Search Results

Search found 52277 results on 2092 pages for 'web security'.

Page 64/2092 | < Previous Page | 60 61 62 63 64 65 66 67 68 69 70 71  | Next Page >

  • What techniques would you use for a next generation java web application?

    - by jakob
    I'm working at a site similar to Foursquare and Yelp, with approximately 100000 unique requests each week that generates content, growing steadily. We are currently using: Seam as Java web framework. MySQL as DB Hibernate as ORM Hibernate Search as Index EhCache for Caching. Since our site is slowly growing out of the current setup and has a lot of legacy code, it is time for us to start thinking about a major refactoring/changing setup. Web framework We are not ready to change the language but we are leaning towards Spring Web Framework, since: Seam is no more. Almost all of us have worked with Spring and liked it. DB and ORM We have done a little research and we are thinking about MongoDB. Index Do we need to have a separate Index if we use MongoDB? Cache ? So my question is basically: If you take Spring Web Framework and MongoDB into consideration, how would a good setup be for a web application that is growing and handles a lot of logged in users generating input and performing searches?

    Read the article

  • Data Security Through Structure, Procedures, Policies, and Governance

    Security Structure and Procedures One of the easiest ways to implement security is through the use of structure, in particular the structure in which data is stored. The preferred method for this through the use of User Roles, these Roles allow for specific access to be granted based on what role a user plays in relation to the data that they are manipulating. Typical data access actions are defined by the CRUD Principle. CRUD Principle: Create New Data Read Existing Data Update Existing Data Delete Existing Data Based on the actions assigned to a role assigned, User can manipulate data as they need to preform daily business operations.  An example of this can be seen in a hospital where doctors have been assigned Create, Read, Update, and Delete access to their patient’s prescriptions so that a doctor can prescribe and adjust any existing prescriptions as necessary. However, a nurse will only have Read access on the patient’s prescriptions so that they will know what medicines to give to the patients. If you notice, they do not have access to prescribe new prescriptions, update or delete existing prescriptions because only the patient’s doctor has access to preform those actions. With User Roles comes responsibility, companies need to constantly monitor data access to ensure that the proper roles have the most appropriate access levels to ensure users are not exposed to inappropriate data.  In addition this also protects rouge employees from gaining access to critical business information that could be destroyed, altered or stolen. It is important that all data access is monitored because of this threat. Security Governance Current Data Governance laws regarding security Health Insurance Portability and Accountability Act (HIPAA) Sarbanes-Oxley Act Database Breach Notification Act The US Department of Health and Human Services defines HIIPAA as a Privacy Rule. This legislation protects the privacy of individually identifiable health information. Currently, HIPAA   sets the national standards for securing electronically protected health records. Additionally, its confidentiality provisions protect identifiable information being used to analyze patient safety events and improve patient safety. In 2002 after the wake of the Enron and World Com Financial scandals Senator Paul Sarbanes and Representative Michael Oxley lead the creation of the Sarbanes-Oxley Act. This act administered by the Securities and Exchange Commission (SEC) dramatically altered corporate financial practices and data governance. In addition, it also set specific deadlines for compliance. The Sarbanes-Oxley is not a set of standard business rules and does not specify how a company should retain its records; In fact, this act outlines which pieces of data are to be stored as well as the storage duration. The Database Breach Notification Act requires companies, in the event of a data breach containing personally identifiable information, to notify all California residents whose information was stored on the compromised system at the time of the event, according to Gregory Manter. He further explains that this act is only California legislation. However, it does affect “any person or business that conducts business in California, and that owns or licenses computerized data that includes personal information,” regardless of where the compromised data is located.  This will force any business that maintains at least limited interactions with California residents will find themselves subject to the Act’s provisions. Security Policies All companies must work in accordance with the appropriate city, county, state, and federal laws. One way to ensure that a company is legally compliant is to enforce security policies that adhere to the appropriate legislation in their area or areas that they service. These types of polices need to be mandated by a company’s Security Officer. For smaller companies, these policies need to come from executives, Directors, and Owners.

