Search Results

Search found 13853 results on 555 pages for 'soa security'.

Page 62/555 | < Previous Page | 58 59 60 61 62 63 64 65 66 67 68 69  | Next Page >

  • What are some good, free tools to run automated security audits for PHP code?

    - by James Simpson
    I've been looking for some time now and have come up short. The most promising I found was Spike PHP, which seems to no longer work. I'm looking to scan my code for potential risks of SQL Injection, XSS, etc. I've gone through most of my code manually, but with a few hundred thousand lines of code, I'm sure I missed things. If possible, are there any tools that can be downloaded and analyze code on my local machine rather than installing to the live server (this isn't a requirement if not)?

    Read the article

  • How do IE, FF, and Chrome compare in security? [closed]

    - by cable729
    I'm trying to determine which of the three main browsers (Chrome, Firefox, and Internet Explorer) are the most secure and safe. Right now, in our system, Firefox 10 and IE 8 are cleared as 'good-to-use', but Chrome isn't. Is Chrome really less secure than Firefox and IE, or are the IT folks are slow at updating (Firefox 12 and IE 9 and 10 preview are out right now)? Completely rewrote question. I found the original was not specific enough and the edits started sapping its focus

    Read the article

  • Looking for a SECURE Audio Player for Windows

    - by Avery Payne
    I know there are dozens of audio players for windows, but which one has: the best security record (least reported vulnerabilities) the least number of security exploits the best security implementation, along with the reasoning behind the implementaiton (i.e. how it is handled). As Windows users start to see more and more reports of media-based attacks against Windows Media Player (& co.) it would be useful to have a player that has some proactive security approaches to handling exploits.

    Read the article

  • Small business: what should I know about computer security?

    - by geschema
    I run a small (1 man) consulting company in the field of embedded systems, working from home using a standard DSL internet access. My main development machine is a Windows XP PC, which is connected to the router with an ethernet cable. I also have a MacBook Pro laptop, which is connects to the network via WLAN (WPA-PSK). Besides enabling the Windows firewall, not using IE, having an up-to-date antivirus program and strong passwords, what do I need to know to keep my customers' data safe on these computers?

    Read the article

  • Can I lose files when changing security on an XP drive within Windows 7?

    - by Will
    Hard to come up with a title for this one, sheesh. Have a friend whose computer went down. He asked me to get all his data off his drive. His old computer was running XP. So, I've plugged it into my Windows 7 computer. When I attempt to open up his Documents and Settings folder, I get prompted to elevate in order to "permanently get access to this folder." If I do this, will I be able to access the files in this directory, or will all the current files be lost? I may be overly paranoid about this, but I can't find any information about exactly what will happen when I do this. TIA.

    Read the article

  • Is there a security concern exposing NTLM authentication over http or should it only be https?

    - by Shane
    We are setting up a SharePoint 2010 site. Don't worry, this is not a Sharepoint question, just adding it for context. Most of the site will be anonymous, but some users are able to authenticate in and edit content. They use NTLM (users exist in AD). Is there any concern about exposing NTLM login for users that can modify content over the internet via http or should that only be exposed via https?

    Read the article

  • ASP.NET MVC WebService - Security for Industrial Android Clients

    - by Chris Nevill
    I'm trying to design a system that will allow a bunch of Android devices to securely log into an ASP.NET MVC REST Web service. At present neither side are implemented. However there is an ASP.NET MVC website which the web service will site along side. This is currently using forms authentication. The idea will be that the Android devices will download data from the web service and then be able to work offline storing data in their own local databases, where users will be able to make updates to that data, and then syncing updates back to the main server where possible. The web service will be using HTTPS to prevent calls being intercepted and reduce the risk of calls being intercepted. The system is an industrial system and will not be in used by the general Android population. Instead only authorized Android devices will be authorized by the Web Service to make calls. As such I was thinking of using the Android devices serial number as a username and then a generated long password which the device will be able to pick up - once the device has been authorized server side. The device will also have user logins - but these will not be to log into the web service - just the device itself - since the device and user must be able to work offline. So usernames and passwords will be downloaded and stored on the devices themselves. My question is... what form of security is best setup on the web service? Should it use forms Authentication? Should the username and password just be passed in with each GET/POST call or should it start a session as I have with the website? The Android side causes more confusion. There seems to be a number of options here Spring-Android, Volley, Retrofit, LoopJ, Robo Spice which seems to use the aforementioned Spring, Retrofit or Google HttpClient. I'm struggling to find a simple example which authenticates with a forms based authentication system. Is this because I'm going about this wrong? Is there another option that would better suite this?

