Search Results

Search found 1458 results on 59 pages for 'protect from forgery'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 8/59 | < Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >

  • Protect some pages from direct access ASP.NET

    - by AZIRAR
    Hey, I have a ASP.NET page called admin.aspx that needs to be protected from direct access. I want it to be accessed only when the user enter his name & password in another page called login.aspx I'm working in ASP.NET with Visual Basic .NET 2008, and I have no idea how to do it. Can you help me doing it ?

    Read the article

  • How do I protect myself?

    - by ved
    I was poking around at my work computer this evening and was looking at my timesheets. I noticed that all my timesheets had variables in the URLs and I could figure out the numbering scheme for the pages. Then I got a little curious about SQL injection and thought of trying out adding simple SQL injections like "OR 1=1" etc. to see how protected we really were with our timesheet info. One of these strings yielded a friendly error page saying that an error email was sent to the developer. I am concerned that my ID, and request will be seen by the developer , immediately recognized as SQL injection and will be reported to network security officer as a malicious attempt by an employee to hack the timesheet dB. what is my defense? I am really worried.

    Read the article

  • Protect iPad settings

    - by Edmund
    I am developing a web application to be run in iPad safari. The iPads will be provided to the customers and the question is - I want to allow access only to the safari browser and not other applications that can be found in the iPad, especially the iPad settings. Is there anyway I can do that in iPad?

    Read the article

  • How should I protect against hard link attacks?

    - by Thomas
    I want to append data to a file in /tmp. If the file doesn't exist I want to create it I don't care if someone else owns the file. The data is not secret. I do not want someone to be able to race-condition this into writing somewhere else, or to another file. What is the best way to do this? Here's my thought: fd = open("/tmp/some-benchmark-data.txt", O_APPEND | O_CREAT | O_NOFOLLOW | O_WRONLY, 0644); fstat(fd, &st); if (st.st_nlink != 1) { HARD LINK ATTACK! } What's the right way? Besides not using a world-writable directory.

    Read the article

  • Protect files from svn commit.

    - by chrsk
    Hey, imagine a plain webapp with a log4j.properties which is under version control. I can't add it to svn:ignore because its a mandatory file. If i make custom changes for development and i don't want to commit them, i have to watch out for accidently commits. For one file it's easy to handle, with 3 or more files it becomes creepy. Is there a way to disable these files temporary from svn commit? So its easiert to commit? I'm working with svn and subclipse.

    Read the article

  • Creating a PHP call home "time bomb" to protect my interests

    - by RC
    Hi everyone, I produced a PHP web app for a client some months back that is hosted on their own server. I have still not been paid for this work, and they are giving me the runaround. It turns out that I still have remote admin access to their server, so I can make code changes. What I was thinking of doing was to move the core kernel off-site onto one of my own servers, and program in some kind of callback or include that gets the kernel (critical functions) from my server. Give it two weeks or so for their backups to catch this change, and then pull the plug and exercise leverage. If I do this, they will pay immediately, because the site is a critical one for a very large and influential client of theirs. What is the most effective and easiest way of doing this? What code do I use? Thanks for any pointers.

    Read the article

  • protect (encrypt) password in the web.config file (asp.net)

    - by Hazro City
    <system.net> <mailSettings> <smtp from="[email protected]" deliveryMethod="Network"> <network clientDomain="www.domain.com" host="smtp.live.com" defaultCredentials="false" port="25" userName=" [email protected] " password="password" enableSsl="true" /> </smtp> </mailSettings> </system.net> This is the case where I need encryption for my password. I searched and googled much on the web but I can’t be able to encrypt anymore. Can anyone help me do this in a simple but secure way.

    Read the article

  • Protect Files from Git

    - by Tanner
    I'm using Git with WindRiver to manage a project of mine. The code is being managed, however the project files (such as .cproject, .project, .wrmakefile, and .wrproject) are not. However when I switch branches, Git deletes those files spite them being in .gitignore, thereby removing my ability to compile the code without having to revert commits or keeping a backup. So, is there a way to say to Git - ignore these files and don't touch them no matter what?

    Read the article

  • Password protect web service

    - by Henrik
    Hi! Is it possible to require user name and password for a web service without changing the code for existing web service? Adding a DLL and configuration would be OK, but I rather not change the web service.

