Search Results

Search found 13222 results on 529 pages for 'security gate'.

Page 82/529 | < Previous Page | 78 79 80 81 82 83 84 85 86 87 88 89  | Next Page >

  • How can robots beat CAPTCHAs?

    - by totymedli
    I have a website e-mail form. I use a custom CAPTCHA to prevent spam from robots. Despite this, I still get spam. Why? How do robots beat the CAPTCHA? Do they use some kind of advanced OCR or just get the solution from where it is stored? How can I prevent this? Should I change to another type of CAPTCHA? I am sure the e-mails are coming from the form, because it is sent from my email-sender that serves the form messages. Also the letter style is the same. For the record, I am using PHP + MySQL, but I'm not searching for a solution to this problem. I was interested in the general situation how the robots beat these technologies. I just told this situation as an example, so you can understand better what I'm asking about.

    Read the article

  • The server principal '<domain>\User' already exists. But it doesn’t

    - by simonsabin
    Interesting little situation occurred today, the person I was working with was trying to add a login to a server and was getting the following error. “The server principal '<domain>\User' already exists” They were using a command like this and couldn’t figure out why they were getting the error above because when they looked at the logins setup on the system the login definitely didn’t exist. CREATE LOGIN [<domain>\<user>] FROM WINDOWS WITH DEFAULT_DATABASE = [master] The...(read more)

    Read the article

  • secure offline PC storage accessible through javascript

    - by turbo2oh
    I'm attempting to build a browser-based HTML5 application that has the ability to store data locally on a PC (not mobile device) when offline. This data is sensitive and must be secure. Of course the trick is trying to find a way to be able to access the secure data with Javascript. I've ruled out browser local storage since its not secure. Could this be accomplished with a local database? If so, where could the DB credentials be stored? Javascript obviously doesn't seem like a good option to store them since its user-readable.

    Read the article

  • Good quality Secure Software Development Training [closed]

    - by Patrick
    Just had my annual appraisal and found out my company is willing to pay for training and exams etc! Woohoo (they kept that one quiet). I'm interested in doing a course on secure development techniques. Has anyone got any suggestions for good quality distance learning courses in secure development (I could probably get a couple of days off to attend a conference/ course if required)? We're mostly an MS .Net house but I have no particular allegiance to MS or any other programming language (though, obviously, C++ is the best language in the world). I have 12 years development experience working in (what are now) PCI:DSS environments, including designing and developing a key management system and I have some knowledge of basic attacks (XSS, injection etc). I would prefer a hard course I struggle with to a basic course I learn 3 things from (but hopefully get something right at my level). A quick google found these two course which look good: http://www.sans.org/course/secure-coding-net-developing-defensible-applications https://www.isc2.org/csslpedu/default.aspx I don't really know how to choose between them, and finding other courses isn't going to make that job any easier, so I thought I'd ask those who know. EDIT : Hmm, care to share the reason for your down vote, will help me learn how to use the site better...

    Read the article

  • Is having sensitive data in a PHP script secure? [closed]

    - by tkbx
    Possible Duplicate: What attributes of PHP make it insecure? I've heard that PHP is somewhat secure because Apache won't allow the download of raw PHP. Is this reliable, though? For example, if you wanted to password protect something, but didn't want to create a database, would something like $pass = "123454321"; be safe? Bottom line, is it safe to assume that nobody has access to the actual .php file?

    Read the article

  • Can a whitespace regex character be used to perform a javascript injection? [migrated]

    - by webose
    if I want to validate the input of a <textarea>, and want it to contain, for example, only numerical values, but even want to give users the possibility to insert new lines, I can selected wanted characters with a javascript regex that includes even the whitespace characters. /[0-9\s]/ The question is: do a whitecharacter can be used to perform injections, XSS,even if I think this last option is impossible, or any other type of attack ? thanks

    Read the article

  • Is the using of dirname(__FILE__) a good practice?