    Read the article

  • Oracle Magazine Sept/Oct 2012 - Security on the Move

    - by Darin Pendergraft
    This month's Oracle Magazine cover story is Security on the Move.  In it, two Oracle IDM customers discuss their impressions of the latest IDM release.  Kurt Lieber from Kaiser Permanente and Peter Boyle from BT discuss how they are using Oracle IDM to enable their business. Click this link to see the latest issue: http://www.oracle.com/technetwork/issue-archive/2012/12-sep/index.html Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} In addition to the cover article, the Analyst’s Corner features an interview with Sally Hudson from IDC focusing on IDM issues : http://www.oracle.com/technetwork/issue-archive/2012/12-sep/o52analyst-1735921.html And the Partner Perspectives contains information from our IDM partners Hub City Media, aurionPro SENA, and ICSynergy

    Read the article

  • Webcast: DB Enterprise User Security Integration with Oracle Directory Services

    - by B Shashikumar
    The typical enterprise has a large number of DBA (Database administrator) accounts that are locally managed, which is often very costly, problematic and error-prone. Databases are a crucial component of your enterprise IT infrastructure, housing sensitive corporate data and database user accounts and privileges. To ensure the integrity of your enterprise's data, it's imperative to have a well-managed identity management system. This begins with centralized management of user accounts and access rights. Enterprise User Security (EUS), an Oracle Database Enterprise Edition feature, combined with Oracle Identity Management, gives you the ability to centrally manage database users and their authorizations in one central place. The cost of user provisioning and password resets is dramatically reduced. This technology is a must for new application development and should be considered for existing applications as well. Join Oracle Advisors for a live webcast on Jul 11 at 8am Pacific Time where Oracle experts will briefly introduce EUS, followed by a detailed discussion about the various directory options that are supported, including integration with Microsoft Active Directory. We'll conclude how to avoid common pitfalls deploying EUS with directory services. To register for this event, click here  

    Read the article

  • Spring Security DB Authentication w/Hibernate and hashed passwords?

    - by Seth
    I'm trying to set up spring security 3 to authenticate users against my hibernate 3 database. I'm storing only sha1 hashes of the passwords in the database (not plaintext). I've looked at this and this, which tell me to implement my own UserDetailsService. Unfortunately, the UserDetails that loadUserByUsername spits out seem to need the plaintext password, which I don't have. How is this usually handled? Can Spring Security actually do what I need here? Am I missing something?

    Read the article

  • How to implement login page using Spring Security so that it works with Spring web flow?

    - by simon
    I have a web application using Spring 2.5.6 and Spring Security 2.0.4. I have implemented a working login page, which authenticates the user against a web service. The authentication is done by defining a custom authentincation manager, like this: <beans:bean id="customizedFormLoginFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter"> <custom-filter position="AUTHENTICATION_PROCESSING_FILTER" /> <beans:property name="defaultTargetUrl" value="/index.do" /> <beans:property name="authenticationFailureUrl" value="/login.do?error=true" /> <beans:property name="authenticationManager" ref="customAuthenticationManager" /> <beans:property name="allowSessionCreation" value="true" /> </beans:bean> <beans:bean id="customAuthenticationManager" class="com.sevenp.mobile.samplemgmt.web.security.CustomAuthenticationManager"> <beans:property name="authenticateUrlWs" value="${WS_ENDPOINT_ADDRESS}" /> </beans:bean> The authentication manager class: public class CustomAuthenticationManager implements AuthenticationManager, ApplicationContextAware { @Transactional @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { //authentication logic return new UsernamePasswordAuthenticationToken(principal, authentication.getCredentials(), grantedAuthorityArray); } The essential part of the login jsp looks like this: <c:url value="/j_spring_security_check" var="formUrlSecurityCheck"/> <form method="post" action="${formUrlSecurityCheck}"> <div id="errorArea" class="errorBox"> <c:if test="${not empty param.error}"> ${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message} </c:if> </div> <label for="loginName"> Username: <input style="width:125px;" tabindex="1" id="login" name="j_username" /> </label> <label for="password"> Password: <input style="width:125px;" tabindex="2" id="password" name="j_password" type="password" /> </label> <input type="submit" tabindex="3" name="login" class="formButton" value="Login" /> </form> Now the problem is that the application should use Spring Web Flow. After the application was configured to use Spring Web Flow, the login does not work anymore - the form action to "/j_spring_security_check" results in a blank page without error message. What is the best way to adapt the existing login process so that it works with Spring Web Flow?

