Search Results

Search found 30819 results on 1233 pages for 'software security'.

Page 85/1233 | < Previous Page | 81 82 83 84 85 86 87 88 89 90 91 92  | Next Page >

• MVP Pattern Philsophical Question - Security Checking in UI

  - by Brian

  Hello, I have a philosophical question about the MVP pattern: I have a component that checks whether a user has access to a certain privilege. This privilege turns on or off certain UI features. For instance, suppose you have a UI grid, and for each row that gets bound, I do a security check to see if certain features in the grid should be enabled or disabled. There are two ways to do this: have the UI/view call the component's method, determine if it has access, and enable/disable or show/hide. The other is have the view fire an event to the presenter, have the presenter do the check and return the access back down to the view through the model or through the event arg. As per the MVP pattern, which component should security checks fit into, the presenter or the view? Since the view is using it to determine its accessibility, it seems more fitting in the view, but it is doing database checks and all inside this business component, and there is business logic there, so I can see the reverse argument too. Thoughts? Thanks.

  Read the article

• Top 25 security issues for developers of web sites

  - by BizTalk Visionary

  Sourced from: CWE This is a brief listing of the Top 25 items, using the general ranking. NOTE: 16 other weaknesses were considered for inclusion in the Top 25, but their general scores were not high enough. They are listed in the On the Cusp focus profile. Rank Score ID Name [1] 346 CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') [2] 330 CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') [3] 273 CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') [4] 261 CWE-352 Cross-Site Request Forgery (CSRF) [5] 219 CWE-285 Improper Access Control (Authorization) [6] 202 CWE-807 Reliance on Untrusted Inputs in a Security Decision [7] 197 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [8] 194 CWE-434 Unrestricted Upload of File with Dangerous Type [9] 188 CWE-78 Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') [10] 188 CWE-311 Missing Encryption of Sensitive Data [11] 176 CWE-798 Use of Hard-coded Credentials [12] 158 CWE-805 Buffer Access with Incorrect Length Value [13] 157 CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion') [14] 156 CWE-129 Improper Validation of Array Index [15] 155 CWE-754 Improper Check for Unusual or Exceptional Conditions [16] 154 CWE-209 Information Exposure Through an Error Message [17] 154 CWE-190 Integer Overflow or Wraparound [18] 153 CWE-131 Incorrect Calculation of Buffer Size [19] 147 CWE-306 Missing Authentication for Critical Function [20] 146 CWE-494 Download of Code Without Integrity Check [21] 145 CWE-732 Incorrect Permission Assignment for Critical Resource [22] 145 CWE-770 Allocation of Resources Without Limits or Throttling [23] 142 CWE-601 URL Redirection to Untrusted Site ('Open Redirect') [24] 141 CWE-327 Use of a Broken or Risky Cryptographic Algorithm [25] 138 CWE-362 Race Condition Cross-site scripting and SQL injection are the 1-2 punch of security weaknesses in 2010. Even when a software package doesn't primarily run on the web, there's a good chance that it has a web-based management interface or HTML-based output formats that allow cross-site scripting. For data-rich software applications, SQL injection is the means to steal the keys to the kingdom. The classic buffer overflow comes in third, while more complex buffer overflow variants are sprinkled in the rest of the Top 25.

  Read the article

• How to update Adobe's software unattendedly?

  - by jubel

  I would like to use unattended-upgrade to update the Adobe Reader, Flash Player and everything else of the Canonical partners. There fore, I added in /etc/apt/apt.conf.d/50unattended-upgrades Unattended-Upgrade::Allowed-Origins { "${distro_id} ${distro_codename}-security"; "${distro_id} ${distro_codename}-updates"; "Canonical ${distro_codename}"; // "${distro_id} ${distro_codename}-proposed"; // "${distro_id} ${distro_codename}-backports"; }; sudo unattended-upgrade --dry-run -d says Initial blacklisted packages: Starting unattended upgrades script Allowed origins are: ['o=Ubuntu,a=oneiric-security', 'o=Ubuntu,a=oneiric-updates', 'o=Canonical,a=oneiric'] Checking: acroread-common (["<Origin component:'partner' archive:'' origin:'' label:'' site:'archive.canonical.com' isTrusted:False>"]) Checking: adobe-flash-properties-gtk (["<Origin component:'partner' archive:'' origin:'' label:'' site:'archive.canonical.com' isTrusted:False>"]) Checking: adobe-flashplugin (["<Origin component:'partner' archive:'' origin:'' label:'' site:'archive.canonical.com' isTrusted:False>"]) Checking: adobereader-deu (["<Origin component:'partner' archive:'' origin:'' label:'' site:'archive.canonical.com' isTrusted:False>"]) Checking: handbrake-cli (["<Origin component:'main' archive:'oneiric' origin:'LP-PPA-stebbins-handbrake-snapshots' label:'HandBrake Snapshots' site:'ppa.launchpad.net' isTrusted:True>"]) Checking: handbrake-gtk (["<Origin component:'main' archive:'oneiric' origin:'LP-PPA-stebbins-handbrake-snapshots' label:'HandBrake Snapshots' site:'ppa.launchpad.net' isTrusted:True>"]) Checking: sopcast-player (["<Origin component:'main' archive:'oneiric' origin:'LP-PPA-ferramroberto-sopcast' label:'LffL Sopcast' site:'ppa.launchpad.net' isTrusted:True>"]) pkgs that look like they should be upgraded: Fetched 0 B in 0s (0 B/s) blacklist: [] InstCount=0 DelCount=0 BrokenCout=0 No packages found that can be upgraded unattended And it won't update. How can I update the third-party software automatically?

