Search Results

Search found 68155 results on 2727 pages for 'data security'.

Page 82/2727 | < Previous Page | 78 79 80 81 82 83 84 85 86 87 88 89 | Next Page >

Fuzzing for Security

- by Sylvain Duloutre

Yesterday, I attended an internal workshop about ethical hacking. Hacking skills like fuzzing can be used to quantitatively assess and measure security threats in software. Fuzzing is a software testing technique used to discover coding errors and security loopholes in software, operating systems or networks by injecting massive amounts of random data, called fuzz, to the system in an attempt to make it crash. If the program contains a vulnerability that can leads to an exception, crash or server error (in the case of web apps), it can be determined that a vulnerability has been discovered.A fuzzer is a program that generates and injects random (and in general faulty) input to an application. Its main purpose is to make things easier and automated.There are typically two methods for producing fuzz data that is sent to a target, Generation or Mutation. Generational fuzzers are capable of building the data being sent based on a data model provided by the fuzzer creator. Sometimes this is simple and dumb as sending random bytes, swapping bytes or much smarter by knowing good values and combining them in interesting ways.Mutation on the other hand starts out with a known good "template" which is then modified. However, nothing that is not present in the "template" or "seed" will be produced.Generally fuzzers are good at finding buffer overflow, DoS, SQL Injection, Format String bugs etc. They do a poor job at finding vulnerabilites related to information disclosure, encryption flaws and any other vulnerability that does not cause the program to crash. Fuzzing is simple and offers a high benefit-to-cost ratio but does not replace other proven testing techniques.What is your computer doing over the week-end ?

Read the article
Top 25 security issues for developers of web sites

- by BizTalk Visionary

Sourced from: CWE This is a brief listing of the Top 25 items, using the general ranking. NOTE: 16 other weaknesses were considered for inclusion in the Top 25, but their general scores were not high enough. They are listed in the On the Cusp focus profile. Rank Score ID Name [1] 346 CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') [2] 330 CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') [3] 273 CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') [4] 261 CWE-352 Cross-Site Request Forgery (CSRF) [5] 219 CWE-285 Improper Access Control (Authorization) [6] 202 CWE-807 Reliance on Untrusted Inputs in a Security Decision [7] 197 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [8] 194 CWE-434 Unrestricted Upload of File with Dangerous Type [9] 188 CWE-78 Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') [10] 188 CWE-311 Missing Encryption of Sensitive Data [11] 176 CWE-798 Use of Hard-coded Credentials [12] 158 CWE-805 Buffer Access with Incorrect Length Value [13] 157 CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion') [14] 156 CWE-129 Improper Validation of Array Index [15] 155 CWE-754 Improper Check for Unusual or Exceptional Conditions [16] 154 CWE-209 Information Exposure Through an Error Message [17] 154 CWE-190 Integer Overflow or Wraparound [18] 153 CWE-131 Incorrect Calculation of Buffer Size [19] 147 CWE-306 Missing Authentication for Critical Function [20] 146 CWE-494 Download of Code Without Integrity Check [21] 145 CWE-732 Incorrect Permission Assignment for Critical Resource [22] 145 CWE-770 Allocation of Resources Without Limits or Throttling [23] 142 CWE-601 URL Redirection to Untrusted Site ('Open Redirect') [24] 141 CWE-327 Use of a Broken or Risky Cryptographic Algorithm [25] 138 CWE-362 Race Condition Cross-site scripting and SQL injection are the 1-2 punch of security weaknesses in 2010. Even when a software package doesn't primarily run on the web, there's a good chance that it has a web-based management interface or HTML-based output formats that allow cross-site scripting. For data-rich software applications, SQL injection is the means to steal the keys to the kingdom. The classic buffer overflow comes in third, while more complex buffer overflow variants are sprinkled in the rest of the Top 25.

Read the article
what is a data serialization system?

- by Yang

according to Apache AVRO project, "Avro is a serialization system". By saying data serialization system, does it mean that avro is a product or api? also, I am not quit sure about what a data serialization system is? for now, my understanding is that it is a protocol that defines how data object is passed over the network. Can anyone help explain it in an intuitive way that it is easier for people with limited distributed computing background to understand? Thanks in advance!

