure what's the best approach to handle this. What should I read about to do this implementation?

    Read the article

  • Security approach in web application

    - by meep
    Hello everyone. I am designing a web application in ASP.NET / C# where each registered user has the ability to add/modify/delete rows based on their user-id. Take this example: I am going to edit my route on the page /route.aspx?routeid=854 which belongs to me (user-id: 1). But because I am a curious guy I try to access /route.aspx?routeid=855 which belongs to another user (user-id: 2). How can I best avoid people from accessing other peoples data? Should I send each user id (from session) with each database-call, should I validate user/password on every page load or what is the best and most secure approach? I hope I made this clear enough.

    Read the article

  • Solr security question

    - by Camran
    I have a linux server, and I am about to upload a classifieds website to it. The website is php based. That means php code adds/removes classifieds, with the help of the users offcourse. The php-code then adds/removes a classified to a database index called Solr (like MySql). Problem is that anybody can currently access the database, but I only want the website to access the database (solr). Solr is on port 8983 as standard btw. My Q is, if I add a rule in my firewall (iptables), to only allow connections coming from the servers IP to the Solr port nr, would this solve my issue? Thanks

    Read the article

  • Code igniter authentication code in controller security question

    - by Prime Studios
    I have a main controller to handle the very front-end of my authentication system, it handles login, logout, update user info, etc. functions that I anticipate calling by POST'ing from views/forms. What about something like a "delete_user" function though? My thoughts are a button in someones admin panel would say "Delete Account" and it would post to "/auth/delete", and the function would delete the user based on their session username or id. This seems a bit open ended, you could send out a link to someone and when they opened it while in that application it would delete their account.. Whats the best way to handle this?

    Read the article

  • Lisp data security/validation

    - by Wayne Werner
    This is really just a conceptual question for me at this point. In Lisp, programs are data and data are programs. The REPL does exactly that - reads and then evaluates. So how does one go about getting input from the user in a secure way? Obviously it's possible - I mean viaweb - now Yahoo!Stores is pretty secure, so how is it done?

    Read the article

  • Does this introduce security vulnerabilities?

    - by mcmt
    I don't think I'm missing anything. Then again I'm kind of a newbie. def GET(self, filename): name = urllib.unquote(filename) full = path.abspath(path.join(STATIC_PATH, filename)) #Make sure request is not tricksy and tries to get out of #the directory, e.g. filename = "../.ssh/id_rsa". GET OUTTA HERE assert full[:len(STATIC_PATH)] == STATIC_PATH, "bad path" return open(full).read()

    Read the article

  • Custom security permission_types in Jetspeed

    - by shikarishambu
    Is it possible to create and manage custom permission types in Jetspeed. In addition to the default - folder, page, link, portlet I would like to add document as a type. I want to then use the list of permissions of type "document" that a principal has to manage access to documents. Thanks

    Read the article

  • Spring security @notation for IS_AUTHENTICATED_FULLY?

    - by wuntee
    I am simply trying to allow a user access to a method if they are authenticated, but nothing I am doing seems to work. Is there a way to just check if the user has been authenticated? The following still denies the user even when authenticated... Is there a built in role for an authenticated user? @RequestMapping("/secure") @PreAuthorize("hasRole('IS_AUTHENTICATED_FULLY')") public String secure(ModelMap map){ return("secure"); }

    Read the article

  • Spring security - same page to deliver different content based on user role

    - by Ramesh
    Hello, i tried to search for any previous post related to my issue but couldnt find any. I have a scenario where in page handles 3 different scenarios and one of them not working. This page returns different content depending on if the user is authenticated or anonymous. localhost:8080/myApp/muUrl?test=authenticatedContent - used for Scenario 1 & 2 localhost:8080/myApp/muUrl?test=anonymousContent - used for Scenario 3 Scenario: 1) Authenticated user accesing the page url - the user gets displayed correct information. Works fine 2) Anonymous user accesing page URL with parameters that requires authentication - If anonymous, there is second level of check on the content they are accessing. for example, based on the GET parameters, there is custom logic to determine if the user has to be authenticated. In which case the page gets redirected to login page (WORKS fine). 3) Anonymous user accessing page URL with parameters that doesnt need authentication - in this case i get the SAvedRequest and redirect to the URL which is taking me to an infinite loop. Am i missing something very obvious or is there a way in AuthenticationProcessFilterEntryPoint to say "DON'T redirect to LOGIN page but process it" ? thanks.

