Search Results

Search found 52277 results on 2092 pages for 'web security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 77/2092 | < Previous Page | 73 74 75 76 77 78 79 80 81 82 83 84  | Next Page >

  • ColdFusion Security

    - by Andrew
    What are the best practices for securing a coldfusion webpage from malicious users? (including, but not limited to, sql injection attacks) Is cfqueryparam enough?

    Read the article

  • Code igniter authentication code in controller security question

    - by Prime Studios
    I have a main controller to handle the very front-end of my authentication system, it handles login, logout, update user info, etc. functions that I anticipate calling by POST'ing from views/forms. What about something like a "delete_user" function though? My thoughts are a button in someones admin panel would say "Delete Account" and it would post to "/auth/delete", and the function would delete the user based on their session username or id. This seems a bit open ended, you could send out a link to someone and when they opened it while in that application it would delete their account.. Whats the best way to handle this?

    Read the article

  • Ajax security problem

    - by coolboycsaba
    I want to create a browser based game and I have a huge problem, the game can be easily hacked. The problem is at a page where you can go to "work", I store in a file the work ending date and the amount of money what you will receive after finishing the work. There are 4 type of works. The problem is that I use ajax to send to a php file the necessary information. The URL looks like this x.php?date=....&pay=.... The javascript part of the page calculates the date and the pay but if you simply enter in your URL bar x.php?date=anynumber&pay=99999 you will receive that 99999 dollars. What should I do ? And sorry for my bad english :)

    Read the article

  • Solr security question

    - by Camran
    I have a linux server, and I am about to upload a classifieds website to it. The website is php based. That means php code adds/removes classifieds, with the help of the users offcourse. The php-code then adds/removes a classified to a database index called Solr (like MySql). Problem is that anybody can currently access the database, but I only want the website to access the database (solr). Solr is on port 8983 as standard btw. My Q is, if I add a rule in my firewall (iptables), to only allow connections coming from the servers IP to the Solr port nr, would this solve my issue? Thanks

    Read the article

  • Spring security - same page to deliver different content based on user role

    - by Ramesh
    Hello, i tried to search for any previous post related to my issue but couldnt find any. I have a scenario where in page handles 3 different scenarios and one of them not working. This page returns different content depending on if the user is authenticated or anonymous. localhost:8080/myApp/muUrl?test=authenticatedContent - used for Scenario 1 & 2 localhost:8080/myApp/muUrl?test=anonymousContent - used for Scenario 3 Scenario: 1) Authenticated user accesing the page url - the user gets displayed correct information. Works fine 2) Anonymous user accesing page URL with parameters that requires authentication - If anonymous, there is second level of check on the content they are accessing. for example, based on the GET parameters, there is custom logic to determine if the user has to be authenticated. In which case the page gets redirected to login page (WORKS fine). 3) Anonymous user accessing page URL with parameters that doesnt need authentication - in this case i get the SAvedRequest and redirect to the URL which is taking me to an infinite loop. Am i missing something very obvious or is there a way in AuthenticationProcessFilterEntryPoint to say "DON'T redirect to LOGIN page but process it" ? thanks.

    Read the article

  • Lisp data security/validation

    - by Wayne Werner
    This is really just a conceptual question for me at this point. In Lisp, programs are data and data are programs. The REPL does exactly that - reads and then evaluates. So how does one go about getting input from the user in a secure way? Obviously it's possible - I mean viaweb - now Yahoo!Stores is pretty secure, so how is it done?

    Read the article

  • Custom security permission_types in Jetspeed

    - by shikarishambu
    Is it possible to create and manage custom permission types in Jetspeed. In addition to the default - folder, page, link, portlet I would like to add document as a type. I want to then use the list of permissions of type "document" that a principal has to manage access to documents. Thanks

    Read the article

  • Spring security @notation for IS_AUTHENTICATED_FULLY?

    - by wuntee
    I am simply trying to allow a user access to a method if they are authenticated, but nothing I am doing seems to work. Is there a way to just check if the user has been authenticated? The following still denies the user even when authenticated... Is there a built in role for an authenticated user? @RequestMapping("/secure") @PreAuthorize("hasRole('IS_AUTHENTICATED_FULLY')") public String secure(ModelMap map){ return("secure"); }

    Read the article

  • .NET security: how to check if a method is allowed to execute under current user's perrmissions

    - by Gart
    Given an ASP.NET MVC Controller class declaration: public class ItemController : Controller { public ActionResult Index() { // ... } public ActionResult Details() { // ... } [Authorize(Roles="Admin, Editor")] public ActionResult Edit() { // ... } [Authorized(Roles="Admin")] public ActionResult Delete() { // .. } } I need to reflect a list of methods in this class which may be invoked with the current user's permissions. The [Authorized] attribute is specific to ASP.NET MVC, and this is only an example. I would prefer a universal solution for this problem which works for any .NET class. Please share some ideas of what could be done in this case.

    Read the article

  • Chrome SSL Security Issue under Windows systems?