Read the article
Help Reading Binary Image Data from SQL Server into PHP

- by Joe Majewski

I cannot seem to figure out a way to read binary data from SQL server into PHP. I am working on a project where I need to be able to store the image directly in the SQL table, not on the file system. Currently, I have been using a query like this one: INSERT INTO myTable(Document) SELECT * FROM OPENROWSET(BULK N'C:\image.jpg', SINGLE_BLOB) as BLAH This works fine to actually insert the image into the table, but I haven't yet figured a way to retrieve it and get my image back. I am doing this with PHP, and ultimately will have to make a stored procedure out of it, but can anyone enlighten me on a way to get that binary data (varbinary(MAX)) and generate an image on the fly. I expected it to be simple to use a SELECT statement and add a content-type to the headers that indicated it was an image, but it's simply not working. Instead, the page will just display the name of the file, which I have encountered in the past and understand it to be an error with the image data.

Read the article
iPhone: Best Method for Passing Data to and from a Server

- by SAPNA

I am developing an iPhone application that downloads data from a website. The website database is implemented in SQL and the site itself uses the classic ASP interface. I am unsure as to which method would be best for transferring data to and from the server. Both JSON and SOAP require XML processing and I'm not sure how that affects performance or which of those two is best. What would be the best method in general for data transfer given the server configuration we currently have? I very new to this field and I'm a bit confused. Any help would be appreciated.

Read the article
Selecting Entity Data Model Laguage -- Visual C# source file generated even when i select VB

- by Nickson

Am adding an Entity Data Model to an ASP.NET website. When i Add New Item to the website and select ADO.NET Entity Data Model, am asked for the model name and language. I go a head and select Visual Basic as the language, the model is added and the site can compile with out any issues. however, the model it adds a ModelName.Designer.cs source file, instead of a ModelName.Designer.vb source file. am thinking this is strange as its happening with only one of my website. my other sites have .vb designer source file for their Entity Data Models. The site still compiles with out any errors but am afraid some thing is not right. any one experienced this?, is this normal behavior?

Read the article
AIF or Data Migration Framework [AX 2012]

- by Tito

I was importing some entities to AX 2012 using AIF and consuming the web services through an C# ASP.Net application. I already made it for Customers,Vendors,Workers,Chart of Accounts and now starting General Journals. Some customization I could find a workaround using the AIF Document Service Wizard: Creating the DUNS number using a service for the DirDunsNumber table, later associating the customer with the new created DUNS Number. On the Products data migration will need a lot of customization like this. This month I heard the annoucement that there is this new framework (Data Migration Framework), still in beta version. I would like to know if the Data Migration Framework would cover all of these customizations ? What are the advantages of this new framework over AIF ?

Read the article
cleaned_data() doesn't have some of the entered data

- by SC Ghost

I have a simple form for a user to enter in Name (CharField), Age(IntegerField), and Sex(ChoiceField). However the data that is taken from the Sex choice field is not showing up in my cleaned_data(). Using a debugger, I can clearly see that the data is being received in the correct format but as soon as I do form.cleaned_data() all sign of my choice field data is gone. Any help would be greatly appreciated. Here is the relative code: class InformationForm(forms.Form): Name = forms.CharField() Age = forms.IntegerField() Sex = forms.ChoiceField(SEX_CHOICES, required=True) def get_information(request, username): if request.method == 'GET': form = InformationForm() else: form = RelativeForm(request.POST) if form.is_valid(): relative_data = form.cleaned_data

Read the article
SQL Server 2008 - Script Data as Insert Statements from SSIS Package

- by Brandon King

SQL Server 2008 provides the ability to script data as Insert statements using the Generate Scripts option in Management Studio. Is it possible to access the same functionality from within a SSIS package? Here's what I'm trying to accomplish... I have a scheduled job that nightly scripts out all the schema and data for a SQL Server 2008 database and then uses the script to create a "mirror copy" SQLCE 3.5 database. I've been using Narayana Vyas Kondreddi's sp_generate_inserts stored procedure to accomplish this, but it has problems with some datatypes and greater-than-4K columns (holdovers from SQL Server 2000 days). The Script Data function looks like it could solve my problems, if only I could automate it. Any suggestions?