    Read the article

  • .NET security: how to check if a method is allowed to execute under current user's perrmissions

    - by Gart
    Given an ASP.NET MVC Controller class declaration: public class ItemController : Controller { public ActionResult Index() { // ... } public ActionResult Details() { // ... } [Authorize(Roles="Admin, Editor")] public ActionResult Edit() { // ... } [Authorized(Roles="Admin")] public ActionResult Delete() { // .. } } I need to reflect a list of methods in this class which may be invoked with the current user's permissions. The [Authorized] attribute is specific to ASP.NET MVC, and this is only an example. I would prefer a universal solution for this problem which works for any .NET class. Please share some ideas of what could be done in this case.

    Read the article

  • Web Form Security

    - by brandon14_99
    I set a cookie in the headers with an md5 hashed keyword. Then in my code, it checks for the exact matching cookie before displaying a form. Is this pretty much pointless? The form submits to an external site, so I am trying to secure the form without using captcha..

    Read the article

  • In App Purchase Resources Security.

    - by jAmi
    Hi I am setting up in app purchase where user can buy different Sounds. Once bought, he can play those sounds in the App. The Sound files are all present in my Resources Folder and I just keep a record(in a plist) of the files that have been purchased. No If I right click on the IAP file and see its content I can see the Resources, hence any one can have those sounds without actually buying them. Is there a protected Bundle or something?

    Read the article

  • Cookiless Session Is it a security risk?

    - by Costa
    Hi http://msdn.microsoft.com/en-us/library/aa479314.aspx You have a user who successfully log in from a machine in Cybercafe, Hacker H able to sniff the network and get the sessionID of the user, Can H use the sessionId and act as the user from another machine? Can H enter http://folder/(session id)/CreditCardInformation.aspx to know the credit card number of the user?

    Read the article

  • Client / Server security from mobile to website

    - by Amir Latif
    Hey. Am new to the world of web programming and learning a bunch of fairly simple new pieces of tech, trying to piece them all together. So, we have a simple client (currently iPhone, to move to J2ME soon) that's pulling down lists of data via PHP, which is talking to a MySQL db. I have a rudimentary user/login system so that data is only served to someone who matches a known user etc, either on the website or on the client. All the php scripts on the website that query the DB check to make sure an active session is in place, otherwise dumping the user back to the login screen. I've read a little about SSL and want to know if that is sufficient to protect the website AND the data passing between the server and the client?

    Read the article

  • Basic security, PHP mySQl

    - by yuudachi
    So I am making a basic log-in page. I have a good idea of what to do, but I'm still unsure of some things. I have a database full of students and a password column of course. I know I'm going to use md5 encryption in that column. The student enters their e-mail and student ID, and they get e-mailed a password if correct. But, where do I create the password? Do I have to manually add the password (which is just a randomly generated string) in mySQL to all the students? And I am suppose to send the password to the student; how will I know what to send the student if the password is encrypted? I was thinking about generating the password when the student first enters their e-mail and student ID. They get an e-mail of the random string, and at the same time, I add the same random string to the database, encrypted. Is that how it's suppose to work though? And it feels unsafe doing that all on the same page. Sorry for the long-winded, newbish question. I find this all facisnating at the same time as well (AES and RSA encryption :O)

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 48 49 50 51 52 53 54 55 56 57 58 59  | Next Page >