    - by webose
    looking at the code of Joomla I see that in the first line of the index, it defines the base path of installation with the dirname(FILE) is this a font of possible risk for the site, I mean if a non controlled error message show the internal path of the Joomla directory, because of, for example a failed include, can it be used to perform some kind of attack to the site ? If yes, is it convenient to use this function ? Any idea is welcome. Thanks

    Read the article

  • Windows 8: Paradigm Shift

    You've probably heard a lot about the loss of the Start button in Windows 8. While it isn't completely lost - you can still get to it via a convoluted path - its disappearance is merely a sign of the rethinking that went into the operating system's creation. Window 8's designers made certain assumptions while building the new system: Users will interact with the operating system predominantly through a touch interface. Users will do their computing on mobile devices, and may in fact use several different devices for the same purposes. They may even want to get work done on devices they do n...

    Read the article

  • Such thing as a free lunch

    - by red@work
    There is a lot of hard work goes on in Red Gate, no doubt. And then there are things we're asked to get involved with, that aren't hard and don't feel much like work. What? Give up our free lunch at Red Gate for. a free lunch in a pub? Within an hour, myself and a colleague are at the Railway Vue pub in nearby Impington. This is all part of Red Gate's aim to hire more Software Engineers and Test Engineers, to help Red Gate grow into one of the greatest software companies in the world (it's already the best small software development company in the UK). Phase one then - buy lunch for Cambridge. Seriously, not just the targeted engineers, but for anyone who could print the voucher and make it to the nearest of the venues, two of which happen to be pubs. We're here to watch people happily eat a free pub lunch at Red Gate's expense. We also get involved and I swear I didn't order a beer with the food but the landlord says I clearly did and I'm not one to argue. Red Gate are offering a free iPad to anyone that comes to interview for a Software Engineer or Test Engineer role. We speak to a few engineers who are genuinely interested. We speak to a couple of DBA's too, and encourage them to make speculative applications - no free iPad on offer for them, but that's not really the point. The point is, everyone should apply to work here! It's that good. We overhear someone ask if 'these vouchers really work?' They do. There's no catch. The free IPad? Again, no catch. If that's what it takes to get talented engineers through our doors for an interview, then that's all good. Once they see where we work and how we work, we think they'll want to come and work with us. The following day, Red Gate decides to repeat the offer, and that means more hard work, this time at The Castle pub. Another landlord that mishears 'mineral water' and serves me a beer. There are many more people clutching the printed vouchers and they all seem very happy to be getting a free lunch from Red Gate. "Come and work for us" we suggest, "lunch is always free!" So if you're a talented engineer, like free lunches and want a free iPad, you know what to do.

    Read the article

  • Using System.Security.SecureString in .NET Remoting App?

    - by Beaner
    I am developing a Remoting application where a client looks up store specific information to login to a web server. It sets the user name and passwords in a class that stores the properties as System.Security.SecureString. I then try to pass the class with the login credentials to a server object that uses it to connect to the web host, get and some information back. When I call the server method I this error:Type 'System.Security.SecureString' in Assembly 'mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' is not marked as serializable. The class that contains the SecureStrings is marked as serializeable, and this was working while developing until I added the SecureString properties. Is there something I need to do to make this work, or am I going to have to change SecureString to String?

    Read the article

  • CC.NET Dashboard Error: Could not load type 'System.Security.Authentication.ExtendedProtection.Chann

    - by Leslie
    Late last week I upgraded CC.NET locally and on the build server. The build server is still fine, but locally I am now getting the following error: Exception Details: Exortech.NetReflector.NetReflectorTypeLoadException: Unable to load types from assembly System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089: Failed to load 1 of the 3612 types defined in the assembly. Exceptions: - Unable to load type: System.Security.Authentication.ExtendedProtection.ChannelBinding Exception: System.TypeLoadException: Could not load type 'System.Security.Authentication.ExtendedProtection.ChannelBinding' from assembly 'System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'. I'm afraid this started after a batch of Windows updates this morning. I had another two updates that won't run, 979909 and 982168 (I had an update that wouldn't run last month). Anyone else having any issues? Thanks!