Read the article
How does jQuery .data() work?

- by kazanaki

My Javascript knowledge is pretty limited. Instead of asking several javascript questions I got the "message" from Stack overflow and started using jQuery right away in order to save me some time. However several times I do not undestand the "magic" behind jQuery and I would love to learn the details. I want to use .data() in my application. The examples are very helpful. I do not understand however WHERE these values are stored. I inspect the webpage with Firebug and as soon as .data() saves an object to a dom element, I do not see any change in Firebug (either HTML or Dom tabs). I tried to look at jQuery source, but it is very advanced for my Javascript knowledge and I lost myself. So the question is: Where do the values stored by jQuery.data() actually go? Can I inspect/locate/list/debug them using a tool?

Read the article
jQuery.post dynamic data callback function

- by FFish

I have a script that requires quite e few seconds of processing, up to about minute. The script resizes an array of images, sharpens them and finally zips them up for the user to download. Now I need some sort of progress messages. I was thinking that with jQuery's .post() method the data from the callback function would progressively update, but that doesn't seem to work. In my example I am just using a loop to simulate my script: $(document).ready(function() { $('a.loop').click(function() { $.post('loop.php', {foo:"bar"}, function(data) { $("div").html(data); }); return false; }); }); loop.php: for ($i = 0; $i <= 100; $i++) { echo $i . "<br />"; } echo "done";

Read the article
WPF/.NET data access models - resource recommendations

- by jasonk

We're in the early design/prep phases of transferring/updating a rather large "legacy" 3 tier client-server app to a new version. We’re looking at doing WPF over Winforms as it appears to be the direction Microsoft is pushing development of the future and we’d like the maximize the life cycle/span of the apps. That said during the rewrite we’d like to make as many changes to our data access/presentation model to improve performance as much as possible up front as many. I’ve been doing some research along that vein but the vast majority of the resources I've found that discuss WPF focus only simple data tracking apps or focus on the very basics UI design/controls. The few items that even discuss data presentation are fairly elementary in depth. Are there any books/articles/recommended reading/other resources recommended for development related to large enterprise level business apps? Any “gotchas” that should/could be avoided? General advice to minimize the time underwater

Read the article
Security in Robots and Automated Systems

- by Roger Brinkley

Alex Dropplinger posted a Freescale blog on Securing Robotics and Automated Systems where she asks the question,“How should we secure robotics and automated systems?”.My first thought on this was duh, make sure your robot is running Java. Java's built-in services for authentication, authorization, encryption/confidentiality, and the like can be leveraged and benefit robotic or autonomous implementations. Leveraging these built-in services and pluggable encryption models of Java makes adding security to an exist bot implementation much easier. But then I thought I should ask an expert on robotics so I fired the question off to Paul Perrone of Perrone Robotics. Paul's build automated vehicles and other forms of embedded devices like auto monitoring of commercial vehicles on highways.He says that most of the works that robots do now are autonomous so it isn't a problem in the short term. But long term projects like collision avoidance technology in automobiles are going to require it.Some of the work he's doing with his Java-based MAX, set of software building blocks containing a wide range of low level and higher level software modules that developers can use to build simple to complex robot and automation applications faster and cheaper, already provide some support for JAUS compliance and because their based on Java, access to standards based security APIs.But, as Paul explained to me, "the bottom line is…it depends on the criticality level of the bot, it's network connectivity, and whether or not a standards compliance is required."