    - by fraido
    The Fortify.net website allows you to check what SSL Encryption key is used by your browser. I gave it a try with the browsers I've on my machine and these are the results Fedora 9 Firefox 3.0.8 = AES cipher, 256-bit key Chrome 4.0.249.30 = AES cipher, 256-bit key Windows XP SP3 IE 6.0.2x = RC4 cipher, 128-bit key Firefox = AES cipher, 256-bit key Chrome 4.1.249.1042 (42199) = RC4 cipher, 128-bit key .... WHAT!!?!! Chrome is using RC4 128-bit (as IE6 does) that is well known as been very weak! Chrome under Unix works fine... I'm wondering how is this possible? Do you have this issue or is there a way to change the default key to be AES 256bit? I'm using Chrome as the main browser under Windows and I'm really considering to switch back to Firefox

    Read the article

  • Web Form Security

    - by brandon14_99
    I set a cookie in the headers with an md5 hashed keyword. Then in my code, it checks for the exact matching cookie before displaying a form. Is this pretty much pointless? The form submits to an external site, so I am trying to secure the form without using captcha..

    Read the article

  • Basic security, PHP mySQl

    - by yuudachi
    So I am making a basic log-in page. I have a good idea of what to do, but I'm still unsure of some things. I have a database full of students and a password column of course. I know I'm going to use md5 encryption in that column. The student enters their e-mail and student ID, and they get e-mailed a password if correct. But, where do I create the password? Do I have to manually add the password (which is just a randomly generated string) in mySQL to all the students? And I am suppose to send the password to the student; how will I know what to send the student if the password is encrypted? I was thinking about generating the password when the student first enters their e-mail and student ID. They get an e-mail of the random string, and at the same time, I add the same random string to the database, encrypted. Is that how it's suppose to work though? And it feels unsafe doing that all on the same page. Sorry for the long-winded, newbish question. I find this all facisnating at the same time as well (AES and RSA encryption :O)

    Read the article

  • In App Purchase Resources Security.

    - by jAmi
    Hi I am setting up in app purchase where user can buy different Sounds. Once bought, he can play those sounds in the App. The Sound files are all present in my Resources Folder and I just keep a record(in a plist) of the files that have been purchased. No If I right click on the IAP file and see its content I can see the Resources, hence any one can have those sounds without actually buying them. Is there a protected Bundle or something?

    Read the article

  • Cookiless Session Is it a security risk?

    - by Costa
    Hi http://msdn.microsoft.com/en-us/library/aa479314.aspx You have a user who successfully log in from a machine in Cybercafe, Hacker H able to sniff the network and get the sessionID of the user, Can H use the sessionId and act as the user from another machine? Can H enter http://folder/(session id)/CreditCardInformation.aspx to know the credit card number of the user?

    Read the article

  • Relogging a user in with different Spring Security Authorities programmatically

    - by user1331982
    PreReq: User logs in and is given roles got from the database using a custom implementation of userService. i.e. authentication-provider user-service-ref="securityPolicyService" The implemented method loadUserByUsername gets called and the roles are load for the user for the particular club they are logging into, Default one is loaded first time in. The user then click on a different club from the UI and I call a method on a service that gets the new list of authorities for this club. I then perform the following: Object principle = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); SecureMember sm = (SecureMember) principle; Authentication auth = new UsernamePasswordAuthenticationToken(sm, null, newAuthories); <br><br> SecurityContextHolder.getContext().setAuthentication(auth);<br> request.getSession(false).invalidate(); SecureMember extends User from SpringFramework. The problem is the SecureMember authorities are never updated with the new ones. thanks Gary

    Read the article

  • Application runs fine when executed directly, fails as scheduled task (security issues)

    - by Carl
    I have an application that loads some files from a network share (the input folder), extracts certain data from them and saves new files (zips them with SharpZLib) on a different network share (output folder). This application runs fine when you open it directly, but when it is set to a scheduled task, it fails in numerous places. This application is scheduled on a Win 2003 server. Let me say right off the bat, the scheduled task is set to use the same login account that I am currently logged in with, so it's not because it's using the LocalSystem account. Something else is going on here. Originally, the application was assigning a drive letter to the input folder using WNetGetConnectionA(). I don't remember why this was done, someone else on our team did that and she's gone now. I think there was some issue with using the WinZip command line with a UNC path. I switched from the WinZip command line utility to using SharpZLib because there were other issues with using the WinZip command line. Anyway, the application failed when trying to assign a drive letter with the error "connection already established." That wasn't true and even after trying WNetCancelConnection(), it still didn't work. Then I decided to just map the drive manually on the server. Then when the app calls Directory.Exists(inputFolderPath) it returns false, even though it does exist. So, for whatever reason, I cannot read this directory from within the application. I can manually navigate to this folder in Windows Explorer and open files. The app log file shows that the user executing it on the schedule is the user I expect, not LocalSystem. Any ideas?