    Read the article

  • wcf data service security configuration

    - by Daniel Pratt
    I'm in the process of setting up a WCF Data Services web service and I'm trying to sort out the security configuration. Although there's quite a lot of documentation out there for configuring WCF security, a lot of it seems to be outmoded or does not apply to my scenario. Ultimately, I am planning on managing authorization of operations via change interceptors. Thus, all I really need is the simplest way to permit a client to pass credentials along with a request and to be able to authenticate those credentials against either AD or an ASP.NET membership provider (I'd much prefer the latter unless it makes things much more complicated). I'm intending to manage encryption at the transport level (i.e. HTTPS). I'm hoping that the eventual solution does not involve a huge web.config. Likewise, I'd much prefer to avoid writing custom code for the purpose of authentication.

    Read the article

  • OCR an RSA key fob (security token)

    - by user130582
    I put together a quick WinForm/embedded IE browser control which logs into our company's bank website each morning and scrapes/exports the desired deposit information (the bank is a smallish regional bank). Since we have a few dozen "pseudoaccounts" that draw from the same master account, this actually takes 10-15 minutes to retrieve. Anyway, the only problem is that our business bank account reuires an RSA security token (http://www.rsa.com/node.aspx?id=1156)--if you are not familiar, it is a small device which shows a random 6 digit number every 15(?) seconds, so I have to prompt for this value before starting. This is on top of the website's login based security model, so even if you create a read-only account that can't do anything, you still have to put the RSA number in. We have 5 of these tokens for different people in the company. From our perspective this is nusiance security. I was joking about using a web camera to OCR the digits from the key fob so they didn't have to type it in -- mainly so that the scraping/export would be done before anyone arrives in the morning. Well, they asked if I could really do it. So now I ask you, how hard (how many hours) do you think it would take to OCR these digits reliably from a JPEG image produced by the camera? I already know I can get the JPEG easily. I think you get 3 tries to log in, so it really needs to hit a 99% accuracy rate. I could work on this on my off time, but they don't want me to put more than a few hours into it, so I want to leverage as much existing code as possible. This is a 7-segment display (like an alarm clock) so it's not exactly text that an OCR package would be used to seeing. Also--there is a countdown timer on the side of the display; typically when it is down to 1 bar, you wait until the next number appears and it starts over at 5 bars (like signal strength on your cell phone). So this would need to be OCRd as well but it is not text. Anyway the more I think about it as I type this, the less convinced I am that I can truly get this right, so maybe I should just work on it in my spare time?

    Read the article

  • Security behaviour in Adobe Air

    - by t.stamm
    Hi everyone! I am trying to load external SWFs in my Adobe AIR App. The loaded SWF is trying to access an URL to retrieve some informations via XML. When starting the SWF by itself it works fine. When loading the SWF from the File.applicationStorageDirectory i will get an Security-Error because the loaded App is executed in a local-with-filesystem Sandbox appareantly. First Question: Is there a way to change this? That the loaded SWF is running in a network Sandbox? Since that first attempt didn't worked i've moved the SWF to the app:// directory. Now i'll get a Security-Error because there is no policy file on the Server available where the XML data should be retrieved. Second Question: Why is the policy file not necessary when running the SWF by itself, but is necessary when trying to load the data from the application Sandbox? What am i doing wrong? Thanks in advance!

    Read the article

  • GoDaddy and ASP.NET Security exception thrown

    - by stighy
    Hi guys, i'm having a problem when i try to host my website on godaddy. This is what i receive from website: Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. To discover the problem, i've tried changin my web.config, adding "trust level='Medium'". But i get an error when i try to access godaddy mysql server with the mysql connector. Any ideas ? Thanks in advance !

    Read the article

  • error with Security Exception

    - by Alexander
    I am getting the following error on my page: Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. The problem is with the following code SmtpClient mailClient = new SmtpClient("smtp.gmail.com", 587); What's weird is that when testing it at my localhost, everything works fine, but when I put it on my 1and1 web host it generates the error above. I contacted their support and here's their answer. We do check the error logs and the operation require a FullTrust environment which currently fall under restriction on .NET Framewor k What should I do?

    Read the article

  • actionscript calling javascript with Security Exception

    - by Jeffrey Chee
    I have a swf hosted at domain A, and I have a html at domain B My swf is able to be loaded from accessing the html at domain B. However, the swf gets a SecurityError: Error #2060: Security sandbox violation: ExternalInterface caller http://domainA.com/TrialApp.swf cannot access http://DomainB.com/. The as3 is just the below: ExternalInterface.call("javascript:_invite();"); I've also loaded the crossdomain policy file from Domain B during initialization. Security.loadPolicyFile( "http://DomainB/crossdomain.xml" ); How do I go about solving this? in my html, I have allowscriptaccess='always' Thanks in Advance

    Read the article

  • Network Security and Encryption explained in laymen terms

    - by Ehrann Mehdan
    Although I might pretend very well that I known a thing about networks or security and it might help me pass an interview, or fix a bug, I don't really feel I'm fooling anyone. I'm looking for a laymen terms explanation of nowadays network security concepts and solutions. The information is scattered around and I didn't find a resource for "dummies" like me (e.g experienced Java developers that can speak the jargon but have no real clue what it means) Topics I have a weak notion about and want to understand better as a Java developer PGP Public / Private keys RSA / DES SSL and 2 way SSL (keystore / trustore) Protecting against Man in the middle fraud Digital Signature and Certificates Is there a resource out there that really explains it in a way that doesn't require a Cisco certificate / Linux lingo / know what is subnet masking or other plumbing skills?

    Read the article

  • Security Exception while running sites using subdomain?

    - by lmenaria
    I have 3 sites : media.lmenaria.com - Hosting Images webservice.lmenaria.com - Sending images url from database. www.lmenaria.com - Host Silverlight application and display images. When I run page "http://www.lmenaria.com/silverlight.aspx". I am getting below exception. So what shpould I do ? System.Security.SecurityException: Security error. at System.Net.Browser.BrowserHttpWebRequest.InternalEndGetResponse(IAsyncResult asyncResult) at System.Net.Browser.BrowserHttpWebRequest.<c_DisplayClass5.b_4(Object sendState) at System.Net.Browser.AsyncHelper.<c_DisplayClass2.b_0(Object sendState) at System.Net.Browser.AsyncHelper.BeginOnUI(SendOrPostCallback beginMethod, Object state) at System.Net.Browser.BrowserHttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at System.Net.WebClient.GetWebResponse(WebRequest request, IAsyncResult result) at System.Net.WebClient.OpenReadAsyncCallback(IAsyncResult result) I think, my all sites runing at same domain, so I don't need crossdomain xmls. Please let me know how Can I fix it. I have tried to put corssdoamin xml media.lmenaria.com,webservice.lmenaria.com both, and working fine, but only at www.lmenaria.com not working. We are downloading images using WebClient. Thanks in advance, Laxmilal Menaria

    Read the article

  • Testing for security vulnerabilities on web applications

    - by Moak
    A lot of companies use CMS software that updates on the regular, often they are security fixes, implying that the previous version have security vulnerabilities. But most clients never upgrade this, or even the CMS has been modified so that an update would break the site. Are there sites that document these exploits, and instruct how to test for them? Or does this information not even get published? (in order not to have people try to exploit them) Also is there a generic php/js based check list to prevent hack attempts? I know about SQL injections and XSS, but I'm sure that there are more threats out there. Peace

    Read the article

  • Service Broker error message: Dialog security is unavailable for this conversation because there is

    - by yanigisawa
    I am getting this error in my sys.transmission_queue table whenever I attempt to send a SQL Service Broker message between two different SQL Server servers. (i.e. the databases are on two different physical machines) Dialog security is unavailable for this conversation because there is no security certificate bound to the database principal (Id: 5). Either create a certificate for the principal, or specify ENCRYPTION = OFF when beginning the conversation When this error refers to "database principal" what is it referring to? (the "master" database? dbo user?) I've used the CREATE CERTIFICATE command, backed up the certificate and created a same named certificate on the other server with the backup .cer file from the first server, but I keep getting this message. Any help would be appreciated in getting me pointed in the right direction. I must be missing something obvious. FYI, in my development environment, both the initiating and target databases were on the same physical server, and same SQL instance, and everything was working fine.

    Read the article

< Previous Page | 78 79 80 81 82 83 84 85 86 87 88 89  | Next Page >