Read the article
CORE DATA objectId changes constantly

- by mongeta

Hello, I have some data that I export into an XML file and put in a remote FTP Server. I have to identified each object with a unique attribute, it doesn't matter wich is, but must be persistent always = it can never change. I don't want to create a unique attribute, sequence, serial, etc. I'm using the objectID but every time I use it a get a new reference. I know that before the object has been saved, it has a 'temporal id', but once it's saved, it gets the definitive. I'm not seeing this, never. When I export, just fetch all data and loop, and always I get a new reference: NSURL *objectID = [[personalDataObject objectID] URIRepresentation]; // some of id received for the SAME OBJECT (no changes made, saved, ...) // 61993296 // 62194624 thanks, r. edit I was using %d instead of %@, now the returned data is: x-coredata://F46F3300-8FED-4876-B0BF-E4D2A9D80913/DataEntered/p1 x-coredata://F46F3300-8FED-4876-B0BF-E4D2A9D80913/DataEntered/p2

Read the article
mysql data type confusion

- by zen

So this is more of a generalized question about MySQLs data types. I'd like to store a 5-digit US zip code (zip_code) properly in this example. A county has 10 different cities and 5 different zip codes. city | zip code -------+---------- city 0 | 33333 city 1 | 11111 city 2 | 22222 city 3 | 33333 city 4 | 44444 city 5 | 55555 city 6 | 33333 city 7 | 33333 city 8 | 44444 city 9 | 22222 I would typically structure a table like this as varchar(50), int(5) and not think twice about it. (1) If we wanted to ensure that this table had only one of 5 different zip codes we should use the enum data type, right? Now think of a similar scenario on a much larger scale. In a state, there are five-hundred cities with 418 different zip codes. (2) Should I store 418 zip codes as an enum data type OR as an int and create another table to reference?

Read the article
Can you Export/Import Flex (4) Data Services?

- by mkraken

Flex newb here. I'm working in flashbuilder 4 (flex4?), and am being asked to create the client-side data services integration 'layer' in a flex app. There is another team working on the actual UI/Presentation. Both parts must be deployed in a single swf. If I use the data/services wizard to build out my service connections (and generate the ActionScript), is it possible to export these 'connections' so that they can easily be imported into another project? Or must they be defined through the wizard all over again? The other team wants to be able to see the connections appear in the new project's Data/Services inspector (IDE Tab). Thanks!

Read the article
Managing changes in memory-based data format

- by kamziro

So I've been using a compact data type in c++, and saving from memory or loading from the file involves just copying the bits of memory in and out. However, the obvious drawback of this is that if you need to add/remove elements on the data, it becomes kind of messy. There's also problems with versioning, suppose you distribute a program which uses version A of the data, and then the next day you make version B of it, and then later on version C. I suppose this can be solved by using something like xml or json. But suppose you can't do that for technical reasons. What is the best way to do this, apart from having to make different if cases etc (which would be pretty ugly, I'd imagine)

Read the article
Error in Using Dynamic Data Entities WebSite in VS2012

- by amin behzadi

I decided to use Dynamic Data Entities website in vs2012. So, I created this website,then added App_Code directory and added a new edmx to it and named it myDB.edmx. After that I uncommented the code line in global.asax which registers the entity context : DefaultModel.RegisterContext(typeof(myDBEntities), new ContextConfiguration() { ScaffoldAllTables = true }); But when I run the website this error occurs : The context type 'myDBEntities' is not supported. how can I fix it? p.s: You now there are some differences between using L2S by Dynamic Data L2S website AND using entity framework by Dynamic Data Entities website.

Read the article
Migrating a Core Data Store from iCloud to local

- by schmok

I'm currently struggling with Core Data iCloud migration. I want to move a store from an iCloud ubiquity container (.nosync) to a local URL. Problem is whenever I call something like this: NSPersistentStore *newStore = [self.persistentStoreCoordinator migratePersistentStore: currentiCloudStore toURL: localURL options: nil withType: NSSQLiteStoreType error: &error]; I get this error: -[NSPersistentStoreCoordinator addPersistentStoreWithType:configuration:URL:options:error:](1055): CoreData: Ubiquity: Error: A persistent store which has been previously added to a coordinator using the iCloud integration options must always be added to the coordinator with the options present in the options dictionary. If you wish to use the store without iCloud, migrate the data from the iCloud store file to a new store file in local storage. file://localhost/Users/sch/Library/Containers/bla/Data/Documents/tmp.sqlite. This will be a fatal error in a future release Anyone ever seen this error? Maybe I'm just missing the right migration options?

