Search Results

Search found 14784 results on 592 pages for 'spring security'.

Page 67/592 | < Previous Page | 63 64 65 66 67 68 69 70 71 72 73 74 | Next Page >

Code igniter authentication code in controller security question

- by Prime Studios

I have a main controller to handle the very front-end of my authentication system, it handles login, logout, update user info, etc. functions that I anticipate calling by POST'ing from views/forms. What about something like a "delete_user" function though? My thoughts are a button in someones admin panel would say "Delete Account" and it would post to "/auth/delete", and the function would delete the user based on their session username or id. This seems a bit open ended, you could send out a link to someone and when they opened it while in that application it would delete their account.. Whats the best way to handle this?

Read the article
HTML5 Web Database Security

- by Daniel Dimovski

Should the HTML5 database be used to store any form of private information? Say we have the following scenario; You're browsing a web-mail client, that uses the web database to store mail drafts after you've written some information you close the web browser. What's to stop me from getting access to this information? If the webpage tries to clean out old information when opened a user-script could easily prevent the website from fully loading and then search through the database. Furthermore the names of databases and tables are easily available through the web-mail client's source. W3C Draft

Read the article
Lisp data security/validation

- by Wayne Werner

This is really just a conceptual question for me at this point. In Lisp, programs are data and data are programs. The REPL does exactly that - reads and then evaluates. So how does one go about getting input from the user in a secure way? Obviously it's possible - I mean viaweb - now Yahoo!Stores is pretty secure, so how is it done?

Read the article
Does this introduce security vulnerabilities?

- by mcmt

I don't think I'm missing anything. Then again I'm kind of a newbie. def GET(self, filename): name = urllib.unquote(filename) full = path.abspath(path.join(STATIC_PATH, filename)) #Make sure request is not tricksy and tries to get out of #the directory, e.g. filename = "../.ssh/id_rsa". GET OUTTA HERE assert full[:len(STATIC_PATH)] == STATIC_PATH, "bad path" return open(full).read()

Read the article
Custom security permission_types in Jetspeed

- by shikarishambu

Is it possible to create and manage custom permission types in Jetspeed. In addition to the default - folder, page, link, portlet I would like to add document as a type. I want to then use the list of permissions of type "document" that a principal has to manage access to documents. Thanks

Read the article
.NET security: how to check if a method is allowed to execute under current user's perrmissions

- by Gart

Given an ASP.NET MVC Controller class declaration: public class ItemController : Controller { public ActionResult Index() { // ... } public ActionResult Details() { // ... } [Authorize(Roles="Admin, Editor")] public ActionResult Edit() { // ... } [Authorized(Roles="Admin")] public ActionResult Delete() { // .. } } I need to reflect a list of methods in this class which may be invoked with the current user's permissions. The [Authorized] attribute is specific to ASP.NET MVC, and this is only an example. I would prefer a universal solution for this problem which works for any .NET class. Please share some ideas of what could be done in this case.

Read the article
In App Purchase Resources Security.

- by jAmi

Hi I am setting up in app purchase where user can buy different Sounds. Once bought, he can play those sounds in the App. The Sound files are all present in my Resources Folder and I just keep a record(in a plist) of the files that have been purchased. No If I right click on the IAP file and see its content I can see the Resources, hence any one can have those sounds without actually buying them. Is there a protected Bundle or something?

Read the article
Web Form Security

- by brandon14_99

I set a cookie in the headers with an md5 hashed keyword. Then in my code, it checks for the exact matching cookie before displaying a form. Is this pretty much pointless? The form submits to an external site, so I am trying to secure the form without using captcha..

Read the article
Chrome SSL Security Issue under Windows systems?

- by fraido

The Fortify.net website allows you to check what SSL Encryption key is used by your browser. I gave it a try with the browsers I've on my machine and these are the results Fedora 9 Firefox 3.0.8 = AES cipher, 256-bit key Chrome 4.0.249.30 = AES cipher, 256-bit key Windows XP SP3 IE 6.0.2x = RC4 cipher, 128-bit key Firefox = AES cipher, 256-bit key Chrome 4.1.249.1042 (42199) = RC4 cipher, 128-bit key .... WHAT!!?!! Chrome is using RC4 128-bit (as IE6 does) that is well known as been very weak! Chrome under Unix works fine... I'm wondering how is this possible? Do you have this issue or is there a way to change the default key to be AES 256bit? I'm using Chrome as the main browser under Windows and I'm really considering to switch back to Firefox

Read the article
Is SecurityManager a full security solution?

- by Tom Brito

Can I avoid third party code from creating new threads, starting new VMs, or leaking data using a customized SecurityManager?

Read the article
Cookiless Session Is it a security risk?

- by Costa

Hi http://msdn.microsoft.com/en-us/library/aa479314.aspx You have a user who successfully log in from a machine in Cybercafe, Hacker H able to sniff the network and get the sessionID of the user, Can H use the sessionId and act as the user from another machine? Can H enter http://folder/(session id)/CreditCardInformation.aspx to know the credit card number of the user?

Read the article
Client / Server security from mobile to website

- by Amir Latif

Hey. Am new to the world of web programming and learning a bunch of fairly simple new pieces of tech, trying to piece them all together. So, we have a simple client (currently iPhone, to move to J2ME soon) that's pulling down lists of data via PHP, which is talking to a MySQL db. I have a rudimentary user/login system so that data is only served to someone who matches a known user etc, either on the website or on the client. All the php scripts on the website that query the DB check to make sure an active session is in place, otherwise dumping the user back to the login screen. I've read a little about SSL and want to know if that is sufficient to protect the website AND the data passing between the server and the client?

Read the article
Basic security, PHP mySQl

- by yuudachi

So I am making a basic log-in page. I have a good idea of what to do, but I'm still unsure of some things. I have a database full of students and a password column of course. I know I'm going to use md5 encryption in that column. The student enters their e-mail and student ID, and they get e-mailed a password if correct. But, where do I create the password? Do I have to manually add the password (which is just a randomly generated string) in mySQL to all the students? And I am suppose to send the password to the student; how will I know what to send the student if the password is encrypted? I was thinking about generating the password when the student first enters their e-mail and student ID. They get an e-mail of the random string, and at the same time, I add the same random string to the database, encrypted. Is that how it's suppose to work though? And it feels unsafe doing that all on the same page. Sorry for the long-winded, newbish question. I find this all facisnating at the same time as well (AES and RSA encryption :O)

Read the article
PHP File System or XML : Security Issue

- by jasmine

I want to make a news portal(php) site with minimum mysql force. :create a cron, fetch data from mysql and write to a php file . (I dont know is it right way) But Can I use xml instead of php file? Write mysql data to xml. Is this a secure way? What is the best way? XML or php file? Thanks in advance

Read the article
PHP Upload file enhance security

- by mandril

Hey.. my question is how to prevent someone upload a virus or some malicious code with the extension you pretend for example i have a pdf file uploader, anyone can upload a binary with pdf camouflage there are lots of programs to do that.

Read the article
Application runs fine when executed directly, fails as scheduled task (security issues)

- by Carl

I have an application that loads some files from a network share (the input folder), extracts certain data from them and saves new files (zips them with SharpZLib) on a different network share (output folder). This application runs fine when you open it directly, but when it is set to a scheduled task, it fails in numerous places. This application is scheduled on a Win 2003 server. Let me say right off the bat, the scheduled task is set to use the same login account that I am currently logged in with, so it's not because it's using the LocalSystem account. Something else is going on here. Originally, the application was assigning a drive letter to the input folder using WNetGetConnectionA(). I don't remember why this was done, someone else on our team did that and she's gone now. I think there was some issue with using the WinZip command line with a UNC path. I switched from the WinZip command line utility to using SharpZLib because there were other issues with using the WinZip command line. Anyway, the application failed when trying to assign a drive letter with the error "connection already established." That wasn't true and even after trying WNetCancelConnection(), it still didn't work. Then I decided to just map the drive manually on the server. Then when the app calls Directory.Exists(inputFolderPath) it returns false, even though it does exist. So, for whatever reason, I cannot read this directory from within the application. I can manually navigate to this folder in Windows Explorer and open files. The app log file shows that the user executing it on the schedule is the user I expect, not LocalSystem. Any ideas?

Read the article
asp.net forms authentification security issues

- by Andrew Florko

Hi there, I have a kind of asp.net forms authentication with the code like that: FormsAuthentication.SetAuthCookie(account.Id.ToString(), true); HttpContext.Current.User = new GenericPrincipal(new GenericIdentity(account.Id.ToString()), null); What kind of additional efforts shall I take to make authentication cookie (that is user id) more securable? (https, encoding for example) Thank you in advance!

Read the article
Disabling security warning caused by BaseIntermediateOutputPath?

- by Chris R. Donnelly

Hi all, Our team overrides BaseIntermediateOutputPath (and other related properties) in our Visual Studio projects in order to have build artifacts go outside the main tree. However, this causes an annoying warning dialog to appear when you open a project for the first time in a new location (which happens on new machines, when you check out a branch to a new location, have to delete corrupted .suo/.user files, etc.). Is there any way to disable the warning? FYI, we are using Visual Studio 2008, and we have encountered this warning on Windows XP as well as Windows 7, so it is not UAC-related.

Read the article
Authorization security of ASP.NET Forms authentication

- by Tomi

I'm using Forms authentication in ASP.NET MVC website and I store user account login name in AuthCookie like this: FormsAuthentication.SetAuthCookie(account.Login, false); I want to ask if there is a possibility that user on client side will somehow manage to change his login name in AuthCookie and thus he will be for example impersonated as someone with higher privileges and authorized to do more actions than he is normally supposed to have. Also is it better to save in this cookie user account login name or user account ID number?

Read the article
Webservice for uploading data: security considerations

- by Philip Daubmeier

Hi everyone! Im not sure about what authentification method I should use for my webservice. I've searched on SO, and found nothing that helped me. Preliminary Im building an application that uploads data from a local database to a server (running my webservice), where all records are merged and stored in a central database. I am currently binary serializing a DataTable, that holds a small fragment of the local database, where all uninteresting stuff is already filtered out. The byte[] (serialized DataTable), together with the userid and a hash of the users password is then uploaded to the webservice via SOAP. The application together with the webservice already work exactly like intended. The Problem The issue I am thinking about is now: What is if someone just sniffs the network traffic, 'steals' the users id and password hash to send his own SOAP message with modified data that corrupts my database? Options The approaches to solving that problem, I already thought of, are: Using ssl + certificates for establishing the connection: I dont really want to use ssl, I would prefer a simpler solution. After all, every information that is transfered to the webservice can be seen on the website later on. What I want to say is: there is no secret/financial/business-critical information, that has to be hidden. I think ssl would be sort of an overkill for that task. Encrypting the byte[]: I think that would be a performance killer, considering that the goal of the excercise was simply to authenticate the user. Hashing the users password together with the data: I kind of like the idea: Creating a checksum from the data, concatenating that checksum with the password-hash and hashing this whole thing again. That would assure the data was sent from this specific user, and the data wasnt modified. The actual question So, what do you think is the best approach in terms of meeting the following requirements? Rather simple solution (As it doesnt have to be super secure; no secret/business-critical information transfered) Easily implementable retrospectively (Dont want to write it all again :) ) Doesnt impact to much on performance What do you think of my prefered solution, the last one in the list above? Is there any alternative solution I didnt mention, that would fit better? You dont have to answer every question in detail. Just push me in the right direction. I very much appreciate every well-grounded opinion. Thanks in advance!

Read the article
How are clientside security vulnerabilities generally discovered?

- by Jehjoa

I mean in operating systems or their applications. The only way I can think of is examine binaries for the use of dangerous functions like strcpy(), and then try to exploit those. Though with compiler improvements like Visual Studio's /GS switch this possibility should mostly be a thing of the past. Or am I mistaken? What other ways do people use to find vulnerabilities? Just load your target in a debugger, then send unexpected input and see what happens? This seems like a long and tedious process. Could anyone recommend some good books or websites on this subject? Thanks in advance.

Read the article
Autoclick security for a like button

- by Ali Davut

Hi everyone I want to develop a button like 'facebook like button'. I am going to use it on my website and thinking it to share as iframe like facebook but I cannot think its securty because someone can develop a script that can click on it automatically. I thought a solution using sessions but I couldn't make an algorithm completely. How can I disallow autoclicks and which solution is the best? It can be any language I just want algorithm. Thanks, have a nice day.

Read the article
IIS7.5 and MVC 2 : Implementing HTTP(S) security

- by Program.X

This is my first ASP.NET MVC application, and my first on an IIS 7.x installation whereby I have to do anything over and above the standard. I need to enforce Windows authentication on the /Index and /feeds/xxx.svc pages/services. In ASP.NET Web Forms, I would apply the Windows permissions on the files and remove Anonymous authentication in IIS 6. This needs to work over HTTP/S, but don't worry about that, that's in hand. What happens in MVC/IIS 7? I have tried modifying the permissions on the /Index.aspx view, which seems to block access. It asks me for a username/password, but does not grant access when I enter a valid username/password. Pressing Escape gives me an exception "*Access to the path 'E:\dev\xxx\xxx.ConsultantRegistration.Web.Admin\Views\ConsultantRegistration\index.aspx' is denied. *", which does get sent as a 401. So although the username/password does exist on the Index.aspx view, I can't use those credentials to access said view. I have in my web.config: What am I missing?

Read the article
Encrypt the file for security

- by pavun_cool

Actually I have a file . I am working in linux environment. I need to encrypt that file for secure purpose with giving the some password. The operation could be like zip , tar any compression. When I extract the file It should ask me password , only then it should get extracted Thanks in Advance

Read the article
Write Mysql tables to XML : Security Issue

- by jasmine

I want to make a news portal(php) with minimum mysql force. :create a cron, fetch data from mysql and write to a php file . (I dont know is it right way) But Can I use xml instead of php file? Write mysql data to xml. Is this a secure way? What is the best way? XML or php file? Thanks in advance

Read the article

< Previous Page | 63 64 65 66 67 68 69 70 71 72 73 74 | Next Page >