    Read the article

  • Teaching "web design/development" to high-school home-school group. Good sources?

    - by anonymous coward
    I may soon begin teaching a "web design and development" class for a home-school co-op group. Any suggestions for "course" material? My first thought was to work through the Opera Web Standards Curriculum, but am interested in hearing about possible alternatives or suggestions that better cover the "very basics" of getting started with designing and developing web pages. Not necessarily looking for topics, so much as existing resources. Thanks so much for your input!

    Read the article

  • Secure data hosting...

    - by kylex
    I've looked online and can't seem to find a proper answer. We have a client that requires very sensitive data be stored in a database. Is there a hosting company that provides high-level database security (this is for a bank).

    Read the article

  • What Can We Learn About Software Security by Going to the Gym

    - by Nick Harrison
    There was a recent rash of car break-ins at the gym. Not an epidemic by any stretch, probably 4 or 5, but still... My gym used to allow you to hang your keys from a peg board at the front desk. This way you could come to the gym dressed to work out, lock your valuables in your car, and not have anything to worry about. Ignorance is bliss. The problem was that anyone who wanted to could go pick up your car keys, click the unlock button and find your car. Once there, they could rummage through your stuff and then walk back in and finish their workout as if nothing had happened. The people doing this were a little smatter then the average thief and would swipe some but not all of your cash leaving everything else in place. Most thieves would steal the whole car and be busted more quickly. The victims were unaware that anything had happened for several days. Fortunately, once the victims realized what had happened, the gym was still able to pull security tapes and find out who was misbehaving. All of the bad guys were busted, and everyone can now breathe a sigh of relieve. It is once again safe to go to the gym. Except there was still a fundamental problem. Putting your keys on a peg board by the front door is just asking for bad things to happen. One person got busted exploiting this security flaw. Others can still be exploiting it. In fact, others may well have been exploiting it and simply never got caught. How long would it take you to realize that $10 was missing from your wallet, if everything else was there? How would you even know when it went missing? Would you go to the front desk and even bother to ask them to review security tapes if you were only missing a small amount. Once highlighted, it is easy to see how commonly such vulnerability may have been exploited. So the gym did the very reasonable precaution of removing the peg board. To me the most shocking part of this story is the resulting uproar from gym members losing the convenient key peg. How dare they remove the trusted peg board? How can I work out now, I have to carry my keys from machine to machine? How can I enjoy my workout with this added inconvenience? This all happened a couple of weeks ago, and some people are still complaining. In light of the recent high profile hacking, there are a couple of parallels that can be drawn. Many web sites are riddled with vulnerabilities are crazy and easily exploitable as leaving your car keys by the front door while you work out. No one ever considered thanking the people who were swiping these keys for pointing out the vulnerability. Without a hesitation, they had their gym memberships revoked and are awaiting prosecution. The gym did recognize the vulnerability for what it is, and closed up that attack vector. What can we learn from this? Monitoring and logging will not prevent a crime but they will allow us to identify that a crime took place and may help track down who did it. Once we find a security weakness, we need to eliminate it. We may never identify and eliminate all security weaknesses, but we cannot allow well known vulnerabilities to persist in our system. In our case, we are not likely to meet resistance from end users. We are more likely to meet resistance from stake holders, product owners, keeper of schedules and budgets. We may meet resistance from integration partners, co workers, and third party vendors. Regardless of the source, we will see resistance, but the weakness needs to be dealt with. There is no need to glorify a cracker for bringing to light a security weakness. Regardless of their claimed motives, they are not heroes. There is also no point in wasting time defending weaknesses once they are identified. Deal with the weakness and move on. In may be embarrassing to find security weaknesses in our systems, but it is even more embarrassing to continue ignoring them. Even if it is unpopular, we need to seek out security weaknesses and eliminate them when we find them. http://www.sans.org has put together the Common Weakness Enumeration http://cwe.mitre.org/ which lists out common weaknesses. The site navigation takes a little getting used to, but there is a treasure trove here. Here is the detail page for SQL Injection. It clearly states how this can be exploited, in case anyone doubts that the weakness should be taken seriously, and more importantly how to mitigate the risk.