    Read the article

  • Is there a way to load a different cacerts than the one specified in the java_home/jre/lib/security

    - by feniix
    I have a single installation of java in a system that runs 2 or 3 applications. All the applications use the same runtime. Is there a way to specify a different keystores for the ca certs than the one in java_home/jre/lib/security. That is, is there an option to specify an "extra" keystore that is loaded and added to the certs loaded from java_home/jre/lib/security/cacerts? What I want to avoid is having to re-import our local ca every time I upgrade the jdk in the box.

    Read the article

  • CakePHP: Why does adding 'Security' component break my app?

    - by Steve
    I have a strange problem -- of my own making -- that's cropped up, and is driving me crazy. At some point, I inadvertently destroyed a file in the app/tmp directory...I'm not sure which file. But now my app breaks when I include the "Security" component, and works just fine when it's not included. I'm thinking it might be related to the Security.salt value somehow, or possibly to the saved session info, but I don't really have a deep enough knowledge of CakePHP to figure it out. Can anyone offer any insight here?

    Read the article

  • Important Security Issue: Is it possible to put binary image data into html markup code and then get

    - by Joern Akkermann
    Hi, it's an important security issue and I'm sure this should be possible. A simple example: You run a community portal. Users are registered and upload their pictures. Your application gives security rules wenever a picture is allowed to be displayed. For example users must be friends on each sides by the system, in order that you can view someone elses uploaded pictures. Here comes the problem: it is possible that someone crawls the image directories of your server. But you want to protect your users from such attacks. If it's possible to put the binary data of an image directly into the html markup, you can restrict the user access of your image dirs the user and group your web application runs of and pass the image data to your apache user and group directly in the html. The only possible weakness then is the password of the user that your web app runs as. Is there already a possibility? Yours, Joern.

    Read the article

  • Is man-in-the-middle attack a security threat during SSH authentication using keys?

    - by JP19
    Hi, I am no expert in network security, so pardon if this question is not very smart :). I am automating logins to some machines using ssh. I am currently avoiding host-key warnings using StrictHostKeyChecking no. I naively understand that someone can impersonate as the server and I risk losing my password to him if that were the case. However, if I am using only public/private Key based authentication ( using PasswordAuthentication no ), can the intruder still cause harm? So basically, with ssh -o "StrictHostKeyChecking no" -o "PasswordAuthentication no" : 1) Can the intruder decipher my private key? 2) Are there any other security threats? regards, JP

    Read the article

  • In search of a packaged .Net security solution for web-forms.

    - by Chuck Conway
    We are looking for a security solution for asp.net that has security down to the control level. This is not a necessity but, it would be nice. At the very least it needs to extend-able to allow for control level permissions. The solution should have an administration panel of some sort. It also needs to support roles, groups, and individual permissions. We haven't seen anything like this in the marketplace -- we are in the process of rolling our own solution. We'd rather use an off the shelf solution.

    Read the article

  • Make a connection to a HTTPS server from Java and ignore the validity of the security certificate

    - by justinhj
    I've been testing some that works with a bunch of https servers with different keys, some of which are invalid and all of them are not in the local key store for my JVM. I am really only testing things out, so I don't care about the security at this stage. Is there a good way to make POST calls to the server and tell Java not to worry about the security certificates? My google searches for this have brought up some code examples that make a class to do the validation, that always works, but I cannot get it to connect to any of the servers.

    Read the article

  • How to handle security constraints using GWT 2.1's RequestFactory?

    - by Marc
    I am currently developing a GWT 2.1 application that is to be deployed on Google App Engine. I would like to realise the server communication using the new RequestFactory. Now my question is how to handle fine-grained security issues in this context? Some server actions (of those declared in the RequestContext stubs) shall be restricted to certain users (possibly depending on the parameters of the remote call). If a call is unauthorised, I would like the client to show a login page (so that one may log in as a different user, for example). From the Expenses example, I know how to implement an automatic redirection to a login page, but in this example, the security model is quite simple: A client is allowed to access the servlet if and only if a user is logged in. Shall I raise a custom UnAuthorizedException in my server-side service? Where should I intercept this exception? (Can I do this in a servlet filter like the GaeAuthFilter of the Expenses example?)

    Read the article

< Previous Page | 58 59 60 61 62 63 64 65 66 67 68 69  | Next Page >