Search Results

Search found 25503 results on 1021 pages for 'browser security'.

Page 8/1021 | < Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >

  • Detecting if a browser is using Private Browsing mode

    - by Steve
    I'm building an extranet for a company paranoid about security. They want to make sure that (among other things) their users are browsing the site with the Private Browsing mode switched on in their web browser so that no cookies or history is kept. I found only this http://jeremiahgrossman.blogspot.com/2009/03/detecting-private-browsing-mode.html and http://serverfault.com/questions/18966/force-safari-to-operate-in-private-mode-and-detect-that-state-from-a-webserver The ideal solution would use no or minimal javascript. Would attempting to set a unique cookie work for all browsers and platforms? Anyone done this before? thanks!

    Read the article

  • Images with unknown content: Dangerous for a browser?

    - by chris_l
    Let's say I allow users to link to any images they like. The link would be checked for syntactical correctness, escaping etc., and then inserted in an <img src="..."/> tag. Are there any known security vulnerabilities, e.g. by someone linking to "evil.example.com/evil.jpg", and evil.jpg contains some code that will be executed due to a browser bug or something like that? (Let's ignore CSRF attacks - it must suffice that I will only allow URLs with typical image file suffixes.)

    Read the article

  • Turning a board game idea into a browser based, slow paced gameplay

    - by guillaume31
    Suppose I want to create a strategy game with global mutable state shared between all players (think game board). But unlike a board game, I don't want it to be real time action and/or turn-based. Instead, players should be able to log in at any time of the day and spend a fixed number of action points per day as they wish. As opposed to a few hours, game sessions would run over a few weeks. This is meant to reward good strategy rather than time spent playing (as an alternative, hardcore players could always play multiple games in parallel instead) as well as all kind of issues related to live playing like disconnections and synchronization. The game should remain addictive still have a low time investment footprint for casual players. So far so good, but this still leaves open the question of when to solve actions and when they should be visible. I want to avoid "ninja play" like doing all your moves just a few minutes before daily point reset to take other players by surprise, or people spamming F5 to place a well-timed action which would defeat the whole point of a non real-time game. I thought of a couple of approaches to that : Resolve all events in a single scheduled process running once a day. This basically means a "blind" gameplay where players can take actions but don't see their results immediately. The thing is, I played a similar browser game a few years ago and didn't like the fact that you feel disconnected and powerless until there's that deus ex machina telling you what really happened during all that time. You see the world evolve in large increments of one day, which often doesn't seem like seeing it evolve at all. For actions that have an big impact on the game or on other players (attacks, big achievements), make them visible to everyone immediately but delay their effect by something like 24 hours. Opposing players could be notified when such an event happens, so that they can react to it. Do you have any other ideas how I could go about solving this ? Are there any known approaches in similar existing games ?

    Read the article

  • HTML5 or Javascript game engine to develop a browser game

    - by Jack Duluoz
    I would like to start developing a MMO browser game, like Travian or Ogame, probably involving also a bit of more sophisticated graphical features such as players interacting in real time with a 2d map or something like that. My main doubt is what kind of development tools I should use: I've a good experience with PHP and MySQL for the server side and Javascript (and jQuery) regarding the client side. Coding everything from scratch would be of course really painful so I was wondering if I should use a javascript game engine or not. Are there (possibly free) game engine you would recommend? Are they good enough to develop a big game? Also, I saw a lot of HTML5 games popping up lately but I'm now sure if using HTML5 is a good idea or not. Would you recommend it? What are the pro and cons about using HTML5? If you'd recommend it, do you have any good links regarding game development with HTML5? (PS: I know that HTML5 and a Javascript engine are not mutually exclusive, I just didn't know how to formulate a proper title since English is not my main language. So, please, answer addressing HTML5 and a game engine pro and cons separately)