    Read the article

  • Is there a point to using theft tracking software like Prey on my laptop, if you have login security?

    - by Reckage
    Hey, so I have a Thinkpad that I use in a variety of places (coffee shops, work, etc.). I don't generally abandon it, but I figure there's a chance I might get careless and it gets stolen at some point. I was thinking of installing something like Prey (http://preyproject.com/), but my OS installs are password secured, and on top of that, I have a fingerprint reader that you need just to get through the BIOS. So: is there actually any benefit to setting up software that tracks the laptop's whereabouts? I imagine that either: The laptop won't boot or login, if the thief doesn't get past the security. If the thief goes around said security somehow, presumably they've split the laptop for parts or bypassed BIOS security, gotten stuck on Windows security and formatted it. Given that it's highly unlikely that the thief would go to the trouble, what's the utility in installing laptop tracking software like Prey?

    Read the article

  • Form Validation, Dependant Drop Downs, Data Level Security in OWS for DotNetNuke - 5 Videos

    In this tutorial we demonstrate some very advanced techniques for building a car parts application in Open Web Studio. Throughout the tutorial we cover form input, validation, how to use dependant drop down lists, populating checkbox lists and introduce a new concept of data level security. Data level security allows you to control which data a user can access within a module. The videos contain: Video 1 - How to Setup Form Validation Video 2 - Car Parts Application, Assigning Security Roles into a Global Session Variable Video 3 - How to Build the Categories Module with Data Level Security Video 4 - How to Build the SubCategories Module and Use SubQuery Video 5 - How to Build the Car Parts List Module Total Time Length: 44min 19secsDid you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Need advice for approach for a web-based app that loads excel worksheet but exposes only the charts

    - by John
    I'm looking for suggestions on the Visual Studio approach to take for a web application that is in the conceptual stage. My environment has a lot of tools: Windows Server 2008 R2 Standard 64bit Visual Studio 2010 Professional Edition Sharepoint 2010 Server Enterprise Edition SQL Server 2008 R2 Office 2010 Professional I know I will need this app to retrieve data from a database (or a web service - not sure exactly at this point). The data needs to be placed in an Excel workbook dynamically. The app will need to have a nice user interface (standard web controls - perhaps with some Javascript effects). The Excel ribbon and worksheet grid will need to be hidden. Some web control(s) will cause the Excel chart(s) to be rendered. I am thinking this sounds like Visual Studio Tools for Office (VSTO) so as to leverage .Net and hide Excel. Can you offer suggestions regarding: One ASP.Net Web App Project One Class Library Project for Excel or perhaps which one of the several different Excel 2010 project types (addin, template, document) Would Excel Services for Sharepoint be useful (or required) ? I am feeling a little overwhelmed with so many choices at this early stage of conceptualizing the app. Can you suggest some ideas for this sort of thing? Also, I am a bit more experienced with C# but I've read VB.Net is better for work with the Excel object model. What are general advises with regard to tool choice and overall approach tradeoffs?

    Read the article

  • is GTK Installation (PHP for desktop) affect the web application?

    - by Harshal Mahajan
    I just going to install the GTK for creating a desktop application. But I want to know if we install the GTK then is it affect our web application server or php.ini or other features of web based application? I know there is no requirement of server for desktop but the GTK create the other php.ini . so is it affect my other applications? I downloaded the GTK Tool kit from here. So I am just little bit confusing that it should not affect my all running web applications. I think the php for desktop is a very interesting issue for all of us, so I just want to know the affection of desktop on web?

    Read the article

  • Vermont IT Jobs: Sr. Security Analyst in Montpelier

    Senior Security Analyst Summary This position is responsible for advancing the Information Systems program within the company by assisting the Chief Information Security Officer (CISO) to plan, develop, and monitor administrative, physical, and technical safeguards for the companys Information Assets. Key Responsibilities Under Direction of CISO, establish  and maintain company-wide information security policies, standards and procedures Manage the Information Security Program Office...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • What advantages does developing applications for smartphones have over developing the same application as a web application?

    - by Alfredo O
    Let's take the Facebook application as an example. Why did they develop an application when the users could just access to their page and do the same? For me that represents more maintenance and more cost because for each feature added to the web application that feature will have to be added to the smartphone application as well. So why would I want to develop more than once (for each patform iOS, Android, etc) when I could just have one web application? What benefits do I get? The only one that comes to my mind is GPS feature. EDIT: My question is more oriented towards business applications that are going to be used only by some members of the company, it's not about selling the application (private use). So contrary to what some answers say about that by developing as a smartphone application it will benefit from more sells because of the "smartphone stores" for me this point is not important because the application is for private use. By developing the application as a web application it means that it can be accessed through smartphone browser and also in a PC (any capable browser), but developing as a native application would limit this to only some kind of smartphone so we would be limiting the use. On the other hand developing it as a web application means that in order to access the application an Internet connection must be available. So keeping this in mind how would you convince your boss to write the application for a given smartphone platform (iOS/Android) vs developing it as a web application?

    Read the article

  • How do I apply a computer science degree to web development?

    - by T. Webster
    I'm a web programmer, but I haven't found many opportunities to take advantage of a formal education in computer science. Maybe I'm not looking in the right places, but it seems to me like most of the web jobs I come across are CRUD, web forms, and data grids. For these jobs a formal CS background doesn't seem necessary, and you could do fine with O'Reilly cookbooks in jQuery, CSS 3, PHP, SQL, or ASP.NET MVC. What kinds of web developer jobs exist that really let you apply your computer science background? Do I need to branch out into other areas of programming to take full advantage of my degree?

    Read the article

  • Ubuntu 13.10 Security Key

    - by Toby J
    I was attempting to install Ubuntu 13.10 today and it came up with a screen asking for me to setup a security key. In the first place, I'm not sure what a security key is, but It said I would have to enter it everytime I booted Ubuntu so I assume it's the same thing as a logon password in Windows 8. Is there anyway I can bypass this step without setting up a security key or logon password? I hate these things and have always avoided them in Windows. I don't need them as there is never anyone but myself and my wife on our computers. We are retired, no children or nieces, nephews, friends, etc. who ever use our computer and we don't have any security information such as SS #, etc. on it. Also, I quit the installation at this point but I was not seeing any of the screen prompts as listed in the setup instructions on the Ubuntu website. Has the setup for Ubuntu 13.10 changed since these instructions were written? Thanks

    Read the article

  • How to set up offline manifest for a web app to run in Safari in iOS?

    - by ahmd1
    I'm currently trying to set up an offline.manifest file for my web app to be used offline on an iOS device. For testing purposes I have a very simple HTML page that I'm trying to add to a home screen. I'm testing it on a live iPhone 4, but after the page is added to the home screen and I put the iPhone in the airplane mode and try to start my web app I get this error: "Turn Off Airplane Mode or Use Wi-Fi to Access Data" and then if I click OK I get: "Cannot Open Web App Name" "Web App Name could not be opened because it is not connected to the Internet" The following is added to the HTML file: <!DOCTYPE html> <html lang="en" manifest="scrts/offline.manifest"> and the offline.manifest is composed as such: CACHE MANIFEST ../pics/bkgnd_iphn_settings.png ../pics/mbl_btn_fb.png ../pics/mbl_btn_twt.png ../pics/icon_57_57_bg.png ../pics/icon_72_72_bg.png ../pics/icon_114_114_bg.png ../pics/icon_144_144_bg.png ../pics/splash_320_460_bg.png ../pics/splash_768_1004_bg.png ../pics/splash_1004_768_bg.png I got all instructions on composing it from here I also adjusted the .htaccess file to add this line: AddType text/cache-manifest .manifest Any idea what am I not doing right?