    Read the article

  • protect form hijacking hack

    - by Karem
    Yes hello today I discovered a hack for my site. When you write a msg on a users wall (in my communitysite) it runs a ajax call, to insert the msg to the db and will then on success slide down and show it. Works fine with no problem. So I was rethinking alittle, I am using POST methods for this and if it was GET method you could easily do ?msg=haxmsg&usr=12345679. But what could you do to come around the POST method? I made a new html document, made a form and on action i set "site.com/insertwall.php" (the file that normally are being used in ajax), i made some input fields with names exactly like i am doing with the ajaxcall (msg, uID (userid), BuID (by userid) ) and made a submit button. I know I have a page_protect() function on which requires you to login and if you arent you will be header to index.php. So i logged in (started session on my site.com) and then I pressed on this submit button. And then wops I saw on my site that it has made a new message. I was like wow, was it so easy to hijack POST method i thought maybe it was little more secure or something. I would like to know what could I do to prevent this hijacking? As i wouldnt even want to know what real hackers could do with this "hole". The page_protect secures that the sessions are from the same http user agent and so, and this works fine (tried to run the form without logging in, and it just headers me to startpage) but yea wouldnt take long time to figure out to log in first and then run it. Any advices are appreciated alot. I would like to keep my ajax calls most secure as possible and all of them are running on the POST method. What could I do to the insertwall.php, to check that it comes from the server or something.. Thank you

    Read the article

  • Pop up password protect

    - by steve
    Please not that I fully understand this is a dumb ass idea, but its not my idea. We need to deter people visiting a certain page on our site. It's written in ASP and I don'tknow ASP! Can anyone tell me how I can have a pop up box load when the URL is visited where by people have to enter a username / password. The user name / password should be stored in the javascript. (Yes I know) The only real requirement is that this happen anytime the page is loaded and it stays on that page. So the page is test.asp - javascript pops up they enter credentials and if right remain on test.asp Thanks

    Read the article

  • Protect my PHP App

    - by Abs
    Hello all, I have developed an app and its written in PHP (with a bunch of SQL scripts), this app will be used by a few small companies. For them to use it, I will have to install Apache and SQL Server for them. Every method I have thought has fallen short of what I need. I was actually just hoping to use ZendGuard or IonCube but they don't support PHP 5.3.x. Is there a simpler method where I can maybe store a key in the database and make the app run only when it knows its on that server? Maybe create a key based on some random numbers/letters and the machine name, sql server host name and encode/decode this when ever the system is in use? Thanks all for any help or ideas

    Read the article

  • vba word 2007 - protect document but enable toolbars

    - by laetitas
    I have a document with sections that are protected and unprotected. With Word 2003 the sections that were unprotected had formatting enabled - specifically the bullets and numbering. Now with Word 2007, even though the same sections are unprotected, the bulleting and numbering is disabled. Is there anyway to enable this? I tried playing around with CommandBars but nothing has worked. e.g. Application.CommandBars("Formatting").Enabled = True

    Read the article

  • how to protect an imported win32 dll into a .net application from memory issues

    - by Eric
    I have a c# application that needs to use a legacy win32 dll. The dll is almost its own app, it has dialogs, operations with hardware, etc. When this dll is imported and used, there are a couple of problems that occur: Dragging a dialog (not a windows system dialog, but one created by the dll) across the managed code app causes the UI to not repaint. Further it generates a system out of memory exception from various ui controls. The performance is incredibly slow. There seems to be no way to unload the dll so the memory never gets cleaned up. When we close our managed app, we get another memory exception. At the moment we import each method call as such: [DllImport("dllname.dll", EntryPoint = "MethodName", SetLastError = true, CharSet = CharSet.Auto, ExactSpelling = true, CallingConvention = CallingConvention.StdCall)]

    Read the article

  • How do I protect python code?

    - by Jordfräs
    I am developing a piece of software in python that will be distributed to my employer's customers. My employer wants to limit the usage of the software with a time restricted license file. If we distribute the .py files or even .pyc files it will be easy to (decompile), and remove the code that checks the license file. Another aspect is that my employer do not want the code to be read by our customers, fearing that the code may be stolen or at least the "novel ideas". Is there a good way to handle this problem? Preferably with an off-the-shelf solution. The software will run on Linux systems (so I don't think py2exe will do the trick)

    Read the article

  • Best way to password protect a site? .htacess

    - by Mike Lawsom
    I created/edited a .htaccess file and I got my site password protected fine. Question though: Is there such thing as a URL key? Maybe I'm wording that incorrectly, but I would like to keep my site hidden, but be able to send out a specific URL that can view the site. What's the best way to accomplish this? Thanks in advance.

    Read the article

  • Section of website to be protected by a login

    - by shane
    I have a section of my website where I will have forms. I only want people who have registered with the site to be able to use these forms so that I only have serious customers using them. So what i want to have is a way that people can register on the site and once registered the area with the forms will be available to them and I will know who has sent me a form etc.

    Read the article

  • Nest reinvents smoke detectors. Introduces smart and talking smoke detector that keeps quite when you wave

    - by Gopinath
    Nest, the leading smart thermostat maker has introduced a smart home device today- Nest Protect, a smart, talking smoke & carbon monoxide detector that can quite when you wave your hand. Less annoyances and more intelligence Smoke detectors are around for hundreds of years and playing a major role in providing safety from fire accidents at home. But the technology of these devices is stale and there is no major innovation for the past several years. With the introduction of Nest Protect, the landscape of smoke detectors is all set to change just like how Nest thermostat redefined the industry two years ago. Nest Protect is internet enabled and equipped with motion- and smoke-detection sensors so that when it starts beeping you can silence it by waving hand instead of doing circus feats to turn off the alarm. Everyone who cooks in a home equipped with smoke detector would know how annoying it is to turn off sensitive smoke detectors that goes off control quite often. Apart from addressing the annoyances of regular smoke detector, Nest Protect has talking capabilities. It can alert users with clear & actionable instructions when it detects a danger. Instead of harsh beeps it actually speak to you so you know what is happening. It will tell you what smoke it has detected and in which room it is detected. Multiple Nest Protects installed in a home can communicate with each other. Lets say that there is a smoke in bed room, the Nest Protect installed in bed room shares this information to all Nest Protects installed in the home and your kitchen device can alert you that there is a smoke in bed room. There is an App for that The internet enabled Nest Protect has an app to view its status and various alerts. When the Protect is running on low battery it alerts you to replace them soon. If there is a smoke at home and you are away, you will get message alerts. The app works on all major smartphones as well as tablets. Auto shuts down gas furnaces/heaters on smoke Apart from forming a network with other Nest Protect devices installed at home, they can also communicate with Nest Thermostat if it is installed. When carbon monoxide is detected it can shut off your gas furnace automatically. Also with the help of motion detectors it improves Nest Thermostat’s auto-away functionality. It looks elegant and costs a lot more than a regular smoke detector Just like Nest Thermostat, Nest Protect is elegant and adorable. You just fall in love with it the moment you see it. It’s another master piece from the designer of Apple’s iPod. All is good with the Nest Protect, except the price!! It costs whooping $129, which is almost 4 times more expensive than the best selling conventional thermostats available at $30. A single bed room apartment would require at least 3 detectors and it costs around $390 to install Nest Protects compared to 90$ required for conventional smoke detectors. Though Nest Thermostat is an expensive one compared to conventional thermostats, it offered great savings through its intelligent auto-away feature. Users were able to able to see returns on their investments. If Nest Protect also can provide good return on investment the it will be very successful.

    Read the article

  • Guarding against CSRF Attacks in ASP.NET MVC2

    - by srkirkland
    Alongside XSS (Cross Site Scripting) and SQL Injection, Cross-site Request Forgery (CSRF) attacks represent the three most common and dangerous vulnerabilities to common web applications today. CSRF attacks are probably the least well known but they are relatively easy to exploit and extremely and increasingly dangerous. For more information on CSRF attacks, see these posts by Phil Haack and Steve Sanderson. The recognized solution for preventing CSRF attacks is to put a user-specific token as a hidden field inside your forms, then check that the right value was submitted. It's best to use a random value which you’ve stored in the visitor’s Session collection or into a Cookie (so an attacker can't guess the value). ASP.NET MVC to the rescue ASP.NET MVC provides an HTMLHelper called AntiForgeryToken(). When you call <%= Html.AntiForgeryToken() %> in a form on your page you will get a hidden input and a Cookie with a random string assigned. Next, on your target Action you need to include [ValidateAntiForgeryToken], which handles the verification that the correct token was supplied. Good, but we can do better Using the AntiForgeryToken is actually quite an elegant solution, but adding [ValidateAntiForgeryToken] on all of your POST methods is not very DRY, and worse can be easily forgotten. Let's see if we can make this easier on the program but moving from an "Opt-In" model of protection to an "Opt-Out" model. Using AntiForgeryToken by default In order to mandate the use of the AntiForgeryToken, we're going to create an ActionFilterAttribute which will do the anti-forgery validation on every POST request. First, we need to create a way to Opt-Out of this behavior, so let's create a quick action filter called BypassAntiForgeryToken: [AttributeUsage(AttributeTargets.Method, AllowMultiple=false)] public class BypassAntiForgeryTokenAttribute : ActionFilterAttribute { } Now we are ready to implement the main action filter which will force anti forgery validation on all post actions within any class it is defined on: [AttributeUsage(AttributeTargets.Class, AllowMultiple = false)] public class UseAntiForgeryTokenOnPostByDefault : ActionFilterAttribute { public override void OnActionExecuting(ActionExecutingContext filterContext) { if (ShouldValidateAntiForgeryTokenManually(filterContext)) { var authorizationContext = new AuthorizationContext(filterContext.Controller.ControllerContext);   //Use the authorization of the anti forgery token, //which can't be inhereted from because it is sealed new ValidateAntiForgeryTokenAttribute().OnAuthorization(authorizationContext); }   base.OnActionExecuting(filterContext); }   /// <summary> /// We should validate the anti forgery token manually if the following criteria are met: /// 1. The http method must be POST /// 2. There is not an existing [ValidateAntiForgeryToken] attribute on the action /// 3. There is no [BypassAntiForgeryToken] attribute on the action /// </summary> private static bool ShouldValidateAntiForgeryTokenManually(ActionExecutingContext filterContext) { var httpMethod = filterContext.HttpContext.Request.HttpMethod;   //1. The http method must be POST if (httpMethod != "POST") return false;   // 2. There is not an existing anti forgery token attribute on the action var antiForgeryAttributes = filterContext.ActionDescriptor.GetCustomAttributes(typeof(ValidateAntiForgeryTokenAttribute), false);   if (antiForgeryAttributes.Length > 0) return false;   // 3. There is no [BypassAntiForgeryToken] attribute on the action var ignoreAntiForgeryAttributes = filterContext.ActionDescriptor.GetCustomAttributes(typeof(BypassAntiForgeryTokenAttribute), false);   if (ignoreAntiForgeryAttributes.Length > 0) return false;   return true; } } The code above is pretty straight forward -- first we check to make sure this is a POST request, then we make sure there aren't any overriding *AntiForgeryTokenAttributes on the action being executed. If we have a candidate then we call the ValidateAntiForgeryTokenAttribute class directly and execute OnAuthorization() on the current authorization context. Now on our base controller, you could use this new attribute to start protecting your site from CSRF vulnerabilities. [UseAntiForgeryTokenOnPostByDefault] public class ApplicationController : System.Web.Mvc.Controller { }   //Then for all of your controllers public class HomeController : ApplicationController {} What we accomplished If your base controller has the new default anti-forgery token attribute on it, when you don't use <%= Html.AntiForgeryToken() %> in a form (or of course when an attacker doesn't supply one), the POST action will throw the descriptive error message "A required anti-forgery token was not supplied or was invalid". Attack foiled! In summary, I think having an anti-CSRF policy by default is an effective way to protect your websites, and it turns out it is pretty easy to accomplish as well. Enjoy!

    Read the article

  • How to deal with Denial of Service attack and Session fixation and Cross Site request forgery in Rai

    - by Gautam
    Hi, I have just started learning Ruby on Rails. I happened to look for prevention of DNS attacks in Rails and ended up reading about DNS, Session fixation and Cross Site request forgery in Rails? How do you prevent all the above three attacks?? Could you suggest me a good tutorial on how to deal with attack in RoR? Looking forward for your help Thanks in advance Regards, Gautam

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >