Search Results

Search found 41147 results on 1646 pages for 'database security'.

Page 56/1646 | < Previous Page | 52 53 54 55 56 57 58 59 60 61 62 63  | Next Page >

  • Database mirroring login failure attempts on mirror server

    - by Chandan
    I have configured database mirroring between two servers at a distance 40 miles away from each other. Server specifications: SQL Server 2008,Standard Edition 64-bit This is same for principal,mirror and witness. The configuration is high-safety with automatic failover Initially we tested our .net application(web application) on both the principal and mirror and made sure that the login is not orpahned. Things run fine generally.But sometimes on the mirror server,I see login failed attempts: Login failed for user 'd0main\user'. Reason: Failed to open the explicitly specified database. [CLIENT: xx.xx.x.x] Message Error: 18456, Severity: 14, State: 38. This error appears 3-4 times a day but not more than that. My question to the experts is:If the principal is alive so why the application tries to connect to mirror.The default time-out for a .net webpage is 30 seconds,so is it possible that the application tries to connect principal and after 30 seconds even if principal is alive,it assumes that it is dead and thus tries to open a connection to mirror where it fails. Please help me with this problem.

    Read the article

  • Quick MySQLi security question

    - by Benjamin Falk
    I have a quick MySQLi security related question... For example, take a look at this code (gets in put from the user, checks it against the database to see if the username/password combination exist): $input['user'] = htmlentities($_POST['username'], ENT_QUOTES); $input['pass'] = htmlentities($_POST['password'], ENT_QUOTES); // query db if ($stmt = $mysqli->prepare("SELECT * FROM members WHERE username=? AND password = ?")) { $stmt->bind_param("ss", $input['user'], md5($input['pass'] . $config['salt'])); $stmt->execute(); $stmt->store_result(); // check if there is a match in the database for the user/password combination if ($stmt->num_rows > 0) {} } In this case, I am using htmlentities() on the form data, and using a MySQLi prepared statement. Do I still need to be using mysql_real_escape_string()?

    Read the article

  • Security of executing a command from php

    - by Nicolò Martini
    I'm writing a web application in which i use several thirdy party commands calling them with the exec function in PHP (for example, I render Latex formulas through a command-line program). My question is: what are the security issues of executing external command-line programs in php? What I have to be aware of? Can you give me a list of points to check? Thanks in advance.

    Read the article

  • HTML/JavaScript compation for security.

    - by BCS
    I just ran across this point that references a security vulnerability in Web Apps that depends on looking at the size of encrypted web pages to deduce what the uses is doing. The simplest solution to this I can think of would be to use a tool to minify all static content so that (after encryption) only a small number of result sizes exist so as to minimize the information available to an eavesdropper. Are there any tools for doing this?

    Read the article

  • Security Suggestions

    - by Kumar
    I am currently working on an ASP.NET 3.5 and C# web application which deals with users secure information like credit card numbers. What are some of the security measures which I need to take from an application development stand point so that I can sleep peacefully at night :)

    Read the article

  • Spring Security User

    - by DD
    What is best practise in Spring when creating a new user with custom attributes...to extend org.springframework.security.core.userdetails.User or to create the User in the UserDetailsService (this is the approach taken in the IceFaces tutorial). public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { AppUser user = userDAO.findUser(username); if (user == null) throw new UsernameNotFoundException("User not found: " + username); else { return makeUser(user); } } private User makeUser(AppUser user) { return new User(user.getLogin(), user .getPassword(), true, true, true, true, makeGrantedAuthorities(user)); }

    Read the article

  • Using web.config directory security and extensionless urls

    - by Matt Brailsford
    Hi Guys, I'd like to use the built in directory security features built into the web.config to restrict access to child pages of a parent page. My structure is as follows: Members Members/News Members/Press Members/Movies Users should be able to have access to the members parent page, but not child pages. My problem is, because I am using extensionless URLs, the web.config thinks this is a directory and so access is blocked. Is there a way to say only restrict access for sub pages?

    Read the article

  • Javascript reference external script file - security implications

    - by rkrauter
    Hi, If I have a reference to an external third party JavaScript file on my website, what are the security implications? Can the JavaScript file be used to steal cookies? One example of this is the Google Analytics JavaScript reference file. Could the third party technically steal cookies or any other sensitive information from my logged on users (XSS)? The whole cross domain scripting has me confused sometimes. Thanks!

    Read the article

  • Error code 1005 (errno: 121) upon create table while restoring MySQL database from a dump

    - by Jonathan
    I have a linux prod machine and a Win7 64bit dev machine. My workflow includes dumping the production MySQL database on the linux machine and restoring it in my local MySQL database on the windows machine (using SQLyog). This worked fine for a long time. Following some trouble, I formatted and reinstalled my windows dev machine. Since then I'm unable to restore the db on it. I keep receiving the following error: Query: CREATE TABLE `auth_group` ( `id` int(11) NOT NULL auto_increment, `name` varchar(80) collate utf8_unicode_ci NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `name` (`name`) ) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci Error occured at:2010-06-26 17:16:14 Line no.:30 Error Code: 1005 - Can't create table 'ap_site.auth_group' (errno: 121) Notice that this is the first create table statement in the sql dump file. This error occurs both on MySQL Community Server 5.1.41 and 5.1.48 and with SQLyog Community 8.0.4 and 8.5.1. I really don't know what's different in my configuration from before the reinstall and now and why does it have this effect. Restoring from sql dump is something I need to keep on doing, so I need a permanent fix and not a tailored workaround.

    Read the article

  • Security-Active Application in background-Does it store image of current screen

    - by user1509593
    Is this a probable security flaw. A user in public (lets say Starbucks) tries to log in to iOS application. He enters user id and password [Password is hidden using xxxxxxxx (not exposed)] and a call comes in or he presses home and the application goes to background. a) Does iOS store an image of current screen b) A malicious hacker with intent takes control of the device. Can he read the password ? Do we have to clear out sensitive information while going to background

    Read the article

  • WebService Security

    - by LauzPT
    Hello, I'm developing an project, which consists in a webservice and a client application. It's a fair simple scenario. The webservice is connected to a database server, and the client consumes from the webserver in order to get information retrieved from the database. The thing is: 1. The client application can only display data after a previous authentication; 2. All the data transferred between Web Service and clients must be confidential; 3. Data integrity shouldn’t be compromised; I'm wondering what is the best way to achieve these requirements. The first thing I thought about, was sending the server a digital signature containing a client certificate, to be stored in the server, and used as comparison for authentication. But I investigated a little about webservice security, and I'm no longer certain that this is the best option. Can anyone give me an opinion about this? TIA

    Read the article

  • File System and security (PHP)

    - by Felicita
    Consider a simple file upload system written in php. Customer has access only in admin panel. (Not FTP). He may change folder option from 707 to 755 for security issue. How can do this? Can we do this from upload script ? If yes is this a secure application?

    Read the article

  • Thread pool stack security issue

    - by elmatador
    In a naive implementation of a thread pool, can a piece of code that is being executed read the data left by some previous code on the stack (if it was running on the same thread instance)? Also, are there any other inherent security issues connected to thread pools?

    Read the article

  • Security Resources Defining, Static/Dynamic

    - by mmontalvo
    I am implementing a simple(hopefully) security manager within an application. Is it better to have predefined(static) roles, custom roles(dynamic)? I am leaning more towards dynamic groups or roles only because then it would not require a redeploy to update the system. Also, what would be the best approach to define resources in general? The application has a database that can hold either the static or dynamic values.

    Read the article

  • spring-security and jsf

    - by Mike
    Hi! i am developing in JSF a Spring Security application. the login form is fine. however, when i try to retrieve the authentication object, in future code, i always get the authentication pricipal as anonymous. i try to fetch is like this: Authentication auth = SecurityContextHolder.getContext().getAuthentication();

    Read the article

< Previous Page | 52 53 54 55 56 57 58 59 60 61 62 63  | Next Page >