    Read the article

  • Security Access Control With Solaris Virtualization

    - by Thierry Manfe-Oracle
    Numerous Solaris customers consolidate multiple applications or servers on a single platform. The resulting configuration consists of many environments hosted on a single infrastructure and security constraints sometimes exist between these environments. Recently, a customer consolidated many virtual machines belonging to both their Intranet and Extranet on a pair of SPARC Solaris servers interconnected through Infiniband. Virtual Machines were mapped to Solaris Zones and one security constraint was to prevent SSH connections between the Intranet and the Extranet. This case study gives us the opportunity to understand how the Oracle Solaris Network Virtualization Technology —a.k.a. Project Crossbow— can be used to control outbound traffic from Solaris Zones. Solaris Zones from both the Intranet and Extranet use an Infiniband network to access a ZFS Storage Appliance that exports NFS shares. Solaris global zones on both SPARC servers mount iSCSI LU exported by the Storage Appliance.  Non-global zones are installed on these iSCSI LU. With no security hardening, if an Extranet zone gets compromised, the attacker could try to use the Storage Appliance as a gateway to the Intranet zones, or even worse, to the global zones as all the zones are reachable from this node. One solution consists in using Solaris Network Virtualization Technology to stop outbound SSH traffic from the Solaris Zones. The virtualized network stack provides per-network link flows. A flow classifies network traffic on a specific link. As an example, on the network link used by a Solaris Zone to connect to the Infiniband, a flow can be created for TCP traffic on port 22, thereby a flow for the ssh traffic. A bandwidth can be specified for that flow and, if set to zero, the traffic is blocked. Last but not least, flows are created from the global zone, which means that even with root privileges in a Solaris zone an attacker cannot disable or delete a flow. With the flow approach, the outbound traffic of a Solaris zone is controlled from outside the zone. Schema 1 describes the new network setting once the security has been put in place. Here are the instructions to create a Crossbow flow as used in Schema 1 : (GZ)# zoneadm -z zonename halt ...halts the Solaris Zone. (GZ)# flowadm add-flow -l iblink -a transport=TCP,remote_port=22 -p maxbw=0 sshFilter  ...creates a flow on the IB partition "iblink" used by the zone to connect to the Infiniband.  This IB partition can be identified by intersecting the output of the commands 'zonecfg -z zonename info net' and 'dladm show-part'.  The flow is created on port 22, for the TCP traffic with a zero maximum bandwidth.  The name given to the flow is "sshFilter". (GZ)# zoneadm -z zonename boot  ...restarts the Solaris zone now that the flow is in place.Solaris Zones and Solaris Network Virtualization enable SSH access control on Infiniband (and on Ethernet) without the extra cost of a firewall. With this approach, no change is required on the Infiniband switch. All the security enforcements are put in place at the Solaris level, minimizing the impact on the overall infrastructure. The Crossbow flows come in addition to many other security controls available with Oracle Solaris such as IPFilter and Role Based Access Control, and that can be used to tackle security challenges.

    Read the article

  • Web Server Users - Best Practice

    - by Toby
    I was wondering what is considered best practice when several developers/administrators require access to the same web server. Should there be one non-root user with a secure username and password unqiue to the web server which everyone logs in as or should there be a username for each person. I am leaning towards a username for each person to aid in logging etc however then does the same user keep the same credentials over several servers, or should at least their password change depending on the server they are on? Should any non-root user of the system be added to the sudoers file or is it best practice to leave everyone off it and only let root perform certain tasks? Any help would be greatly appreciated.

    Read the article

  • Web Server Users - Best Practice

    - by Toby
    I was wondering what is considered best practice when several developers/administrators require access to the same web server. Should there be one non-root user with a secure username and password unqiue to the web server which everyone logs in as or should there be a username for each person. I am leaning towards a username for each person to aid in logging etc however then does the same user keep the same credentials over several servers, or should at least their password change depending on the server they are on? Should any non-root user of the system be added to the sudoers file or is it best practice to leave everyone off it and only let root perform certain tasks? Any help would be greatly appreciated.

    Read the article

< Previous Page | 60 61 62 63 64 65 66 67 68 69 70 71  | Next Page >