PHP Programming Spam Prevention
- by user281354
What is the most secure way to fight spam?Any algorithm?Or way to fight back spammers?
Search Results
Search found 5864 results on 235 pages for 'secure gateway'.
Page 80/235 | < Previous Page | 76 77 78 79 80 81 82 83 84 85 86 87 | Next Page >
-
-
vb.net .aspxauth
- by Morgan
I am working with a large site trying to implement web parts for particular users in a particular subdirectory but I can't get the .ASPXAUTH cookie to be recognized. I've read dozens of tutorials and MS class library pages that tell me how it should work to no avail. I am brand new to Web parts, so I'm sorry if I'm unclear. The idea is that logged in users can travel the site, but then when they go to their dashboard, they are programmatically authenticated using Membership and FormsAuthentication to pull up their Personalization. When I step through the code, I can see the cookie being set, and that it exists on the following page, but Membership.GetUser() and User.Identity are both empty. I know the user exists because I created it programmatically using Membership.CreateUser() and I can see it when I do Membership.GetAllUsers() and it's online when i use Membership.GetUser(username) but the Personalization doesn't work. Right now, I'm just trying to get the proof of concept going. I've tried creating the ticket and cookie myself, and also using SetAuthCookie() (code follows). I really just need a clue as to what to look for. Here's the "login" page... If Membership.ValidateUser(testusername, testpassword) Then -- Works FormsAuthentication.SetAuthCookie(testusername, true) Response.Redirect("webpartsdemo1.aspx", False) End If And the next page (webpartsdemo1.aspx) Dim cookey As String = ".ASPXAUTH" lblContent.Text &= "<br><br>" & Request.Cookies(cookey).Name & " Details" lblContent.Text &= "<br>path = " & Request.Cookies(cookey).Path lblContent.Text &= "<br>domain = " & Request.Cookies(cookey).Domain lblContent.Text &= "<br>expires = " & Request.Cookies(cookey).Expires lblContent.Text &= "<br>Secure only? " & Request.Cookies(cookey).Secure lblContent.Text &= "<br>HTTP only? = " & Request.Cookies(cookey).HttpOnly lblContent.Text &= "<br>Has subkeys? " & Request.Cookies(cookey).HasKeys lblContent.Text &= "<br/><br/>request authenticated? " & Request.IsAuthenticated.ToString lblContent.Text &= " Getting user<br/>Current User: " Dim muGidget As MembershipUser If Request.IsAuthenticated Then muGidget = Membership.GetUser lblContent.Text &= Membership.GetUser().UserName Else lblContent.Text &= "none found" End If Output: .ASPXAUTH Details path = / domain = expires = 12:00:00 AM Secure only? False HTTP only? = False Has subkeys? False request authenticated? False Getting user Current User: none found Sorry to go on so long. Thanks for any help you can provide.Read the article
-
jQuery Toggle with Cookie
- by Cameron
I have the following toggle system, but I want it to remember what was open/closed using the jQuery cookie plugin. So for example if I open a toggle and then navigate away from the page, when I come back it should be still open. This is code I have so far, but it's becoming rather confusing, some help would be much appreciated thanks. jQuery.cookie = function (name, value, options) { if (typeof value != 'undefined') { options = options || {}; if (value === null) { value = ''; options = $.extend({}, options); options.expires = -1; } var expires = ''; if (options.expires && (typeof options.expires == 'number' || options.expires.toUTCString)) { var date; if (typeof options.expires == 'number') { date = new Date(); date.setTime(date.getTime() + (options.expires * 24 * 60 * 60 * 1000)); } else { date = options.expires; } expires = '; expires=' + date.toUTCString(); } var path = options.path ? '; path=' + (options.path) : ''; var domain = options.domain ? '; domain=' + (options.domain) : ''; var secure = options.secure ? '; secure' : ''; document.cookie = [name, '=', encodeURIComponent(value), expires, path, domain, secure].join(''); } else { var cookieValue = null; if (document.cookie && document.cookie != '') { var cookies = document.cookie.split(';'); for (var i = 0; i < cookies.length; i++) { var cookie = jQuery.trim(cookies[i]); if (cookie.substring(0, name.length + 1) == (name + '=')) { cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); break; } } } return cookieValue; } }; // var showTop = $.cookie('showTop'); if ($.cookie('showTop') == 