Search Results

Search found 19074 results on 763 pages for 'secure government government cloud security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 651/763 | < Previous Page | 647 648 649 650 651 652 653 654 655 656 657 658  | Next Page >

  • Session hijacking prevention...how far will my script get me? additional prevention procedures?

    - by Yusaf Khaliq
    When the user logs in the current session vairables are set $_SESSION['user']['timeout'] = time(); $_SESSION['user']['ip'] = $_SERVER['REMOTE_ADDR']; $_SESSION['user']['agent'] = $_SERVER['HTTP_USER_AGENT']; In my common.php page (required on ALL php pages) i have used the below script, which resets a 15 minute timer each time the user is active furhtermore checks the IP address and checks the user_agent, if they do not match that as of when they first logged in/when the session was first set, the session is unset furthermore with inactivity of up to 15 minutes the session is also unset. ... is what i have done a good method for preventing session hijacking furthermore is it secure and or is it enough? If not what more can be done? if(!empty($_SESSION['user'])){ if ($_SESSION['user']['timeout'] + 15 * 60 < time()) { unset($_SESSION['user']); } else { $_SESSION['user']['timeout'] = time(); if($_SESSION['user']['ip'] != $_SERVER['REMOTE_ADDR']){ unset($_SESSION['user']); } if($_SESSION['user']['agent'] != $_SERVER['HTTP_USER_AGENT']){ unset($_SESSION['user']); } } }

    Read the article

  • Thoughts on GoGrid vs EC2

    - by Jason
    I am currently hosting my SaaS application at GoGrid (Microsoft stack). Here's what I have: Database Server - physical box, 12 GB RAM, 2 X Quad Core CPU (2.13 GHz Xeon E5506) 2 Web / App servers - cloud servers, 2 GB RAM, 2 VCPUs 300 GB monthly bandwidth I am paying around $900 / month for this. My web / app servers are busting at the seams and need to be upgraded to 4 GB of RAM. I also need a firewall, and GoGrid just added this service for an additional $200. After the upgrade, I will be paying around $1,400. I started looking at Amazon EC2, specifically this config: Database server - "High Memory Double Extra Large Instance" - 34 GB RAM, 13 EC2 compute units 2 Web / App servers - "Large Instance" - 7.5 GB RAM, 4 EC2 compute units If I go with 1 year reserved instances, my upfront cost would be $4,500 and my monthly would be $700. This comes to $1,075 / month when amortized. Amazon also includes a firewall for free. Here are my questions: Do any of you have experience running a database (especially SQL Server) on an EC2 instance? How did it perform compared to a dedicated machine? One of my major concerns is with disk I/O. Amazon's description of a compute unit is fairly vague. Any ideas on how the CPU performance on the database servers would compare? I am hoping that the Amazon solution will provide significantly better performance than my current or even improved GoGrid setup. Having a virtual database server would also be nice in terms of availability. Right now I would be in serious trouble if I had any hardware issues. Thanks for any insight...

    Read the article

  • Payment gateways and XSS

    - by Rowan Parker
    Hi all, I'm working on a website which takes payment from a customer. I'm using Kohana 2.3.4 and have created a library to handle the payment gateway I use (www.eway.com.au). Basically I'm just using their sample code, copied into it's own class. Anyway, the code works fine and I can make payments, etc. The issue I have is when the payment gateway is returning the user to my site. The payment gateway uses HTTPS so that is secure, and it is sending the user back to a HTTPS page on my site. However I have the NoScript plugin installed in Firefox, and when I get sent back to the page on my website (which also handles storing the transaction data) I get an error message saying that NoScript has blocked a potential XSS attack. Now I understand why it's unsecure (POST data being sent across two different domains) but what should I be doing instead? Obviously during my testing here I temporarily disable NoScript and it all works fine, but I can't rely on that for the end users. What's the best practice here?

    Read the article

  • insert Query is not executing, help me in tracking the problem

    - by Parth
    I tried the below query but it didnt executed giving error as : 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1 INSERT INTO `jos_menu` SET params = 'orderby= show_noauth= show_title= link_titles= show_intro= show_section= link_section= show_category= link_category= show_author= show_create_date= show_modify_date= show_item_navigation= show_readmore= show_vote= show_icons= show_pdf_icon= show_print_icon= show_email_icon= show_hits= feed_summary= page_title= show_page_title=1 pageclass_sfx= menu_image=-1 secure=0 ', checked_out_time = '0000-00-00 00:00:00', ordering = '13', componentid = '20', published = '1', id = '152', menutype = 'accmenu', name = 'IPL', alias = 'ipl', link = 'index.php?option=com_content&view=archive', type = 'component') then i used mysql_real_escape_string() on the query containing variable which gives me the query as : INSERT INTO `jos_menu` SET params = \'orderby=\nshow_noauth=\nshow_title=\nlink_titles=\nshow_intro=\nshow_section=\nlink_section=\nshow_category=\nlink_category=\nshow_author=\nshow_create_date=\nshow_modify_date=\nshow_item_navigation=\nshow_readmore=\nshow_vote=\nshow_icons=\nshow_pdf_icon=\nshow_print_icon=\nshow_email_icon=\nshow_hits=\nfeed_summary=\npage_title=\nshow_page_title=1\npageclass_sfx=\nmenu_image=-1\nsecure=0\n\n\', checked_out_time = \'0000-00-00 00:00:00\', ordering = \'13\', componentid = \'20\', published = \'1\', id = \'152\', menutype = \'accmenu\', name = \'IPL\', alias = \'ipl\', link = \'index.php?option=com_content&view=archive\', type = \'component\') And on executing the above query I get an error as : 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'orderby=\nshow_noauth=\nshow_title=\nlink_titles=\nshow_intro=\nshow_section=\' at line 1 Can Someone guide me to track the problem in it? Thanks In Advance....

    Read the article

  • Password hashing, salt and storage of hashed values

    - by Jonathan Leffler
    Suppose you were at liberty to decide how hashed passwords were to be stored in a DBMS. Are there obvious weaknesses in a scheme like this one? To create the hash value stored in the DBMS, take: A value that is unique to the DBMS server instance as part of the salt, And the username as a second part of the salt, And create the concatenation of the salt with the actual password, And hash the whole string using the SHA-256 algorithm, And store the result in the DBMS. This would mean that anyone wanting to come up with a collision should have to do the work separately for each user name and each DBMS server instance separately. I'd plan to keep the actual hash mechanism somewhat flexible to allow for the use of the new NIST standard hash algorithm (SHA-3) that is still being worked on. The 'value that is unique to the DBMS server instance' need not be secret - though it wouldn't be divulged casually. The intention is to ensure that if someone uses the same password in different DBMS server instances, the recorded hashes would be different. Likewise, the user name would not be secret - just the password proper. Would there be any advantage to having the password first and the user name and 'unique value' second, or any other permutation of the three sources of data? Or what about interleaving the strings? Do I need to add (and record) a random salt value (per password) as well as the information above? (Advantage: the user can re-use a password and still, probably, get a different hash recorded in the database. Disadvantage: the salt has to be recorded. I suspect the advantage considerably outweighs the disadvantage.) There are quite a lot of related SO questions - this list is unlikely to be comprehensive: Encrypting/Hashing plain text passwords in database Secure hash and salt for PHP passwords The necessity of hiding the salt for a hash Clients-side MD5 hash with time salt Simple password encryption Salt generation and Open Source software I think that the answers to these questions support my algorithm (though if you simply use a random salt, then the 'unique value per server' and username components are less important).

    Read the article

  • Please recommend a CMS framework in Java good for making a monitoring system

    - by TiansHUo
    I already have Java code to display and process data from a database. I would now like to implement the code as modules, and incorporate as a whole into a CMS system. The CMS MUST support Spring, Hibernate, etc. The CMS MUST not be GPL, and preferably open source (lGPL, BSD,etc). The CMS MUST have good documentation and support The CMS MUST be secure (safe from XSS and injection) and support different levels of authorizations, (built-in or module) The CMS MUST have good navigation and tab, (built-in or module) +1, for having a good ajax paginated table module to display data +1, for using ajax to change pages with support for bookmarks and history.back() +1, for using jquery or prototype +1, for being easy to deploy, and easy to add modules +1, for supporting dynamically add/remove and drag-dropping of modules Please recommend a CMS best for the job. Thank you! EDIT: I don't need blogs or wikis or etc. I just want a framework where I can display paginated lists and time series graphs and log files. I will also host some pages for configuration. All of these code are already implemented.

    Read the article

  • Implement user authentication against remote DB with a Web Service

    - by Juan González
    I'm just starting reasearch about the best way to implement user authentication within my soon-to-be app. This is what I have so far: A desktop (Windows) application on a remote server. That application is accessed locally with a browser (it has a web console and MS SQL Server to store everything). The application is used with local credendials stored in the DB. This is what I'd like to accompllish: Provide access to some information on that SQL Server DB from my app. That access of course must be granted once a user has id himself with valid credentials. This is what I know so far: How to create my PHP web service and query info from a DB using JSON. How to work with AFNetworking libraries to retrieve information. How to display that info on the app. What I don't know is which could be the best method to implement user authentication from iOS. Should I send username and password? Should I send some hash? Is there a way to secure the handshake? I'd for sure appreciate any advise, tip, or recommendation you have from previous experience. I don't want to just implement it but instead I want to do it as good as possible.

    Read the article

  • Display pdf file inline in Rails app

    - by Martas
    Hi, I have a pdf file attachment saved in the cloud. The file is attached using attachment_fu. All I do to display it in the view is: <%= image_tag @model.pdf_attachment.public_filename %> When I load the page with this code in the browser, it does what I want: it displays the attached pdf file. But only on Mac. On Windows, browsers will display a broken image placeholder. Chrome's Developer Tools report: "Resource interpreted as image but transferred with MIME type application/pdf." I also tried sending the file from controller: in PdfAttachmentController: def send_pdf_attachment pdf_attachment = PdfAttachment.find params[:id] send_file pdf_attachment.public_filename, :type => pdf_attachment.content_type, :file_name => pdf_attachment.filename, :disposition => 'inline' end in routes.rb: map.send_pdf_attachment '/pdf_attachments/send_pdf_attachment/:id', :controller => 'pdf_attachments', :action => 'send_pdf_attachment' and in the view: <%= send_pdf_attachment_path @model.pdf_attachment %> or <%= image_tag( send_pdf_attachment_path @model.pdf_attachment ) %> And that doesn't display the file on Mac (I didn't try on Windows), it displays the path: pdf_attachments/send_pdf_attachment/35 So, my question is: what do I do to properly display a pdf file inline? Thanks martin

    Read the article

  • The rules to connect a web service trough the SSL and Certificates

    - by blgnklc
    There is a web service running on tomcat on a server. It is built on Java Servlet. It is listening others to call itself on a SSL enabled http port. so its web service adreess looks like: https://172.29.12.12/axis/services/XYZClient?wsdl On the other hand I want to connect the web service above from a windows application which is built on .NET frame work. Finally, when I want to connect the web service from my computer; I get some specific erros; Firstly I get; Proxy authentication error; then I added some new line to my code; Dim cr As System.Net.NetworkCredential = New System.Net.NetworkCredential("xname", "xsurname", "xdomainname") Dim myProxy As New WebProxy("http://mar.xxxyyy.com", True) myProxy.Credentials = cr Secondly, after this modifications It says that bad request. I did not get over this error. Moreover I did try to connect the web server on the same computer. I copied my executable program to the computer where the web service runs. The error was like; The underlying connection was closed: Could not establish trust relationship for SSL/TLS secure channel PS: When I try to connect to web service by using Internet Explorer; I see firstly some warnings about accepting an unknown certificate and I click take me to web service an I get there clearly. I want to know what are the basic elements to connect a web service, could you please tell me the requirements that I have to use on my windows project. regards bk

    Read the article

  • How to achieve high availability?

    - by tanyehzheng
    My boss wants to have a system that takes into concern of continent wide catastrophic event. He wants to have two servers in US and two servers in Asia (1 login server and 1 worker server in each continent). In the event that earthquake breaks the connection between the two continents, both should work alone. When the connection is revived, they should sync each other back to normal. External cloud system not allowed as he has no confidence. The system should take into account of scalability which means addition of new servers should be easy to configure. The servers should be load balanced. The connection between the servers should be very secure(encrypted and send through SSL although SSL takes care of encryption). The system should let one and only one user log in with one account. (beware of latency between continent and two users sharing account may reach both login server at the same time) Please help. I'm already at the end of my wit. Thank you in advance.

    Read the article

  • How can I tackle 'profoundly found elsewhere' syndrome (inverse of NIH)?

    - by Alistair Knock
    How can I encourage colleagues to embrace small-scale innovation within our team(s), in order to get things done quicker and to encourage skills development? (the term 'profoundly found elsewhere' comes from Wikipedia, although it is scarcely used anywhere else apart from a reference to Proctor & Gamble) I've worked in both environments where there is a strong opposition to software which hasn't been developed in-house (usually because there's a large community of developers), and more recently (with far fewer central developers) where off-the-shelf products are far more favoured for the usual reasons: maintenance, total cost over product lifecycle, risk management and so on. I think the off the shelf argument works in the majority of cases for the majority of users, even though as a developer the product never quite does what I'd like it to do. However, in some cases there are clear gaps where the market isn't able to provide specifically what we would need, or at least it isn't able to without charging astronomical consultancy rates for a bespoke solution. These can be small web applications which provide a short-term solution to a particular need in one specific department, or could be larger developments that have the potential to serve a wider audience, both across the organisation and into external markets. The problem is that while development of these applications would be incredibly cheap in terms of developer hours, and delivered very quickly without the need for glacial consultation, the proposal usually falls flat because of risk: 'Who'll maintain the project tracker that hasn't had any maintenance for the past 7 years while you're on holiday for 2 weeks?' 'What if one of our systems changes and the connector breaks?' 'How can you guarantee it's secure/better/faster/cheaper/holier than Company X's?' With one developer behind these little projects, the answers are invariably: 'Nobody, but...' 'It will break, just like any other application would...' 'I, uh...' How can I better answer these questions and encourage people to take a little risk in order to stimulate creativity and fast-paced, short-lifecycle development instead of using that 6 months to consult about what tender process we might use?

    Read the article

  • substitution cypher with different alphabet length

    - by seanizer
    I would like to implement a simple substitution cypher to mask private ids in URLs I know how my IDs will look like (combination of upperchase ascii, digits and underscore), and they will be rather long, as they are composed keys. I would like to use a longer alphabet to shorten the resulting codes (I'd like to use upper and lower case ascii letters, digits and nothing else). So my incoming alphabet would be [A-Z0-9_] (37 chars) and my outgoing alphabet would be [A-Za-z0-9] (62 chars) so a compression of almost 50% would be available. let's say my URLs look like this: /my/page/GFZHFFFZFZTFZTF_24_F34 and I want them to look like this instead: /my/page/Ft32zfegZFV5 Obviously both arrays would be shuffled to bring some random order in. This does not have to be secure. if someone figures it out: fine, but I don't want the scheme to be obvious. My desired solution would be to convert the string to an integer representation of radix 37, convert the radix to 62 and use the second alphabet to write out that number. is there any sample code available that does something similar? Integer.parseInt ( http://java.sun.com/javase/6/docs/api/java/lang/Integer.html#parseInt%28java.lang.String,%20int%29 ) has some similar logic, but it is hard-coded to use standard digit behavior Any hints? I am using java to implement this but code or pseudo-code in any other language is of course also helpful

    Read the article

  • Getting 404 page not found connecting to webDAV

    - by Cragly
    I am trying to connect to a secure webDAV folder and download a file. I am having problems just trying to get a response from the server and as it keeps giving me a 404 page not found error as soon as I call Request.GetResponse(). I can connect to the webDAV folder using Windows Explorer by mapping a drive but cannot seem to do this in code. I have looked at other post on this site and others online but most seem to concentrate on connecting to Outlook. Has anybody else had this issue? The code I am using is as follows: string URI = "https://transfer.mycompany.com/myDirectory/myFile.csv"; string username = "username"; string password = "password"; Request = (HttpWebRequest) WebRequest.Create(URI); Request.Credentials = new NetworkCredential(username, password); Request.Method = WebRequestMethods.Http.Get; Request.Headers.Add("Translate", "f"); Response = (HttpWebResponse) Request.GetResponse(); contentLength = Convert.ToInt64(Response.GetResponseHeader("Content-Length"));

    Read the article

  • Strategy for WCF server with .Net clients and Android clients?

    - by D.H.
    I am using WCF to write a server that should be able to communicate with .Net clients, Android clients and possibly other types of clients. The main type of client is a desktop application that will be written in .Net. This client will usually be on the same intranet as the server. It will make an initial call to the server to get the current state of the system and will then receive updates from the server whenever a value changes. These updates are frequent, perhaps once a second. The Android clients will connect over the Internet. This client is also interested in updates, but it is not as critical as for the desktop client so a (less frequent) polling scenario might be acceptable. All clients will have to login to use the services, and when connecting over the Internet the connection should be secure. I am familiar with WCF but I am not sure what bindings are most appropriate for the scenario and what security solution to use. Also, I have not used Android, but I would like to make it as simple as possible for the person implementing the Android client to consume my services. So, what is my strategy?

    Read the article

  • Code in FOR loop not executed

    - by androniennn
    I have a ProgressDialog that retrieves in background data from database by executing php script. I'm using gson Google library. php script is working well when executed from browser: {"surveys":[{"id_survey":"1","question_survey":"Are you happy with the actual government?","answer_yes":"50","answer_no":"20"}],"success":1} However, ProgressDialog background treatment is not working well: @Override protected Void doInBackground(Void... params) { String url = "http://192.168.1.4/tn_surveys/get_all_surveys.php"; HttpGet getRequest = new HttpGet(url); Log.d("GETREQUEST",getRequest.toString()); try { DefaultHttpClient httpClient = new DefaultHttpClient(); Log.d("URL1",url); HttpResponse getResponse = httpClient.execute(getRequest); Log.d("GETRESPONSE",getResponse.toString()); final int statusCode = getResponse.getStatusLine().getStatusCode(); Log.d("STATUSCODE",Integer.toString(statusCode)); Log.d("HTTPSTATUSOK",Integer.toString(HttpStatus.SC_OK)); if (statusCode != HttpStatus.SC_OK) { Log.w(getClass().getSimpleName(), "Error " + statusCode + " for URL " + url); return null; } HttpEntity getResponseEntity = getResponse.getEntity(); Log.d("RESPONSEENTITY",getResponseEntity.toString()); InputStream httpResponseStream = getResponseEntity.getContent(); Log.d("HTTPRESPONSESTREAM",httpResponseStream.toString()); Reader inputStreamReader = new InputStreamReader(httpResponseStream); Gson gson = new Gson(); this.response = gson.fromJson(inputStreamReader, Response.class); } catch (IOException e) { getRequest.abort(); Log.w(getClass().getSimpleName(), "Error for URL " + url, e); } return null; } @Override protected void onPostExecute(Void result) { super.onPostExecute(result); Log.d("HELLO","HELLO"); StringBuilder builder = new StringBuilder(); Log.d("STRINGBUILDER","STRINGBUILDER"); for (Survey survey : this.response.data) { String x= survey.getQuestion_survey(); Log.d("QUESTION",x); builder.append(String.format("<br>ID Survey: <b>%s</b><br> <br>Question: <b>%s</b><br> <br>Answer YES: <b>%s</b><br> <br>Answer NO: <b>%s</b><br><br><br>", survey.getId_survey(), survey.getQuestion_survey(),survey.getAnswer_yes(),survey.getAnswer_no())); } Log.d("OUT FOR","OUT"); capitalTextView.setText(Html.fromHtml(builder.toString())); progressDialog.cancel(); } HELLO Log is displayed. STRINGBUILDER Log is displayed. QUESTION Log is NOT displayed. OUT FOR Log is displayed. Survey Class: public class Survey { int id_survey; String question_survey; int answer_yes; int answer_no; public Survey() { this.id_survey = 0; this.question_survey = ""; this.answer_yes=0; this.answer_no=0; } public int getId_survey() { return id_survey; } public String getQuestion_survey() { return question_survey; } public int getAnswer_yes() { return answer_yes; } public int getAnswer_no() { return answer_no; } } Response Class: public class Response { ArrayList<Survey> data; public Response() { data = new ArrayList<Survey>(); } } Any help please concerning WHY the FOR loop is not executed. Thank you for helping.

    Read the article

  • Excessive httpd processes to stack up on my Rails + Apache2 + Passenger production setup?

    - by LeoAlmighty
    I have a Rails + Apache2 + Postgres + Passenger application running in production mode in OSX Snow Leopard. The application serves as a data warehouse for another application in the cloud so I'm constantly getting API calls to my OSX production build. After a recent reboot, I'm finding a ton of httpd processes stacking up and eventually requiring an apache reboot. I haven't changed any settings, everything was running fine before. Any ideas on the best way to troubleshoot this? $ ps -ef|grep httpd 0 6203 1 0 0:00.20 ?? 0:00.47 /usr/sbin/httpd -D FOREGROUND 70 6222 6203 0 0:00.05 ?? 0:00.11 /usr/sbin/httpd -D FOREGROUND 70 6224 6203 0 0:00.31 ?? 0:00.50 /usr/sbin/httpd -D FOREGROUND 70 6233 6203 0 0:00.05 ?? 0:00.10 /usr/sbin/httpd -D FOREGROUND 70 6234 6203 0 0:00.43 ?? 0:00.64 /usr/sbin/httpd -D FOREGROUND 70 6243 6203 0 0:00.02 ?? 0:00.03 /usr/sbin/httpd -D FOREGROUND 70 6319 6203 0 0:00.08 ?? 0:00.16 /usr/sbin/httpd -D FOREGROUND 70 6334 6203 0 0:00.02 ?? 0:00.05 /usr/sbin/httpd -D FOREGROUND 70 6469 6203 0 0:00.04 ?? 0:00.08 /usr/sbin/httpd -D FOREGROUND 70 6487 6203 0 0:00.36 ?? 0:00.48 /usr/sbin/httpd -D FOREGROUND 70 6593 6203 0 0:00.36 ?? 0:00.48 /usr/sbin/httpd -D FOREGROUND 70 6709 6203 0 0:00.04 ?? 0:00.08 /usr/sbin/httpd -D FOREGROUND 70 6718 6203 0 0:00.04 ?? 0:00.10 /usr/sbin/httpd -D FOREGROUND 70 6834 6203 0 0:00.01 ?? 0:00.03 /usr/sbin/httpd -D FOREGROUND 70 6852 6203 0 0:00.00 ?? 0:00.00 /usr/sbin/httpd -D FOREGROUND 70 6853 6203 0 0:00.01 ?? 0:00.02 /usr/sbin/httpd -D FOREGROUND

    Read the article

  • How can I change Rails view code for site visitors using SSL?

    - by pjmorse
    My Rails app has some pages which are SSL-required and others which are SSL-optional. The optional pages use some assets which are served off-site (images from a vendor) which have both http and https URLs. I need to use https when the page is accessed via SSL to avoid the dreaded "this page contains both secure and insecure elements" warning. I've written code to return the image URLs as http by default and https if requested. My problem now is determining in the view how the request came in. request.ssl? doesn't work in views. I've tried using a before_filter which sets something like @ssl_request using request.ssl?, but that also always returns false. Is there a more elegant way to do this? The server stack is Nginx and Passenger. Other apps with Apache = Mongrel stacks pass an X_FORWARDED_PROTO header to tell Rails that SSL is or isn't being used; is it possible that Nginx/Passenger doesn't do this?

    Read the article

  • Game engine deployment strategy for the Android?

    - by Jeremy Bell
    In college, my senior project was to create a simple 2D game engine complete with a scripting language which compiled to bytecode, which was interpreted. For fun, I'd like to port the engine to android. I'm new to android development, so I'm not sure which way to go as far as deploying the engine on the phone. The easiest way I suppose would be to require the engine/interpreter to be bundled with every game that uses it. This solves any versioning issues. There are two problems with this. One: this makes each game app larger and two: I originally released the engine under the LGPL license (unfortunately), but this deployment strategy makes it difficult to conform to the rules of that license, particularly with respect to allowing users to replace the lib easily with another version. So, my other option is to somehow have the engine stand alone as an Activity or service that somehow responds to intents raised by game apps, and somehow give the engine app permissions to read the scripts and other assets to "run" the game. The user could then be able to replace the engine app with a different version (possibly one they made themselves). Is this even possible? What would you recommend? How could I handle it in a secure way?

    Read the article

  • Best practices, PHP, tracking millions of impressions per day.

    - by John
    What do I have to do to make 20k mysql inserts per second possible (during peak hours around 1k/sec during slower times)? I've been doing some research and I've seen the "INSERT DELAYED" suggestion, writing to a flat file, "fopen(file,'a')", and then running a chron job to dump the "needed" data into mysql, etc. I've also heard you need multiple servers and "load balancers" which I've never heard of, to make something like this work. I've also been looking at these "cloud server" thing-a-ma-jigs, and their automatic scalability, but not sure about what's actually scalable. The application is just a tracker script, so if I have 100 websites that get 3 million page loads a day, there will be around 300 million inserts a day. The data will be ran through a script that will run every 15-30 minutes which will normalize the data and insert it into another mysql table. How do the big dogs do it? How do the little dogs do it? I can't afford a huge server anymore so any intuitive ways, if there are multiple ways of going at it, you smart people can think of.. please let me know :)

    Read the article

  • Getting 404 Not Found connecting to webDAV

    - by Cragly
    I am trying to connect to a secure webDAV folder and download a file. I am having problems just trying to get a response from the server and as it keeps giving me a 404 Not Found error as soon as I call Request.GetResponse(). I can connect to the webDAV folder using Windows Explorer by mapping a drive but cannot seem to do this in code. I have looked at other post on this site and others online but most seem to concentrate on connecting to Outlook. Has anybody else had this issue? The code I am using is as follows: string URI = "https://transfer.mycompany.com/myDirectory/myFile.csv"; string username = "username"; string password = "password"; Request = (HttpWebRequest) WebRequest.Create(URI); Request.Credentials = new NetworkCredential(username, password); Request.Method = WebRequestMethods.Http.Get; Request.Headers.Add("Translate", "f"); Response = (HttpWebResponse) Request.GetResponse(); contentLength = Convert.ToInt64(Response.GetResponseHeader("Content-Length"));

    Read the article

  • Archiver Securing SQLite Data without using Encryption on iPhone

    - by Redrocks
    I'm developing an iphone app that uses Core Data with a SQLite data store and lots of images in the resource bundle. I want a "simple" way to obfuscate the file structure of the SQLite database and the image files to prevent the casual hacker/unscrupulous developer from gaining access to them. When the app is deployed, the database file and image files would be obfuscated. Upon launching the app it would read in and un-obfuscate the database file, write the un-obfuscated version to the users "tmp" directory for use by core data, and read/un-obfuscate image files as needed. I'd like to apply a simple algorithm to the files that would somehow scramble/manipulate the file data so that the sqlite database data isn't discernible when the db is opened in a text editor and so that neither is recognized by other applications (SQLite Manager, Photoshop, etc.) It seems, from the information I've read, that I could use NSFileManager, NSKeyedArchiver, and NSData to accomplish this but I'm not sure how to proceed. Been developing software for many years but I'm new to everything CocoaTouch, Mac and iPhone. Also never had to secure/encrypt my data so this is new. Any thoughts, suggestions, or links to solutions are appreciated.

    Read the article

  • Exposed onsite vs IFD deployments for MS Dynamics CRM

    - by Greg McGuffey
    I'm working for the first time on a MS Dyanmics CRM 4.0 project. Our company has a high number of remote employees and even more remote consultants. As such it will be necessary to make the CRM solution available over the internet. As near as I can tell, I have three options: Have everyone use a VPN to access an intranet site (typical onsite deployment). However, we have found that VPNs are far from trouble free and cause many support issues. We avoid them like the plague. Use IFD to expose the CRM on the internet. I don't know much about this except that the URL will be different than the onsite URL, which could cause some headaches (see below). Expose the CRM site by opening the site to the internet, using SSL to encrypt traffic. We currently do this with our MS sharepoint sites. I'm not sure how secure this would be (one of the reasons for this question). I'd like to avoid using both the onsite intranet deployment and the IFD together for a couple of reasons. One of the requests for the solution is use email to notify users that they've been assigned a task, and include the URL to the task within the email. For this reason. If both deployments are used, then I'll need to include two URLs and the user would need to know which to use. Which leads to the second reason, the main users of the solution split time between being in the office and being remote. Thus they would need to access the solution two different ways, and know when to use which. Bad. So, what are the advantages/disadvantages of any of these methods? Any other options? Is there any issue using IFD from within the intranet? Security issues? Thanks!

    Read the article

  • SSL signed certificates for internal use

    - by rogueprocess
    I have a distributed application consisting of many components that communicate over TCP (for examle JMS) and HTTP. All components run on internal hardware, with internal IP addresses, and are not accessible to the public. I want to make the communication secure using SSL. Does it make sense to purchase signed certificates from a well-known certificate authority? Or should I just use self-signed certs? My understanding of the advantage of trusted certs is that the authority is an entity that can be trusted by the general public - but that is only an issue when the general public needs to be sure that the entity at a particular domain is who they say they are. Therefore, in my case, where the same organization is responsible for the components at both ends of the communication, and everything in between, a publicly trusted authority would be pointless. In other words, if I generate and sign a certificate for my own server, I know that it's trustworthy. And no one from outside the organization will ever be asked to trust this certificate. That is my reasoning - am I correct, or is there some potential advantage to using certs from a known authority?

    Read the article

  • C/C++: feedback in analyzing a code example

    - by KaiserJohaan
    Hello, I have a piece of code from an assignment I am uncertain about. I feel confident that I know the answer, but I just want to double-check with the community incase there's something I forgot. The title is basically secure coding and the question is just to explain the results. int main() { unsigned int i = 1; unsigned int c = 1; while (i > 0) { i = i*2; c++; } printf("%d\n", c); return 0; } My reasoning is this: At first glance you could imagine the code would run forever, considering it's initialized to a positive value and ever increasing. This of course is wrong because eventually the value will grow so large it will cause an integer overflow. This in turn is not entirely true either, because eventally it will force the variable 'i' to be signed by making the last bit to 1 and therefore regarded as a negative number, therefore terminating the loop. So it is not writing to unallocated memory and therefore cause integer overflow, but rather violating the data type and therefore causing the loop to terminate. I am quite sure this is the reason, but I just want to double check. Any opinions?

    Read the article

  • Multiple websites, Single sign-on design

    - by Yannis
    Hi all, I have a question. A client I have been doing some work recently has a range of websites with different login mechanisms. He is looking to slowly migrate to a single sign-on mechanism for his websites (all written in asp.net mvc). I am looking at my options here, so here is a list of requirements: 1) It has to be secure (duh) 2) It needs to support extra user properties over and above the usual name, address stuff (such as money or credits for a user) 3) It has to provide a centralized user management web console for his convenience (I understand that this will be a small project on top of whatever design solution I choose to go for) 4) It has to integrate with the existing websites without re-engineering the whole product (I understand that this depends on the current product implementation). 5) It has to deal with emailing the user when he registers (in order for him to activate his account) 6) It has to deal with activating the user when he clicks the activate me link in the email (I understand that 5 and 6 require some form of email templating system to support different emails per application) I was thinking of creating a library working together with forms authentication that exposes whatever methods are required (e.g. login, logout, activate, etc. and a small restful service to implement activation from email, registration processing etc. Taking into account that loads of things have been left out to make this question brief and to the point, does this sound like a good design? But this looks like a very common problem so arent there any existing projects that I could use? Thanks for reading.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 647 648 649 650 651 652 653 654 655 656 657 658  | Next Page >