Search Results

Search found 41147 results on 1646 pages for 'database security'.

Page 75/1646 | < Previous Page | 71 72 73 74 75 76 77 78 79 80 81 82 | Next Page >

Spring security - same page to deliver different content based on user role

- by Ramesh

Hello, i tried to search for any previous post related to my issue but couldnt find any. I have a scenario where in page handles 3 different scenarios and one of them not working. This page returns different content depending on if the user is authenticated or anonymous. localhost:8080/myApp/muUrl?test=authenticatedContent - used for Scenario 1 & 2 localhost:8080/myApp/muUrl?test=anonymousContent - used for Scenario 3 Scenario: 1) Authenticated user accesing the page url - the user gets displayed correct information. Works fine 2) Anonymous user accesing page URL with parameters that requires authentication - If anonymous, there is second level of check on the content they are accessing. for example, based on the GET parameters, there is custom logic to determine if the user has to be authenticated. In which case the page gets redirected to login page (WORKS fine). 3) Anonymous user accessing page URL with parameters that doesnt need authentication - in this case i get the SAvedRequest and redirect to the URL which is taking me to an infinite loop. Am i missing something very obvious or is there a way in AuthenticationProcessFilterEntryPoint to say "DON'T redirect to LOGIN page but process it" ? thanks.

Read the article
.NET security: how to check if a method is allowed to execute under current user's perrmissions

- by Gart

Given an ASP.NET MVC Controller class declaration: public class ItemController : Controller { public ActionResult Index() { // ... } public ActionResult Details() { // ... } [Authorize(Roles="Admin, Editor")] public ActionResult Edit() { // ... } [Authorized(Roles="Admin")] public ActionResult Delete() { // .. } } I need to reflect a list of methods in this class which may be invoked with the current user's permissions. The [Authorized] attribute is specific to ASP.NET MVC, and this is only an example. I would prefer a universal solution for this problem which works for any .NET class. Please share some ideas of what could be done in this case.

Read the article
access to request object when using spring security

- by Hussain

When logging in I want to read the URL and base on the combination of subdomain, username and password user should be authorized. like if the url is abc.xyz.com i somehow need request object to get the subdomain and authorize user using the subdomain and username.

Read the article
In App Purchase Resources Security.

- by jAmi

Hi I am setting up in app purchase where user can buy different Sounds. Once bought, he can play those sounds in the App. The Sound files are all present in my Resources Folder and I just keep a record(in a plist) of the files that have been purchased. No If I right click on the IAP file and see its content I can see the Resources, hence any one can have those sounds without actually buying them. Is there a protected Bundle or something?

Read the article
Web Form Security

- by brandon14_99

I set a cookie in the headers with an md5 hashed keyword. Then in my code, it checks for the exact matching cookie before displaying a form. Is this pretty much pointless? The form submits to an external site, so I am trying to secure the form without using captcha..

Read the article
Chrome SSL Security Issue under Windows systems?

- by fraido

The Fortify.net website allows you to check what SSL Encryption key is used by your browser. I gave it a try with the browsers I've on my machine and these are the results Fedora 9 Firefox 3.0.8 = AES cipher, 256-bit key Chrome 4.0.249.30 = AES cipher, 256-bit key Windows XP SP3 IE 6.0.2x = RC4 cipher, 128-bit key Firefox = AES cipher, 256-bit key Chrome 4.1.249.1042 (42199) = RC4 cipher, 128-bit key .... WHAT!!?!! Chrome is using RC4 128-bit (as IE6 does) that is well known as been very weak! Chrome under Unix works fine... I'm wondering how is this possible? Do you have this issue or is there a way to change the default key to be AES 256bit? I'm using Chrome as the main browser under Windows and I'm really considering to switch back to Firefox

Read the article
Is SecurityManager a full security solution?

- by Tom Brito

Can I avoid third party code from creating new threads, starting new VMs, or leaking data using a customized SecurityManager?

Read the article
Cookiless Session Is it a security risk?

- by Costa

Hi http://msdn.microsoft.com/en-us/library/aa479314.aspx You have a user who successfully log in from a machine in Cybercafe, Hacker H able to sniff the network and get the sessionID of the user, Can H use the sessionId and act as the user from another machine? Can H enter http://folder/(session id)/CreditCardInformation.aspx to know the credit card number of the user?

Read the article
Client / Server security from mobile to website

- by Amir Latif

Hey. Am new to the world of web programming and learning a bunch of fairly simple new pieces of tech, trying to piece them all together. So, we have a simple client (currently iPhone, to move to J2ME soon) that's pulling down lists of data via PHP, which is talking to a MySQL db. I have a rudimentary user/login system so that data is only served to someone who matches a known user etc, either on the website or on the client. All the php scripts on the website that query the DB check to make sure an active session is in place, otherwise dumping the user back to the login screen. I've read a little about SSL and want to know if that is sufficient to protect the website AND the data passing between the server and the client?

Read the article
How to manually verify a user against the asp.net memberhip database

- by Ekk

I would like to know how I can verify a user's credential against an existing asp.net membership database. The short story is that we want provide single sign on access. So what I've done is to connect directly to the membership database and tried to run a sql query against the aspnet_Membership table: private bool CanLogin(string userName, string password) { // Check DB to see if the credential is correct try { string passwordHash = FormsAuthentication.HashPasswordForStoringInConfigFile(password, "SHA1"); string sql = string.Format("select 1 from aspnet_Users a inner join aspnet_Membership b on a.UserId = b.UserId and a.applicationid = b.applicationid where a.username = '{0}' and b.password='{1}'", userName.ToLowerInvariant(), passwordHash); using (SqlConnection sqlConn = new SqlConnection(ConfigurationManager.ConnectionStrings["LocalSqlServer"].ConnectionString)) using (SqlCommand sqlCmd = new SqlCommand(sql, sqlConn)) { sqlConn.Open(); int count = sqlCmd.ExecuteNonQuery(); sqlConn.Close(); return count == 1; } } catch (Exception ex) { return false; } } The problem is the password value, does anyone know how the password it is hashed?

Read the article
PHP Upload file enhance security

- by mandril

Hey.. my question is how to prevent someone upload a virus or some malicious code with the extension you pretend for example i have a pdf file uploader, anyone can upload a binary with pdf camouflage there are lots of programs to do that.

Read the article
PHP File System or XML : Security Issue

- by jasmine

I want to make a news portal(php) site with minimum mysql force. :create a cron, fetch data from mysql and write to a php file . (I dont know is it right way) But Can I use xml instead of php file? Write mysql data to xml. Is this a secure way? What is the best way? XML or php file? Thanks in advance

Read the article
Application runs fine when executed directly, fails as scheduled task (security issues)

- by Carl

I have an application that loads some files from a network share (the input folder), extracts certain data from them and saves new files (zips them with SharpZLib) on a different network share (output folder). This application runs fine when you open it directly, but when it is set to a scheduled task, it fails in numerous places. This application is scheduled on a Win 2003 server. Let me say right off the bat, the scheduled task is set to use the same login account that I am currently logged in with, so it's not because it's using the LocalSystem account. Something else is going on here. Originally, the application was assigning a drive letter to the input folder using WNetGetConnectionA(). I don't remember why this was done, someone else on our team did that and she's gone now. I think there was some issue with using the WinZip command line with a UNC path. I switched from the WinZip command line utility to using SharpZLib because there were other issues with using the WinZip command line. Anyway, the application failed when trying to assign a drive letter with the error "connection already established." That wasn't true and even after trying WNetCancelConnection(), it still didn't work. Then I decided to just map the drive manually on the server. Then when the app calls Directory.Exists(inputFolderPath) it returns false, even though it does exist. So, for whatever reason, I cannot read this directory from within the application. I can manually navigate to this folder in Windows Explorer and open files. The app log file shows that the user executing it on the schedule is the user I expect, not LocalSystem. Any ideas?

Read the article
asp.net forms authentification security issues

- by Andrew Florko

Hi there, I have a kind of asp.net forms authentication with the code like that: FormsAuthentication.SetAuthCookie(account.Id.ToString(), true); HttpContext.Current.User = new GenericPrincipal(new GenericIdentity(account.Id.ToString()), null); What kind of additional efforts shall I take to make authentication cookie (that is user id) more securable? (https, encoding for example) Thank you in advance!

Read the article
Disabling security warning caused by BaseIntermediateOutputPath?

- by Chris R. Donnelly

Hi all, Our team overrides BaseIntermediateOutputPath (and other related properties) in our Visual Studio projects in order to have build artifacts go outside the main tree. However, this causes an annoying warning dialog to appear when you open a project for the first time in a new location (which happens on new machines, when you check out a branch to a new location, have to delete corrupted .suo/.user files, etc.). Is there any way to disable the warning? FYI, we are using Visual Studio 2008, and we have encountered this warning on Windows XP as well as Windows 7, so it is not UAC-related.

Read the article
Authorization security of ASP.NET Forms authentication

- by Tomi

I'm using Forms authentication in ASP.NET MVC website and I store user account login name in AuthCookie like this: FormsAuthentication.SetAuthCookie(account.Login, false); I want to ask if there is a possibility that user on client side will somehow manage to change his login name in AuthCookie and thus he will be for example impersonated as someone with higher privileges and authorized to do more actions than he is normally supposed to have. Also is it better to save in this cookie user account login name or user account ID number?

Read the article
How are clientside security vulnerabilities generally discovered?

- by Jehjoa

I mean in operating systems or their applications. The only way I can think of is examine binaries for the use of dangerous functions like strcpy(), and then try to exploit those. Though with compiler improvements like Visual Studio's /GS switch this possibility should mostly be a thing of the past. Or am I mistaken? What other ways do people use to find vulnerabilities? Just load your target in a debugger, then send unexpected input and see what happens? This seems like a long and tedious process. Could anyone recommend some good books or websites on this subject? Thanks in advance.

Read the article
IIS7.5 and MVC 2 : Implementing HTTP(S) security

- by Program.X

This is my first ASP.NET MVC application, and my first on an IIS 7.x installation whereby I have to do anything over and above the standard. I need to enforce Windows authentication on the /Index and /feeds/xxx.svc pages/services. In ASP.NET Web Forms, I would apply the Windows permissions on the files and remove Anonymous authentication in IIS 6. This needs to work over HTTP/S, but don't worry about that, that's in hand. What happens in MVC/IIS 7? I have tried modifying the permissions on the /Index.aspx view, which seems to block access. It asks me for a username/password, but does not grant access when I enter a valid username/password. Pressing Escape gives me an exception "*Access to the path 'E:\dev\xxx\xxx.ConsultantRegistration.Web.Admin\Views\ConsultantRegistration\index.aspx' is denied. *", which does get sent as a 401. So although the username/password does exist on the Index.aspx view, I can't use those credentials to access said view. I have in my web.config: What am I missing?

Read the article
Autoclick security for a like button

- by Ali Davut

Hi everyone I want to develop a button like 'facebook like button'. I am going to use it on my website and thinking it to share as iframe like facebook but I cannot think its securty because someone can develop a script that can click on it automatically. I thought a solution using sessions but I couldn't make an algorithm completely. How can I disallow autoclicks and which solution is the best? It can be any language I just want algorithm. Thanks, have a nice day.

Read the article
Encrypt the file for security

- by pavun_cool

Actually I have a file . I am working in linux environment. I need to encrypt that file for secure purpose with giving the some password. The operation could be like zip , tar any compression. When I extract the file It should ask me password , only then it should get extracted Thanks in Advance

Read the article
Write Mysql tables to XML : Security Issue

- by jasmine

I want to make a news portal(php) with minimum mysql force. :create a cron, fetch data from mysql and write to a php file . (I dont know is it right way) But Can I use xml instead of php file? Write mysql data to xml. Is this a secure way? What is the best way? XML or php file? Thanks in advance

Read the article
Security concerns for a multi-lingual web application.

- by The Rook

I am converting a PHP MySQL web application written for English language into a Multi-Language site. Do you know any vulnerabilities that affect web applications in another language? Or perhaps vulnerabilities that could be introduced in the conversion of code base to support multiple languages. (If you know any vulnerabilities of this type in another programming language I'll give you a +1)

Read the article
Authenticating a SOAP service in Java (password security)

- by user1686448

I am writing an application, in Java, which needs to log in to a remote SOAP service (JIRA) prior to calling methods on that service. I have looked at examples of how to do this, for example http://www.j-tricks.com/1/post/2010/8/jira-soap-client.html, however I am concerned that I need to put the password in memory at some point. I've read that I should store the password as a char[] but still, I'm concerned about storing the password in the clear at all. How should I store the password used by my client to log into the SOAP service? And how should I read it and pass it to JIRA?

Read the article
downloading security related problem in php

- by pareek-rohit

hi i have to upload a video.but i want to gives permission only authenticate user to download .but i have a problem in that.because if any body type the video detail in browser.(ex http://sitename/folder_name/videoname) then browser download that video.but i don't want this .please suggest me how can i resolve this problem.either i should generate the video name randomly or make a temporary folder in which video reside only for specific time,after this video will be delete. Or if any other ideas you have please let me know Thanks in advance

Read the article
Cookiless Session Is it a security

- by Costa

Hi http://msdn.microsoft.com/en-us/library/aa479314.aspx You have a user who successfully log in from a machine in Cybercafe, Hacker H able to sniffer the network and get the sessionID of the user, Can H use the sessionId and act as the user from another machine? Can H enter http://folder/(session id)/CreditCardInformation.aspx to know the credit card number of the user. Thanks

Read the article

< Previous Page | 71 72 73 74 75 76 77 78 79 80 81 82 | Next Page >