'collapsed') { $(".toggle_container").hide(); $(".trigger").toggle(function () { $(this).addClass("active"); }, function () { $(this).removeClass("active"); }); $(".trigger").click(function () { $(this).next(".toggle_container").slideToggle("slow,"); }); } else { $(".toggle_container").show(); $(".trigger").toggle(function () { $(this).addClass("active"); }, function () { $(this).removeClass("active"); }); $(".trigger").click(function () { $(this).next(".toggle_container").slideToggle("slow,"); }); }; $(".trigger").click(function () { if ($(".toggle_container").is(":hidden")) { $(this).next(".toggle_container").slideToggle("slow,"); $.cookie('showTop', 'expanded'); } else { $(this).next(".toggle_container").slideToggle("slow,"); $.cookie('showTop', 'collapsed'); } return false; }); and this is a snippet of the HTML it works with: <li> <label for="small"><input type="checkbox" id="small" /> Small</label> <a class="trigger" href="#">Toggle</a> <div class="toggle_container"> <p class="funding"><strong>Funding</strong></p> <ul class="childs"> <li class="child"> <label for="fully-funded1"><input type="checkbox" id="fully-funded1" /> Fully Funded</label> <a class="trigger" href="#">Toggle</a> <div class="toggle_container"> <p class="days"><strong>Days</strong></p> <ul class="days clearfix"> <li><label for="1pre16">Pre 16</label> <input type="text" id="1pre16" /></li> <li><label for="2post16">Post 16</label> <input type="text" id="2post16" /></li> <li><label for="3teacher">Teacher</label> <input type="text" id="3teacher" /></li> </ul> </div> </li>Read the article
-
best way to authenticate and consume web service using phonegap (html5/javascript)
- by Raiss
I am going to develop a phonegap application which is pretty simple. I need to implement an authentication and some simple data transfer back and forth to the phone and server. I prefer to use ASP.NET as a web service and our database is MS SQL but I am not sure what approach should I take to create a secure communication between Phonegap App and webservice. The problem with a simple AJAX request is limitation in cross-domain and I’m not sure if JSONP is a good option. I was wondering if someone can tell me what technology I should use in order to make a semi secure connection which works with PhoneGap (html5, javascript ) and .Net webservice. I understand that it’s a general question but I need to know what technology is the best in such a case. thanksRead the article
-
IE Mixed Content Warining when using https URLs and http:443 URLs?
- by Campbeln
I'm getting the good ole' "This page contains both secure and nonsecure items." dialog in IE when connecting to an HTTPS site. No big deal... I've just got something coming in over a non-secure connection so that should be an easy fix, right? So I go into "View Web Page Privacy Policy..." to look to see where I've included an HTTP file, and this is what I see... https://blah/path/to/file.htm https://blah/path/to/file.js http://blah:443/path/to/file.css Um... ok... so... there is an HTTP only URL being requested, but it is going over port 443 ("https://blah/" is shorthand for "http://blah:443/") so... What is the deal with this!? IE 7.0.5730.13 can't possibly be THAT stupid, can it? Is there an IIS setting that needs to be tweaked?Read the article
-
Can I retain a Google apps session token permanently for a specific user who logs into my google app
- by Ali
Hi guys, is it possible to retain upon authorization a single session token for a user who signs into my gogle application. CUrrently my application seems to every now and then require the user to authenticate into google apps. I think it has to do with session dying out or so. I have the following code: function getCurrentUrl() { global $_SERVER; $php_request_uri = htmlentities(substr($_SERVER['REQUEST_URI'], 0, strcspn($_SERVER['REQUEST_URI'], "\n\r")), ENT_QUOTES); if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') { $protocol = 'https://'; } else { $protocol = 'http://'; } $host = $_SERVER['HTTP_HOST']; if ($_SERVER['SERVER_PORT'] != '' && (($protocol == 'http://' && $_SERVER['SERVER_PORT'] != '80') || ($protocol == 'https://' && $_SERVER['SERVER_PORT'] != '443'))) { $port = ':' . $_SERVER['SERVER_PORT']; } else { $port = ''; } return $protocol . $host . $port . $php_request_uri; } function getAuthSubUrl($n=false) { $next = $n?