Read the article
Problems persisting Core Data structures on iPhone/iPad

- by Rivier

I have an iPhone/iPad app using Core Data to keep my application data. Sometimes, even though I don't get any error messages, the data is not really saved so when the app starts anew, it's all gone. This problem seems to disappear after physically rebooting the device, but otherwise it's pretty random and hard to track. Has anyone seen a similar issue? Also, it seems to happen more often in the iPhone 1st generation, less so in the 3G/3GS, and seldom in the iPad. Very strange...

Read the article
Program-wide data, C++

- by bobobobo

I'd like to make program-wide data in a C++ program. The easiest way to do it in C# is just public static members. C#: public static class DataContainer { public static Object data1 ; public static Object data2 ; } In C++ you can do the same thing C++ global data way#1: class DataContainer { public: static Object data1 ; static Object data2 ; } ; Object DataContainer::data1 ; Object DataContainer::data2 ; However there's also extern C++ global data way #2: class DataContainer { public: Object data1 ; Object data2 ; } ; extern DataContainer * dataContainer ; // instantiate in .cpp file Which is better, or possibly another way which I haven't thought about?

Read the article
R: Converting a list of data frames into one data frame

- by JD Long

I have code that at one place ends up with a list of data frames which I really want to convert to a single big data frame. I got some pointers from an earlier question which was trying to do something similar but more complex. Here's an example of what I am starting with (this is grossly simplified for illustration): listOfDataFrames <- NULL for (i in 1:100) { listOfDataFrames[[i]] <- data.frame(a=sample(letters, 500, rep=T), b=rnorm(500), c=rnorm(500)) } I am currently using this: df <- do.call("rbind", listOfDataFrames) *EDIT* whoops. In my haste to implement what I had "learned" in a previous question I totally screwed up. Yes, the unlist() is just plain wrong. I'm editing that out of the question above.

Read the article
Oracle BI Mobile Security Toolkit For iPad Available for Download

- by Mike.Hallett(at)Oracle-BI&EPM

Normal 0 false false false EN-GB X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} Oracle BI Mobile Security Toolkit for Apple iPad is now available for download from the Oracle Technology Network here. This toolkit provides the ability to generate a signed version of the Oracle BI Mobile HD application; making use of Apple’s Xcode and the IOS SDKs. With this, partners and customers can get the unsigned, unpacked version of the Oracle BI Mobile app, and combine it with a third-party mobile security vendor of your choice to create a more secure, “containerized” version of Oracle BI Mobile.

Read the article
How can I use a custom configured RememberMeAuthenticationFilter in spring security?

- by Sebastian

I want to use a slightly customized rememberme functionality with spring security (3.1.0). I declare the rememberme tag like this: <security:remember-me key="JNJRMBM" user-service-ref="gymUserDetailService" /> As I have my own rememberme service I need to inject that into the RememberMeAuthenticationFilter which I define like this: <bean id="rememberMeFilter" class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter"> <property name="rememberMeServices" ref="gymRememberMeService"/> <property name="authenticationManager" ref="authenticationManager" /> </bean> I have spring security integrated in a standard way in my web.xml: <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> Everything works fine, except that the RememberMeAuthenticationFilter uses the standard RememberMeService, so I think that my defined RememberMeAuthenticationFilter is not being used. How can I make sure that my definition of the filter is being used? Do I need to create a custom filterchain? And if so, how can I see my current "implicit" filterchain and make sure I use the same one except my RememberMeAuthenticationFilter instead of the default one? Thanks for any advice and/or pointers!

Read the article
How to reduce the number of points in (x,y) data

- by Gowtham

I have a set of data points: (x1, y1) (x2, y2) (x3, y3) ... (xn, yn) The number of sample points can be thousands. I want to represent the same curve as accurately as possible with minimal (lets suppose 30) set of points. I want to capture as many inflection points as possible. However, I have a hard limit on the number of allowed points to represent the data. What is the best algorithm to achieve the same? Is there any free software library that can help? PS: I have tried to implement relative slope difference based point elimination, but this does not always result in the best possible data representation. Thanks for your time. -Gowtham

Read the article

< Previous Page | 78 79 80 81 82 83 84 85 86 87 88 89 | Next Page >