    Read the article

  • PHP File System or XML : Security Issue

    - by jasmine
    I want to make a news portal(php) site with minimum mysql force. :create a cron, fetch data from mysql and write to a php file . (I dont know is it right way) But Can I use xml instead of php file? Write mysql data to xml. Is this a secure way? What is the best way? XML or php file? Thanks in advance

    Read the article

  • Authorization security of ASP.NET Forms authentication

    - by Tomi
    I'm using Forms authentication in ASP.NET MVC website and I store user account login name in AuthCookie like this: FormsAuthentication.SetAuthCookie(account.Login, false); I want to ask if there is a possibility that user on client side will somehow manage to change his login name in AuthCookie and thus he will be for example impersonated as someone with higher privileges and authorized to do more actions than he is normally supposed to have. Also is it better to save in this cookie user account login name or user account ID number?

    Read the article

  • Stacked up with web service configuration

    - by Allan Chua
    I'm currently stacked with the web service that im creating right now. when Testing it in local it all works fine but when I try to deploy it to the web server it throws me the following error An error occurred while trying to make a request to URI '...my web service URI here....'. This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for SOAP services. You may need to contact the owner of the service to publish a cross-domain policy file and to ensure it allows SOAP-related HTTP headers to be sent. This error may also be caused by using internal types in the web service proxy without using the InternalsVisibleToAttribute attribute. Please see the inner exception for more details. here is my web config. <?xml version="1.0"?> <configuration> <configSections> </configSections> <system.webServer> <modules runAllManagedModulesForAllRequests="true"> </modules> <validation validateIntegratedModeConfiguration="false" /> <security> <requestFiltering> <requestLimits maxAllowedContentLength="2000000000" /> </requestFiltering> </security> </system.webServer> <connectionStrings> <add name="........" providerName="System.Data.SqlClient" /> </connectionStrings> <appSettings> <!-- Testing --> <add key="DataConnectionString" value="..........." /> </appSettings> <system.web> <compilation debug="true" targetFramework="4.0"> <buildProviders> <add extension=".rdlc" type="Microsoft.Reporting.RdlBuildProvider, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </buildProviders> </compilation> <httpRuntime executionTimeout="1200" maxRequestLength="2000000" /> </system.web> <system.serviceModel> <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" /> <behaviors> <serviceBehaviors> <behavior name="Service1"> <serviceMetadata httpGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" /> <dataContractSerializer maxItemsInObjectGraph="2000000000" /> </behavior> <behavior name=""> <serviceMetadata httpGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="false" /> </behavior> <behavior name="nextSPOTServiceBehavior"> <serviceMetadata httpsGetEnabled="true"/> <serviceDebug includeExceptionDetailInFaults="true" /> <dataContractSerializer maxItemsInObjectGraph="2000000000" /> </behavior> </serviceBehaviors> </behaviors> <bindings> <basicHttpBinding> <binding name="SecureBasic" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647"> <security mode="Transport" /> <readerQuotas maxArrayLength="2000000" maxStringContentLength="2000000"/> </binding> <binding name="BasicHttpBinding_IDownloadManagerService" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647"> <security mode="Transport" /> </binding> </basicHttpBinding> </bindings> <services> <service behaviorConfiguration="nextSPOTServiceBehavior" name="NextSPOTDownloadManagerWebServiceTester.Web.WebServices.DownloadManagerService"> <endpoint binding="basicHttpBinding" bindingConfiguration="SecureBasic" name="basicHttpSecure" contract="NextSPOTDownloadManagerWebServiceTester.Web.WebServices.IDownloadManagerService" /> <!--<endpoint binding="basicHttpBinding" bindingConfiguration="" name="basicHttp" contract="NextSPOTDownloadManagerWebServiceTester.Web.WebServices.IDownloadManagerService" />--> <!--<endpoint address="" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IDownloadManagerService" contract="NextSPOTDownloadManagerWebServiceTester.Web.WebServices.IDownloadManagerService" /> <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />--> </service> </services > </system.serviceModel> </configuration>

    Read the article

  • Disabling security warning caused by BaseIntermediateOutputPath?

    - by Chris R. Donnelly
    Hi all, Our team overrides BaseIntermediateOutputPath (and other related properties) in our Visual Studio projects in order to have build artifacts go outside the main tree. However, this causes an annoying warning dialog to appear when you open a project for the first time in a new location (which happens on new machines, when you check out a branch to a new location, have to delete corrupted .suo/.user files, etc.). Is there any way to disable the warning? FYI, we are using Visual Studio 2008, and we have encountered this warning on Windows XP as well as Windows 7, so it is not UAC-related.

    Read the article

  • PHP Upload file enhance security

    - by mandril
    Hey.. my question is how to prevent someone upload a virus or some malicious code with the extension you pretend for example i have a pdf file uploader, anyone can upload a binary with pdf camouflage there are lots of programs to do that.

    Read the article

  • asp.net forms authentification security issues

    - by Andrew Florko
    Hi there, I have a kind of asp.net forms authentication with the code like that: FormsAuthentication.SetAuthCookie(account.Id.ToString(), true); HttpContext.Current.User = new GenericPrincipal(new GenericIdentity(account.Id.ToString()), null); What kind of additional efforts shall I take to make authentication cookie (that is user id) more securable? (https, encoding for example) Thank you in advance!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 73 74 75 76 77 78 79 80 81 82 83 84  | Next Page >