$n:getCurrentUrl(); $scope = 'http://docs.google.com/feeds/documents https://www.google.com/calendar/feeds/ https://spreadsheets.google.com/feeds/ https://www.google.com/m8/feeds/ https://mail.google.com/mail/feed/atom/'; $secure = false; $session = true; //echo Zend_Gdata_AuthSub::getAuthSubTokenUri($next, $scope, $secure, $session);; return Zend_Gdata_AuthSub::getAuthSubTokenUri($next, $scope, $secure, $session).(isset($_SESSION['domain'])?'&hd='.$_SESSION['domain']:''); } function _regenerate_token() { global $BASE_URL; if(!$_SESSION['token']) { if(isset($_GET['token'])): $_SESSION['token'] = Zend_Gdata_AuthSub::getAuthSubSessionToken($_GET['token']); return; else: _regenerate_sessions(); _redirect(getAuthSubUrl($BASE_URL . '/index.php?'.$_SERVER['QUERY_STRING'])); endif; } } _regenerate_token(); I know I'm doing it all wrong here and I don't know why :( I have a CONSUMER SECRET code but only use it whereever I need to access a google service. However something is wrong with my authentication as the user has to periodically 'grant access to my application' and reauthorise himself... help pleaseRead the article
-
How easy is it to hack a plist file in an app store app?
- by user249488
Don't worry, I'm not trying to hack someone else's app, if that's what you're thinking =). I want to have 2 versions of my app, a free version and a deluxe version. My plan was to use an in-app purchase to enable the deluxe version by setting a boolean value in the plist file. My question is: is this secure or is it easily circumvented? And if it is not secure, can someone suggest a simple alternative? I don't want to download additional content, I would rather keep all of the functionality within the app and enable it somehow.Read the article
-
Commerical Billing Software?
- by Clear.Cache
Anyone know if this is proprietary or public commercial billing software? http://www.firehost.com/secure-hosting/configureRead the article
-
Cakephp doesn't write a cookie
- by radious
Hello! I have a problem with writing cookies in cakephp and even don't know how to debug it or where too look for a clue. I've inherited a project where cookie were only created using the Session component, of course i added 'Cookie' to $components array in app_controller and put this in beforeFilter: $this->Cookie->name = 'foo'; $this->Cookie->path = '/home/~nick'; $this->Cookie->domain = 'hostname'; $this->Cookie->secure = false; //i.e. only sent if using secure HTTPS $this->Cookie->key = 'some key'; and in some action i use: $this->Cookie->write('key', 'value'); I access page by http://hostname/home/~nick/foo and actually try to put even something so silly. I doesn't work. I would be really gratefully for any clue where to search problem. Thanks!Read the article
-
Handling credit cards and IOS
- by Susan Jackie
I am using NSUrlConnection asyncronous request to transmit credit card information to a secure third party server. I do the following: I get the credit card number, cvv, etc from the uitextfields. Encode the credit card information into a json format. Set as httpd body of the nsurlconnection request as follows: NSURL * url = [[NSURL URLWithString: "https://www.example.com"]; NSMutableURLRequest * request = [[NSMutableURLRequest alloc] initWithURL: url]; [request setHTTPMethod: @"POST"]; [request setValue:@"application/json" forHTTPHeaderField:@"Accept"]; [request setValue:@"application/json" forHTTPHeaderField:@"Content-Type"]; [request setHTTPBody: [NSJSONSerialization dataWithJSONObject: params options: kNilOptions error: &parseError]]; Send this information via asynchronous request to a secure third party server: [NSURLConnection sendAsynchronousRequest:request queue: queue completionHandler:^(NSURLResponse *response, NSData *data, NSError * requestError) { What should I be considering to send user credit card information to a third party server using nsurlconnection asynchronous request?Read the article
-
Flex Inheriting Logged in User
- by Nick
I am trying to secure my Flex application within my Java web application. Currently my Java web application, handles logging and managing user accounts and the like. I was wondering if there is a way to essentially share that user credentials with the Flash movie in a secure mechanism? For instance, if you log in, we want you to be able to save items in the Flex application for that user, only if that user is logged in of course. Any ideas? Any help is greatly appreciated.Read the article
-
What is this billing software?
- by Clear.Cache
Can anyone tell what billing software they're using? http://www.firehost.com/secure-hosting/configureRead the article
-
asp:Login control requests
- by Dean
Hi All, ran into an issue, we are using webforms with a site with this dir structure: root: / secure : /securepages/ we only want users who are logged in to access /securepages/. currently we are using the login control, 3.5, forms auth, all is working ok but know we have thrown assl cert into the mix and the issue is that the login control is requesting WebResource.axd?d=XukT0PE1PS-iOKw3RT8Z6g2&t=633834231612265882 from the non secure url e.g. ht tp://www.mysite.com/WebResource.axd?d=XukT0PE1PS-iOKw3RT8Z6g2&t=633834231612265882 . This causes the browser to prompt the user to download unsecure content. I am using some redirecting in the global.asax to handle redirection to https://xx xxxlogin.aspx if login.aspx it requested from http://. thanksRead the article
-
Check system security
- by jasmine
Is there any system to check that a php script is secure or not? Thanks in advanceRead the article
-
rpcbind authorization problems
- by Milan
Hy, I am using rpcbind (SunRPC) on Arch linux and python rpc.py (wich use standard python socket module) interface for comunication with it, but every time I try to send request for registration or unregistration to rpcbind I get message that I am rejected for security reasons. Only situation when everything works is that when I call rpcbind in insecure mode (rpcbind -i) but I realy want to make everything works in secure mode.I found information from rpcbind datasheet that i can make request in secure mode only from loopback address, but I have tried every aproach i had knew to make such socket and everything fall down. Please help me. Thank youRead the article
-
ASP.NET Request.ServerVariables["SERVER_PORT_SECURE"] and proxy SSL by load balancer
- by frankadelic
We have some legacy ASP.NET code that detects if a request is secure, and redirects to the https version of the page if required. This code uses Request.ServerVariables["SERVER_PORT_SECURE"] to detect if SSL is needed. Our operations team has suggested doing proxy SSL at the load balancer (F5 Big-IP) instead of on the web servers (assume for the purposes of this question that this is a requirement). The consequence would be that all requests appear as HTTP to the web server. My question: how can we let the web servers known that the incoming connection was secure before it hit the load balancer? Can we continue to use Request.ServerVariables["SERVER_PORT_SECURE"]? Do you know of a load balancer config that will send headers so that no application code changes are needed?Read the article
-
Is Eclipse Remote System Explorer broken on Windows?
- by Kev
I have the following setup on Windows 7 Ultimate x64: Eclipse Indigo 2.7.2 (Build: M20120208-0800) Remote System Explorer 3.3.2 (see screenshot) (Oracle/Sun) Java 1.6 Update 31 (x86) Despite all my best efforts I am unable to connect to a remote system (a Centos 5.6 server on my local LAN) using a Remote System Explorer SSH connection - I've tried both password authentication and using my SSH private key. Here is a screenshot of both the Eclipse error dialogue and what is logged in my /var/log/secure log file: /var/log/secure: Apr 1 12:00:21 nagios sshd[6176]: Received disconnect from 172.16.3.88: 3: com.jcraft.jsch.JSchException: Auth fail When I connect for the first time I do get prompted to verify the authenticity of the remote host and the RSA key fingerprint. But that's as far as things go. Performing the same operation with the same credentials on my Fedora Core 16 box (also running the same version of Eclipse and Java) to the same server is successful. This leads me to believe that RSE SSH support on Windows is either broken or there's some piece of the SSH-on-Windows puzzle I'm missing. Is this the case?Read the article
-
Quicken like Windows Forms application
- by WinFXGuy
Hi All, I need to build a quicken like application, where data needs to be secure. I don't see any database being used by Quicken. I could use XML, MDF or Access database, but data is not secure in the tables. What is the best option? How does Quicken handle it? My application may also have document attachments as well. The functionality of this application is similar to quicken but not an accounting/financial in functionality. Thanks a bunch!Read the article
-
IE6 https security message appearing after closing jQuery colorbox overlay
- by RyanP13
I am working on a secure site, https. I am using the colorbox jquery plugin to iframe another page from the same site over the current content. In IE6 when i close the colorbox overlay i get the following message: "This page contains both secure and nonsecure items. Do you want to display the nonsecure items?" Any ideas why this is happening? Can it be prevented? Assume i would have to make the whole site http rather than https but this is not possible as we have online payments.Read the article
-
Security in API authentication
- by Carlos
We are in the process of revamping our server side API, and we need to manage security. Our current model requires that a credentials object (containing user, password, and pin) be included in each method invocation. Our development team, however, has decided that we should have session objects instead (which is fine by me), but the new credentials are just a GUID. This is very different from what I've seen in other APIs in our industry, so I'm a bit concerned about how secure the new model will be. I asked them if they had analyzed both alternatives, and they said they haven't. Does anyone know if there're any clear advantages, disadvantages, risks, etc. of using a set of credentials versus just one element (complex as it may be)? PS: the communication channel would be secure in either case, and it's separate from this particular topicRead the article
-
What keying option does the keychain use?
- by Rudiger
I have read into the keychain and have found that it uses Triple DES. What I can't find is what keying option it uses. I am guessing / hoping that its keying option 1 where all 3 passwords are unique but if thats the case I can only think of two passwords it can use (user password and App ID that comes from your dev cert) so where is the third coming from? Is it a key private to Apple? If its keying option 2 (first and third key are the same) it might not be secure enough for our company to rely on. Although that might sound paranoid I have to justify to our security department that it is secure enough.Read the article
-
How to add SSL to subdomain that points to a different server?
- by Travis
I don't know much about secure certificates, so please bear with me... I've got a webserver that has a single domain SSL certificate https://secure.mysite.com I also have a couple of subdomains that point to different servers. http://www.mysite.com ( main server) http://subdomain.mysite.com (completely different server) I am wondering: What is the best way to add SSL to the subdomain: https://subdomain.mysite.com Is it possible to configure something like this with a wildcard certificate? Or is it better to purchase another single-domain certificate and install it on the seperate server? Are there any special considerations / pitfalls in doing something like this? Thanks, in advance, for your help.Read the article
-
Facebook Feed Dialog Returns API Error Code: 191
- by Kris
In my Facebook App I'll always get the following error : An error occurred. Please try again later. API Error Code: 191 API Error Description: The specified URL is not owned by the application Error Message: redirect_uri is not owned by the application. I just want to feed a post via button my code is function postToFeed() { // calling the API ... var obj = { method: 'feed', link: 'https://mydomain.com/', picture: 'https://mydomain.com/img/feed.png', name: 'BLABLADialog', caption: 'UeberschriftBLABLA', description: 'DescriptionBLABLA', show_error: true }; function callback(response) { document.getElementById('msg').innerHTML = "Post ID: " + response['post_id']; } FB.ui(obj, callback); } my Canvas-URL is "http://mydomain.com/" my Secure Canvas-URL is "https://mydomain.com/" my Tab-URL is "https://mydomain.com/tab.php" my Secure Tab-URL is "https://mydomain.com/tab.php" my Website with Facebook Login SITE URL is "https://mydomain.com/" so what I am doing wrong ?Read the article
-
What goes between SQL Server and Client?
- by worlds-apart89
This question is an updated version of a previous question I have asked on here. I am new to client-server model with SQL Server as the relational database. I have read that public access to SQL Server is not secure. If direct access to the database is not a good practice, then what kind of layer should be placed between the server and the client? Note that I have a desktop application that will serve as the client and a remote SQL Server database that will provide data to the client. The client will input their username and password in order to see their data. I have heard of terms like VPN, ISA, TMG, Terminal Services, proxy server, and so on. I need a fast and secure n-tier architecture. P.S. I have heard of web services in front of the database. Can I use WCF to retrieve, update, insert data? Would it be a good approach in terms of security and performance?Read the article
-
Security & Authentication: SSL vs SASL
- by 4herpsand7derpsago
My understanding is that SSL combines an encryption algorithm (like AES, DES, etc.) with akey exchange method (like Diffier-Hellman) to provide secure encryption and identification services between two endpoints on an un-secure network (like the Internet). My understanding is that SASL is an MD5/Kerberos protocol that pretty much does the same thing. So my question: what are the pros/cons to choosing both and what scenarios make both more preferable? Basically, I'm looking for a guidelines to follow when choosing SSL or to go with SASL instead. Thanks in advance!Read the article