    Read the article

  • Software design of a browser-based strategic MMO game

    - by Mehran
    I wonder if there are any known tested software designs for Travian-like browser-based strategic MMO games? I mean how would they implement the server of such games or what is stored in database and what is stored in RAM? Is the state of the world stored in one piece or is it distributed among a number of storage? Does anyone know a resource to study the problems and solutions of creating such games? [UPDATE] Suggested in comments, I'm going to give an example how would I design such a project. Even though I'm not sure if I'm proposing the right one. Having stored the world state in a MongoDB, I would implement an event collection in which all the changes to the world will register. Changes that are meant to happen in the future will come with an action date set to the future and those that are to be carried out immediately will be set to now. Having this datastore as the central point of the system, players will issue their actions as events inserted in datastore. At the other end of the system, I'll have a constant-running software taking out events out of the datastore which are due to be carried out and not done yet. Executing an event means apply some update on the world's state and thus the datastore. As scalable as this design sounds, I'm not sure if it will be worth implementing. For one, it is pointless to cache the datastore as most of updates happen once without any follow ups. For instance if you have the growth of resources in your game, you'll be updating the whole world state periodically in which case, having incorporated a cache, you are keeping the whole world in RAM (which most likely is impossible). So can someone come up with a better design?

    Read the article

  • How to implment the database for event conditions and item bonuses for a browser based game

    - by Saifis
    I am currently creating a browser based game, and was wondering what was the standard approach in making diverse conditions and status bonuses database wise. Currently considering two cases. Event Conditions Needs min 1000 gold Needs min Lv 10 Needs certain item. Needs fulfillment of another event Status Bonus Reduces damage by 20% +100 attack points Deflects certain type of attack I wish to be able to continually change these parameters during the process of production and operation, so having them hard-coded isn't the best way. All I could come up with are the following two methods. Method 1 Create a table that contains each conditions with needed attributes Have a model named conditions with all the attributes it would need to set them conditions condition_type (level, money_min, money_max item, event_aquired) condition_amount prerequisite_condition_id prerequisite_item_id Method 2 write it in a DSL form that could be interpreted later in the code Perhaps something like yaml, have a text area in the setting form and have the code interpret it. condition_foo: condition_type :level min_level: 10 condition_type :item item_id: 2 At current Method 2 looks to be more practical and flexible for future changes, trade off being that all the flex must be done on the code side. Not to sure how this is supposed to be done, is it supposed to be hard coded? separate config file? Any help would be appreciated. Added For additional info, it will be implemented with Ruby on Rails

    Read the article

  • Getting Started with Media Browser for Windows Media Center

    - by DigitalGeekery
    If you are a Windows Media Center user, you’ll really want to check out Media Browser. The Media Browser plug-in for Windows Media Center takes your digital media files and displays them in a visually appealing, user friendly interface, complete with images and metadata. Requirements Windows 7 or Vista Microsoft .Net 3.5 Framework  Preparing your Media Files For Media Browser to be able to automatically download images and metadata for your media libraries, your files will have to be correctly named. For example, if you have an mp4 file of the movie Batman Begins, it needs to be named Batman Begins.mp4. It cannot be Batmanbegins.mp4 or Batman-begins.mp4. Otherwise, it’s unlikely that Media Browser will display images and metadata. If you find some of your files aren’t pulling cover art or metadata, double-check the official title of the media on a site like IMBD.com. TV Show files TV show files are handled a bit differently. Every TV series in your collection must have a main folder with the show’s name and individual subfolders for each season. Here is an example of folder structure and supported naming conventions. TV Shows\South Park\Season 1\s01e01 – episode 1.mp4 TV Shows\South Park\Season 1\South Park 1×01 – episode 1.mp4 TV Shows\South Park\Season 1\101 – episode 1.mp4  Note: You need to always have a Season 1 folder even if the show only has only one season. If you have several seasons of a particular show, but don’t happen to have Season 1, simply create a blank season 1 folder. Without a season 1 folder, other seasons will not display properly. Installation and Configuration Download and run the latest Media Browser .msi file by taking the defaults. (Download link below) When you reach the final window, leave the “Configure initial settings” box checked, and click “Finish.” You may get a pop up window informing you that folder permissions are not set correctly for Media Browser. Click “Yes.” Adding Your Media The Browser Configuration Tool should have opened automatically. If not, you can open it by going to Start > All Programs > Media Browser > Media Browser Configuration Wizard. To begin adding media files, click “Add.” Browse for a folder that contains media files and click “OK.” Here we are adding a folder with a group of movie files. You can add multiple folders to each media library. For example, if you have movie files stored in 4 or 5 different folders, you can add them all under a single library in Media Browser.  To add additional folders, click the “Add” button on the right side under your currently added folder. The “Add” button to the left will add an additional Media Library, such as one for TV Shows. When you are finished, close out of the Media Browser Configuration Tool. Open Windows Media Center. You will see Media Browser tile on the main interface. Click to open it. When you initially open Media Browser, you will be prompted to run the initial configuration. Click “OK.” You will see a few general configuration options. The important option is the Metadata. Leave this option checked (it is by default) if you wish to pull images & other metadata for your media. When finished, click “Continue,” and then “OK” to restart Media Browser. When you re-enter Media Browser you’ll see your Media Categories listed below, and recently added files in the main display. Click on a Media Library to view the files.   Click “View” at the top to check out some of the different display options to choose from. Below you see can “Detail.” This presents your videos in a list to the left. When you hover over a title, the synopsis and cover art is displayed to the right. “Cover Flow” displays your titles in a right to left format with mirror cover art. “Thumb Strip” displays your titles in a strip along the bottom with a synopsis, image, and movie data above. Configurations Settings and options can be changed through the Media Browser Configuration Tool, or directly in Media Browser by clicking on the “Wrench” at the bottom right of the main Media Browser page. Certain settings may only be available in one location or the other. Some will be available in both places.   Plug-ins and Themes Media Browser features a variety of Plug-ins and Themes that can add optional customization and slick visual appeal. To install plug-ins or themes, open the Media Browser Configuration Tool. Click on the “plug-ins” tab, and then the “More Plug-ins…” button. Note: Clicking on “Advanced” at the top will reveal several additional configuration tabs. Browse the list of plug-ins on the left. When you find want you like, select it and then click “Install.” When the install is complete, you’ll see them listed under “Installed Plug-ins.” To activate any installed theme, click on the “Display” tab. Select it from the Visual Theme drop down list. Close out of the Media Browser Configuration Tool when finished. Some themes, such as the “Diamond” theme shown below, include optional views and settings which can be accessed through a configuration button at the top of the screen. Clicking on the movie gives you additional images and information such as a synopsis, runtime, IMDB rating…   … and even actors and character names.   All that’s left is to hit “Play” when you’re ready to watch.   Conclusion Media Browser is a fantastic plug-in that brings an entirely different level of media management and aesthetics to Windows Media Center. There are numerous additional customizations and configurations we have not covered here such as adding film trailers, music support, and integrating Recorded TV. Media Browser will run on both Windows 7 and Vista. Extenders are also supported but may require additional configuration. Download Media Browser Similar Articles Productive Geek Tips Using Netflix Watchnow in Windows Vista Media Center (Gmedia)Schedule Updates for Windows Media CenterIntegrate Hulu Desktop and Windows Media Center in Windows 7Add Color Coding to Windows 7 Media Center Program GuideIntegrate Boxee with Media Center in Windows 7 TouchFreeze Alternative in AutoHotkey The Icy Undertow Desktop Windows Home Server – Backup to LAN The Clear & Clean Desktop Use This Bookmarklet to Easily Get Albums Use AutoHotkey to Assign a Hotkey to a Specific Window Latest Software Reviews Tinyhacker Random Tips DVDFab 6 Revo Uninstaller Pro Registry Mechanic 9 for Windows PC Tools Internet Security Suite 2010 If it were only this easy SyncToy syncs Files and Folders across Computers on a Network (or partitions on the same drive) Classic Cinema Online offers 100’s of OnDemand Movies OutSync will Sync Photos of your Friends on Facebook and Outlook Windows 7 Easter Theme YoWindoW, a real time weather screensaver

    Read the article

  • Security Talk Webcast: Agile Security - Develop Code Rapidly and Securely with SDL-Agile

    Find out how SDL and Agile can be made to work well together - and in many ways actually work better together than separately. Get an in-depth look at the new MSF-Agile+SDL process template for Visual Studio Team System that can help development teams integrate SDL-Agile tasks directly into their Visual Studio development environments....Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Logging Virus Definition Updates for MS Security Essentials in The Security Event Log

    - by Steve
    I would like to log a security in event in Windows 7 whenever the Microsoft Security Essentials 2 virus definition files are updates, deleted, or changed. I was expecting to do this with an Audit setting on one of the MS Security Essentials folders but I wasn't sure which one and how to avoid getting swamped with messages. What folder or files should I audit to track definition updates (or corruption) in the security events or is there a better approach?

    Read the article

  • Small projects using the cathedral model: does open-source lower security?

    - by Anto
    We know of Linus' law: With enough eyeballs all bugs are shallow In general, people seem to say that open-source software is more secure because of that very thing, but... There are many small OSS projects with just 1 or 2 developers (the cathedral model, as described by ESR). For these projects, does releasing the source-code actually lower the security? For projects like the Linux kernel there are thousands of developers and security vulnerabilities are quite likely going to be found, but when just some few people look through the source code, while allowing crackers (black hat hackers) to see the source as well, is the security lowered instead of increased? I know that the security advantage closed-source software has over OSS is security through obscurity, which isn't good (at all), but it could help to some degree, at least by giving those few devs some more time (security through obscurity doesn't help with the if but with the when). EDIT: The question isn't whether OSS is more secure than non-OSS software but if the advantages for crackers are greater than the advantages for the developers who want to prevent security vulnerabilities from being exploited.

    Read the article

  • Stairway to SQL Server Security: Level 1, Overview of SQL Server Security

    The ubiquity of databases and the potentially valuable information stored in them makes them attractive targets for people who want to steal data or harm its owner by tampering with it. Making sure that your data is secure is a critical part of configuring SQL Server and developing applications that use it to store data. 12 must-have SQL Server toolsThe award-winning SQL Developer Bundle contains 12 tools for faster, simpler SQL Server development. Download a free trial.

    Read the article

  • Releasing the new Sample Browser Phone app

    - by Jialiang
    Originally posted on: http://geekswithblogs.net/Jialiang/archive/2014/06/05/releasing-the-new-sample-browser-phone-app.aspx Starting its journey in 2010, Sample Browser is achieving its tetralogy by releasing a Windows Phone version Sample Browser today. The new Windows Phone app is the fourth milestone of Sample Browser since we released the desktop version and the Visual Studio version in 2012 and the Windows Store version in 2013. This time, by providing a sample browser designed for a ‘walking’ platform in response to MVPs’ suggestions during last year’s MVP Global Summit, we are literally putting a world of code samples "at developers’ fingertips”. If you like to have a code gallery of over 7000 quality code samples in your pocket, then click here to download our Windows Phone Sample Browser and start a fantastic mobile experience. With Windows Phone version Sample Browser and the Internet, you can search for code samples on MSDN at anytime and anywhere you want, 24/7 and–even to bed. You can also check code sample details and share them with your friends. Compared to the other 3 pieces in the tetralogy (desktop version, Visual Studio version, and the Windows Store version), the Windows Phone version Sample Browser sells itself for convenience and instant connectivity. For those who need to reach code samples under mobile circumstances where no PCs is available, Windows Phone version Sample Browser will definitely be the right service you are seeking for. Aside from sharing samples via emails as the other 3 do, the Windows Phone version Sample Browser also allows you to share the sample via SMS and Near Field Communication (NFC).   What's Next Currently, the Windows Phone Sample Browser only supports online MSDN code searching, but we already plan to upgrade Sample Browser to allow users to do ‘Bing code search’, and add and manage their private code snippets.  We will also upgrade the app to universal app. Universal App is a new concept brought up in the Microsoft Build Developer Conference 2014. It is a new development model that allows for a single app to be deployed across multiple Windows devices such as Windows Phone, Windows 8.1, and XBox. Therefore, once we finish upgrading Sample Browser to a universal app, you can synchronize your own code snippets across different devices; You can also mark a code sample as favorite on your Windows Phone and continue to study the sample when you are on your desktop. By then, sharing data between platforms will be a piece of cake. Also, the user experience of Sample Browser on different platforms will be more consistent.  The best is yet to come!   We sincerely suggest you give Sample Browser a try (click here to download). If you love what you see in Sample Browser, please recommend it to your friends and colleagues. If you encounter any problems or have any suggestions for us, please contact us at [email protected]. Your precious opinions and comments are more than welcome.

    Read the article

  • Writing files in a sub folder of the web folder (apache security)

    - by Homunculus Reticulli
    I need to save session data for a dynamic web page script by writing to file. I have two questions: Are there any security preferences as to whether to save the data UNDER the web folder, or OUTSIDE the web folder? I attempted to write to the folder an (unsuprisingly), I had a 'file permission refused' type error. Should I set the folder ownership to the apache user (600, 640 or 644?) [[Edit]] core <- 'OUTSIDE' web folder (php script live here) data <- 'OUTSIDE' web folder (session data and other misc data resides here) web <- web root folder js <- any folder below is 'INSIDE' the web folder css html For example, in a php script (i.e. a dynamic PHP page), I can attempt to write to a file using something like fput('../data',data) yet (as I understand it) ../data should not be accessible - for security reasons. Could someone please provide a simple example that shows how to provide access to ../data/ in the example given above?. What are the actual SPECIFIC steps required? BTW, I am running on a LAMP stack.

    Read the article

  • Security Goes Underground

    - by BuckWoody
    You might not have heard of as many data breaches recently as in the past. As you’re probably aware, I call them out here as often as I can, especially the big ones in government and medical institutions, because I believe those can have lasting implications on a person’s life. I think that my data is personal – and I’ve seen the impact of someone having their identity stolen. It’s a brutal experience that I wouldn’t wish on anyone. So with all of that it stands to reason that I hold the data professionals to the highest standards on security. I think your first role is to ensure the data you have, number one because it can be so harmful, and number two because it isn’t yours. It belongs to the person that has that data. You might think I’m happy about that downturn in reported data losses. Well, I was, until I learned that companies have realized they suffer a lowering of their stock when they report it, but not when they don’t. So, since we all do what we are measured on, they don’t. So now, not only are they not protecting your information, they are hiding the fact that they are losing it. So take this as a personal challenge. Make sure you have a security audit on your data, and treat any breach like a personal failure. We’re the gatekeepers, so let’s keep the gates. Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!

    Read the article

  • Security Risks of Unsigned ClickOnce Manifests

    - by Tom Tom
    Using signed manifests in ClickOnce deployments, it is not possible to modify files after the deployment package has been published - installation will fail as hash information in the manifest won't match up with the modified files. I recently stumbled upon a situation where this was problematic - customers need to be able to set things like connection strings in app.config before deploying the software to their users. I got round the problem by un-checking the option to "Sign the ClickOnce manifests" in VS2010 and explicitly excluding the app.config file from the list of files to have hashes generated during the publish process. From a related page on MSDN "Unsigned manifests can simplify development and testing of your application. However, unsigned manifests introduce substantial security risks in a production environment. Only consider using unsigned manifests if your ClickOnce application runs on computers within an intranet that is completely isolated from the internet or other sources of malicious code." In my situation, this isn't an immediate problem - the deployment won't be internet-facing. However, I'm curious to learn what the "substantial security risks" of what I've done would be if it was internet-facing (or if things changed and it needed to be in the future). Thanks in advance!

    Read the article

  • chrome extension login security with iframe

    - by Weaver
    I should note, I'm not a chrome extension expert. However, I'm looking for some advice or high level solution to a security concern I have with my chrome extension. I've searched quite a bit but can't seem to find a concrete answer. The situation I have a chrome extension that needs to have the user login to our backend server. However, it was decided for design reasons that the default chrome popup balloon was undesirable. Thus I've used a modal dialog and jquery to make a styled popup that is injected with content scripts. Hence, the popup is injected into the DOM o the page you are visiting. The Problem Everything works, however now that I need to implement login functionality I've noticed a vulnerability: If the site we've injected our popup into knows the password fields ID they could run a script to continuously monitor the password and username field and store that data. Call me paranoid, but I see it as a risk. In fact,I wrote a mockup attack site that can correctly pull the user and password when entered into the given fields. My devised solution I took a look at some other chrome extensions, like Buffer, and noticed what they do is load their popup from their website and, instead, embed an iFrame which contains the popup in it. The popup would interact with the server inside the iframe. My understanding is iframes are subject to same-origin scripting policies as other websites, but I may be mistaken. As such, would doing the same thing be secure? TLDR To simplify, if I embedded an https login form from our server into a given DOM, via a chrome extension, are there security concerns to password sniffing? If this is not the best way to deal with chrome extension logins, do you have suggestions with what is? Perhaps there is a way to declare text fields that javascript can simply not interact with? Not too sure! Thank you so much for your time! I will happily clarify anything required.

    Read the article

  • Custom Glassfish Security Realm does not work (unable to find LoginModule)

    - by ifischer
    I'm trying to get a Custom Security Realm in Glassfish working (i tried 3.0.1 final and 3.1 B33). I read nearly all tutorials about this, but it doesn not work on my System. I'm getting the error Login failed: javax.security.auth.login.LoginException: unable to find LoginModule class: de.company.security.utility.CustomLoginModule when trying to login. Here is what i did: I created a little Maven project, which contains the needed Realm class, CustomRealm, and the corresponding LoginModule, CustomLoginModule. My pom.xml: <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.mycompany</groupId> <artifactId>CustomJDBCRealm</artifactId> <version>1.0-SNAPSHOT</version> <packaging>jar</packaging> <name>Custom JDBCRealm</name> <url>http://maven.apache.org</url> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> </properties> <dependencies> <dependency> <groupId>org.glassfish.security</groupId> <artifactId>security</artifactId> <version>3.1-b33</version> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <configuration> <source>1.6</source> <target>1.6</target> <optimise>true</optimise> <debug>true</debug> <encoding>UTF-8</encoding> </configuration> </plugin> </plugins> </build> </project> My Custom Realm class: package de.company.security.utility; import com.sun.appserv.security.AppservRealm; import com.sun.enterprise.security.auth.realm.BadRealmException; import com.sun.enterprise.security.auth.realm.InvalidOperationException; import com.sun.enterprise.security.auth.realm.NoSuchRealmException; import com.sun.enterprise.security.auth.realm.NoSuchUserException; import java.util.Enumeration; import java.util.Properties; import java.util.Vector; /** * * @author ifischer */ public class CustomRealm extends AppservRealm { Vector<String> groups = new Vector<String>(); private String jaasCtxName; private String startWith; @Override public void init(Properties properties) throws BadRealmException, NoSuchRealmException { jaasCtxName = properties.getProperty("jaas-context", "customRealm"); startWith = properties.getProperty("startWith", "z"); groups.add("dummy"); } @Override public String getAuthType() { return "Custom Realm"; } public String[] authenticate(String username, char[] password) { // if (isValidLogin(username, password)) return (String[]) groups.toArray(); } @Override public Enumeration getGroupNames(String username) throws InvalidOperationException, NoSuchUserException { return groups.elements(); } @Override public String getJAASContext() { return jaasCtxName; } public String getStartWith() { return startWith; } } My LoginModule class: /* * Copyright (c) 2010 ProfitBricks GmbH. All Rights Reserved. */ package de.company.security.utility; import com.sun.appserv.security.AppservPasswordLoginModule; import com.sun.enterprise.security.auth.login.common.LoginException; import java.util.Set; import org.glassfish.security.common.PrincipalImpl; /** * * @author ifischer */ public class CustomLoginModule extends AppservPasswordLoginModule { @Override protected void authenticateUser() throws LoginException { _logger.info("CustomRealm : authenticateUser for " + _username); final CustomRealm realm = (CustomRealm)_currentRealm; if ( (_username == null) || (_username.length() == 0) || !_username.startsWith(realm.getStartWith())) throw new LoginException("Invalid credentials"); String[] grpList = realm.authenticate(_username, getPasswordChar()); if (grpList == null) { throw new LoginException("User not in groups"); } _logger.info("CustomRealm : authenticateUser for " + _username); Set principals = _subject.getPrincipals(); principals.add(new PrincipalImpl(_username)); this.commitUserAuthentication(grpList); } } I compiled this Maven project and copyied the resulting JAR-file to the Glassfish/lib directory. Then i added the Security Realm "customRealm" to my Glassfish with asadmin: asadmin create-auth-realm --classname de.company.security.utility.CustomRealm --property jaas-context=customRealm:startWith=a customRealm I even referenced the LoginModule class for the JAAS context of my Custom Realm, therefore i inserted this into the login.conf of my domain: customRealm { de.company.security.utility.CustomLoginModule required; }; Although this LoginModule SHOULD BE on the Glassfish classpath, as it's classfiled is packaged in the JAR that i put into the Glassfish/lib-dir, it cannot be found when i try to login. For login, i build a really simple JSF-project, which calls the HttpServletRequest-login-method of Servlet 3.0. When trying to login i'm getting the following Exception: 2010-12-24T14:41:31.613+0100|WARNING|glassfish3.0.1| javax.enterprise.system.container.web.com.sun.web.security|_ThreadID=25; _ThreadName=Thread-1;|Web login failed: Login failed: javax.security.auth.login.LoginException: unable to find LoginModule class: de.company.security.utility.CustomLoginModule Anybody got an idea what i can do that Glassfish loads the LoginModule-class?

    Read the article

  • Force a browser to load the 'https' edition of a website, not the 'http'?

    - by warren
    This is similar to this previous question, but I believe it's a bit different*. Sites like GMail support a preference that pushes all traffic through the SSL edition of the site rather than the plain-text protocol. For sites that don't offer such preferences (or ones that may, but I have been unable to find, like facebook), is there a way using only the browser (perhaps with a plugin or addon) to always try SSL first, and fall-back to plain-text iff SSL fails? Is that solution available on Windows, Mac OS X, and Linux? Just one? * The previous question was looking for external applications that would accomplish this goal.

    Read the article

  • Spring security with GAE

    - by xybrek
    I'm trying to implement Spring security for my GAE application however I'm getting this error: No bean named 'springSecurityFilterChain' is defined I added this configuration on my application web.xml: <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> And in the servlet-context: <!-- Configure security --> <security:http auto-config="true"> <security:intercept-url pattern="/**" access="ROLE_USER" /> </security:http> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider> <security:user-service> <security:user name="jimi" password="jimi" authorities="ROLE_USER, ROLE_ADMIN" /> <security:user name="bob" password="bob" authorities="ROLE_USER" /> </security:user-service> </security:authentication-provider> </security:authentication-manager> What could be causing the error?

    Read the article

  • Could someone explain Spring Security BasePermission.Create?

    - by Matthew Sowders
    I am working on a project that involves Spring Security ACL and I came across the create permission BasePermission.CREATE. Would someone please explain how this is supposed to work or what it allows someone to do? It is my understanding that each object has an acl, and each acl has many ace's, and each ace has an sid and a permission. How can you grant permission on an object to create it, if it must be created in order to attach the acl to it?

    Read the article

  • Can't work out security

    - by user215351
    I installed Ubuntu on puter I am the only user I alone use. I was trying a to find out how to repair hardware faults. Surprised to find I was not the owner and that there is a password that locks me out. I only set one password during set up so what is this mysterious password. As far as I'm concerned it is overdone on security, Im sick of authenticating every 3 seconds. I need a simpler system

    Read the article

  • Worst security hole you've seen?

    - by Si
    Subject says it all, probably a good idea to keep details basic to protect the guilty. FWIW, here's a question about what to do if you find a security hole, and another with some useful answers if a company doesn't (seem to) respond.

    Read the article

  • Security risks posed by specifying technologies used

    - by SabreWolfy
    I am developing online tools for non-commercial use, which are hosted on dedicated hardware. I would like to include logos indicating the technologies I used (Apache or Python for example), at the bottom of the page. What are the security risks/implications, if any, of "advertizing" this information? It is better not to reveal that the web server is Apache, and that I used Pyhton and jQuery, for example?

    Read the article

  • Microsoft Blacklists Google, Windows 8 Integrated Security

    According to researcher Brian Krebs, millions of surfers were affected by the error which was caused by two of Microsoft's antivirus solutions in the form of Microsoft Security Essentials and the business-related Microsoft Forefront. Both received updates as part of Microsoft's traditional Patch Tuesday on February 14, and those patches are believed to be the cause behind Google's incorrect blacklisting. The false positive alert specifically tagged the search site as being infected with the infamous Blackhole Exploit Kit, which reportedly gives cybercriminals the power to create their own bo...

    Read the article

< Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >