Search Results

Search found 25629 results on 1026 pages for 'site maintenance'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 616/1026 | < Previous Page | 612 613 614 615 616 617 618 619 620 621 622 623  | Next Page >

  • SEO - List of links - Farmlinking?

    - by Rafael Carvalho
    I'd like to know if listing a set of partner sites/blogs is useful for the pagerank growth. Does Google see it as an incorrect act? I read somewhere that if people exchange links, google seeks it and marks as a bad technique. If it doesn't matter, is the content of the linked site relevant?

    Read the article

  • passing data to and from server using xml

    - by sapna
    i need to design a web site in which data is passed to and from the server using xml.i got it how to transform data from database to xml and then to html.but i am not able to find how to pass data from client to server using xml.webpages are designed using asp.is it possible to do pass data from client to server using xml.what are the things that are to be studied.help needed immediately.

    Read the article

  • SINGLE SIGN ON SECURITY THREAT! FACEBOOK access_token broadcast in the open/clear

    - by MOKANA
    Subsequent to my posting there was a remark made that this was not really a question but I thought I did indeed postulate one. So that there is no ambiquity here is the question with a lead in: Since there is no data sent from Facebook during the Canvas Load process that is not at some point divulged, including the access_token, session and other data that could uniquely identify a user, does any one see any other way other than adding one more layer, i.e., a password, sent over the wire via HTTPS along with the access_toekn, that will insure unique untampered with security by the user? Using Wireshark I captured the local broadcast while loading my Canvas Application page. I was hugely surprised to see the access_token broadcast in the open, viewable for any one to see. This access_token is appended to any https call to the Facebook OpenGraph API. Using facebook as a single click log on has now raised huge concerns for me. It is stored in a session object in memory and the cookie is cleared upon app termination and after reviewing the FB.Init calls I saw a lot of HTTPS calls so I assumed the access_token was always encrypted. But last night I saw in the status bar a call from what was simply an http call that included the App ID so I felt I should sniff the Application Canvas load sequence. Today I did sniff the broadcast and in the attached image you can see that there are http calls with the access_token being broadcast in the open and clear for anyone to gain access to. Am I missing something, is what I am seeing and my interpretation really correct. If any one can sniff and get the access_token they can theorically make calls to the Graph API via https, even though the call back would still need to be the site established in Facebook's application set up. But what is truly a security threat is anyone using the access_token for access to their own site. I do not see the value of a single sign on via Facebook if the only thing that was established as secure was the access_token - becuase for what I can see it clearly is not secure. Access tokens that never have an expire date do not change. Access_tokens are different for every user, to access to another site could be held tight to just a single user, but compromising even a single user's data is unacceptable. http://www.creatingstory.com/images/InTheOpen.png Went back and did more research on this: FINDINGS: Went back an re ran the canvas application to verify that it was not any of my code that was not broadcasting. In this call: HTTP GET /connect.php/en_US/js/CacheData HTTP/1.1 The USER ID is clearly visible in the cookie. So USER_ID's are fully visible, but they are already. Anyone can go to pretty much any ones page and hover over the image and see the USER ID. So no big threat. APP_ID are also easily obtainable - but . . . http://www.creatingstory.com/images/InTheOpen2.png The above file clearly shows the FULL ACCESS TOKEN clearly in the OPEN via a Facebook initiated call. Am I wrong. TELL ME I AM WRONG because I want to be wrong about this. I have since reset my app secret so I am showing the real sniff of the Canvas Page being loaded. Additional data 02/20/2011: @ifaour - I appreciate the time you took to compile your response. I am pretty familiar with the OAuth process and have a pretty solid understanding of the signed_request unpacking and utilization of the access_token. I perform a substantial amount of my processing on the server and my Facebook server side flows are all complete and function without any flaw that I know of. The application secret is secure and never passed to the front end application and is also changed regularly. I am being as fanatical about security as I can be, knowing there is so much I don’t know that could come back and bite me. Two huge access_token issues: The issues concern the possible utilization of the access_token from the USER AGENT (browser). During the FB.INIT() process of the Facebook JavaScript SDK, a cookie is created as well as an object in memory called a session object. This object, along with the cookie contain the access_token, session, a secret, and uid and status of the connection. The session object is structured such that is supports both the new OAuth and the legacy flows. With OAuth, the access_token and status are pretty much al that is used in the session object. The first issue is that the access_token is used to make HTTPS calls to the GRAPH API. If you had the access_token, you could do this from any browser: https://graph.facebook.com/220439?access_token=... and it will return a ton of information about the user. So any one with the access token can gain access to a Facebook account. You can also make additional calls to any info the user has granted access to the application tied to the access_token. At first I thought that a call into the GRAPH had to have a Callback to the URL established in the App Setup, but I tested it as mentioned below and it will return info back right into the browser. Adding that callback feature would be a good idea I think, tightens things up a bit. The second issue is utilization of some unique private secured data that identifies the user to the third party data base, i.e., like in my case, I would use a single sign on to populate user information into my database using this unique secured data item (i.e., access_token which contains the APP ID, the USER ID, and a hashed with secret sequence). None of this is a problem on the server side. You get a signed_request, you unpack it with secret, make HTTPS calls, get HTTPS responses back. When a user has information entered via the USER AGENT(browser) that must be stored via a POST, this unique secured data element would be sent via HTTPS such that they are validated prior to data base insertion. However, If there is NO secured piece of unique data that is supplied via the single sign on process, then there is no way to guarantee unauthorized access. The access_token is the one piece of data that is utilized by Facebook to make the HTTPS calls into the GRAPH API. it is considered unique in regards to BOTH the USER and the APPLICATION and is initially secure via the signed_request packaging. If however, it is subsequently transmitted in the clear and if I can sniff the wire and obtain the access_token, then I can pretend to be the application and gain the information they have authorized the application to see. I tried the above example from a Safari and IE browser and it returned all of my information to me in the browser. In conclusion, the access_token is part of the signed_request and that is how the application initially obtains it. After OAuth authentication and authorization, i.e., the USER has logged into Facebook and then runs your app, the access_token is stored as mentioned above and I have sniffed it such that I see it stored in a Cookie that is transmitted over the wire, resulting in there being NO UNIQUE SECURED IDENTIFIABLE piece of information that can be used to support interaction with the database, or in other words, unless there were one more piece of secure data sent along with the access_token to my database, i.e., a password, I would not be able to discern if it is a legitimate call. Luckily I utilized secure AJAX via POST and the call has to come from the same domain, but I am sure there is a way to hijack that. I am totally open to any ideas on this topic on how to uniquely identify my USERS other than adding another layer (password) via this single sign on process or if someone would just share with me that I read and analyzed my data incorrectly and that the access_token is always secure over the wire. Mahalo nui loa in advance.

    Read the article

  • Session handling in python / django

    - by Gaurav
    I am creating an application that lets users login using Google, Facebook and the website's native login. The site is being built in Python / Django. What would be the best way to handle login, session management and user authentication? I do not want to use the in-built Django user management. I am using Django very sparingly(URLs, templates)

    Read the article

  • Wrong effective-pom output

    - by Jin Kwon
    When calling help:effective-pom in some child modules position, the output prints wrong path. some url like .../${groupId}/${some_other_sibling's_artifactId}/... This is also make site deploy wrong. Can anybody help?

    Read the article

  • web page zooming

    - by tibin mathew
    Hi friends, I am developing a web site using php. I have placed so many adds in that, i want a code to zoom that web page up to a limit and back to also to normal stage. How can i do this??? does any one have an idea... Thanks

    Read the article

  • Idea needed for creating a subscription based Image gallery

    - by user248674
    My client wants a flickr kind of site, but people have to pay for registering .And they can restrict their gallery view. Since its a low budget and short term project, I would like to customize some readily available scripts rathar than starting from scratch. Please suggest abt technology,methodologies to be used. Thanks in advance :)

    Read the article

  • Confused which joomla module to use

    - by KoolKabin
    hi guys, I am trying to use the ja_nickel template in my site. It can be previewed in: http://www.joomlart.com/demo/#templates.joomlart.com/ja_nickel I am trying to show my latest news in the top information block. It consists of title, thumbnail image and some text. So dun know which one module to use? any idea will be helpful. thank you.

    Read the article

  • Best reporting tool for .NET

    - by Marco Parenzan
    I have convinced a company to change Crystal Reports. But then? What to use? Telerik? I want: designer bind an object model, not a denormalized view execute from batch, generate report in batch export to word or many other formats reporting site Uh, my backend is Progress Software, so ODBC driver. Or NHibernate objects...

    Read the article

  • sharing news via twitter/facebook on ASP.NET

    - by Alexander
    I know this might have been asked a few times.. I have a news section in my site and I want to be able to share that news via facebook/twitter/buzz like the following: How can I do that? Is there a tutorial on how to implement these directly? facebook and twitter is the most important one

    Read the article

  • How to show number of jgrowl notfications?

    - by chobo2
    Hi I am using a pool of 5 with jquery. So only 5 notifications should be shown. I think it would be nice to have maybe under the "close all" button to have a count like shown 5 of 20 notifications. To me it could get confusing if I keep closing notifications and new ones keep poping up. I might think there is some sort of problem with the site. Anyone know how to do this?

    Read the article

  • AJAX ASP.Net Remove URL ID

    - by Ioxp
    The site im working on is an Ajax enabled ASP.net/C# project and i have a URL like this: http://localhost:2531/(S(lfcvqc55wkabpp55o1x4pvq5))/Logon.aspx How do you get rid of the (S(lfcvqc55wkabpp55o1x4pvq5)) portion of the URL? I have a feeling its a web.config parameter however I'm not really sure what you call this part, GUID, Session ID?

    Read the article

  • Client-side Twitter API method using XMLHttpRequest?

    - by user359239
    Does (or did) Twitter ever have a method in their API that allowed client-side HTTP requests without producing any cross-domain issues? I have a site that used the following url: http://search.twitter.com/search.json?q=from%3adaleyjem&rpp=3&page=1&callback=? It once worked, but now it doesn't. Is there something else I should be using, or do I have to make a request to my own server-side code?

    Read the article

  • Facebook "like" button for blogger

    - by Veraa
    Hi, i have been looking for a javascript code which is like the facebook "like" widget to put in my blogger site. The examples of the buttons are like in the following website, http://textsfromlastnight.com/ Where people are able to flag the "Good Nights" or "Bad Nights". I have no experienced in writing scripts neither do i have any script writing programs, so was wondering if any people can help with the scripts, or maybe tutorials would be of great help! Thanks!

    Read the article

  • E-mail verification in wordpress

    - by Sanjai Palliyil
    Hi All....I am using register-plus plugin for registration purpose in my wordpress site. I have enalbled E-mail verifiacation whereby user will be getting an activation link. What i want to do is when the user clicks the link, i want the user to be enabled automatically.......currently admin has to login to the system and verify the users for the new user to login.....how do i achieve my task ...ANy help is appreciated

    Read the article

  • PHP something faster than explode to get filename from URL

    - by FFish
    My URL's can be absolute or relative: $rel = "date/album/001.jpg"; $abs = "http://www.site.com/date/album/image.jpg"; function getFilename($url) { $imgName = explode("/", $url); $imgName = $imgName[count($imgName) - 1]; echo $imgName; } There must be a faster way to do this right? Maybe a reg expression? But that's Chinese to me..

    Read the article

  • php: how do i store an array in a file to access as an array later with php?

    - by Haroldo
    I just want to quickly store an array which i get from a remote API, so that i can mess around with it on a local host. So: i currently have an array i want to people to use the array without having to get it from the API There are no needs for efficiency etc here, this isnt for an actual site just for getting some sanitizing/formatting methods made etc is there a function like store_array() restore_arrray() ?!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 612 613 614 615 616 617 618 619 620 621 622 623  | Next Page >