  Read the article

• Security in Robots and Automated Systems

  - by Roger Brinkley

  Alex Dropplinger posted a Freescale blog on Securing Robotics and Automated Systems where she asks the question,“How should we secure robotics and automated systems?”.My first thought on this was duh, make sure your robot is running Java. Java's built-in services for authentication, authorization, encryption/confidentiality, and the like can be leveraged and benefit robotic or autonomous implementations. Leveraging these built-in services and pluggable encryption models of Java makes adding security to an exist bot implementation much easier. But then I thought I should ask an expert on robotics so I fired the question off to Paul Perrone of Perrone Robotics. Paul's build automated vehicles and other forms of embedded devices like auto monitoring of commercial vehicles on highways.He says that most of the works that robots do now are autonomous so it isn't a problem in the short term. But long term projects like collision avoidance technology in automobiles are going to require it.Some of the work he's doing with his Java-based MAX, set of software building blocks containing a wide range of low level and higher level software modules that developers can use to build simple to complex robot and automation applications faster and cheaper, already provide some support for JAUS compliance and because their based on Java, access to standards based security APIs.But, as Paul explained to me, "the bottom line is…it depends on the criticality level of the bot, it's network connectivity, and whether or not a standards compliance is required."

  Read the article

• Secunia Personal Software Inspector (PSI) 2.0

  - by TATWORTH

  Secunia Personal Software Inspector is now available in a updated version that is free for personnal use. The home page says "The Secunia PSI is aFREE security tool designed to detectvulnerable andout-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly "popular" among criminals. The only solution to block these kind of attacks is to apply security updates, commonly referred to as patches. Patches are offered free-of-charge by most software vendors, however, finding all these patches is a tedious and time consuming task. Secunia PSI automates this and alerts you when your programs and plug-ins require updating to stay secure. Download the Secunia PSI now and secure your PC today - free-of-charge." I have used this for some time on my home PC and have found it to be very useful in identifying required updates. I use Google Chrome but I found that whenever a new version is issued, the old version is not de-installed. Secunia PSI helps me to locate them and get rid of them.

  Read the article

• Oracle BI Mobile Security Toolkit For iPad Available for Download

  - by Mike.Hallett(at)Oracle-BI&EPM

  Normal 0 false false false EN-GB X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} Oracle BI Mobile Security Toolkit for Apple iPad is now available for download from the Oracle Technology Network here. This toolkit provides the ability to generate a signed version of the Oracle BI Mobile HD application; making use of Apple’s Xcode and the IOS SDKs. With this, partners and customers can get the unsigned, unpacked version of the Oracle BI Mobile app, and combine it with a third-party mobile security vendor of your choice to create a more secure, “containerized” version of Oracle BI Mobile.

  Read the article

• How can I use a custom configured RememberMeAuthenticationFilter in spring security?

  - by Sebastian

  I want to use a slightly customized rememberme functionality with spring security (3.1.0). I declare the rememberme tag like this: <security:remember-me key="JNJRMBM" user-service-ref="gymUserDetailService" /> As I have my own rememberme service I need to inject that into the RememberMeAuthenticationFilter which I define like this: <bean id="rememberMeFilter" class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter"> <property name="rememberMeServices" ref="gymRememberMeService"/> <property name="authenticationManager" ref="authenticationManager" /> </bean> I have spring security integrated in a standard way in my web.xml: <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> Everything works fine, except that the RememberMeAuthenticationFilter uses the standard RememberMeService, so I think that my defined RememberMeAuthenticationFilter is not being used. How can I make sure that my definition of the filter is being used? Do I need to create a custom filterchain? And if so, how can I see my current "implicit" filterchain and make sure I use the same one except my RememberMeAuthenticationFilter instead of the default one? Thanks for any advice and/or pointers!

  Read the article

• What can I do to prevent my user folder from being tampered with by malicious software?

  - by Tom Wijsman

  Let's assume some things: Back-ups do run every X minutes, yet the things I save should be permanent. There's a firewall and virus scanner in place, yet there happens to be a zero day attack on me. I am using Windows. (Although feel free to append Linux / OS X parts to your answer) Here is the problem Any software can change anything inside my user folder. Tampering with the files could cost me my life, whether it's accessing / modifying or wiping them. So, what I want to ask is: Is there a permission-based way to disallow programs from accessing my files in any way by default? Extending on the previous question, can I ensure certain programs can only access certain folders? Are there other less obtrusive ways than using Comodo? Or can I make Comodo less obtrusive? For example, the solution should be proof against (DO NOT RUN): del /F /S /Q %USERPROFILE%

  Read the article

• What would happen in a Software Raid 1 of one HDD and one SSD?

  - by Adrian Grigore

  Hi, I'm running my Windows 7 installation and all of my apps from an SSD for performance reasons. Since SSD's can instantly die at any moment, I'm looking for some kind of data backup strategy. Right Now I regularly backing up the drive image on a hard disk, but that only happens once per day, which is not enough for my taste. So I got an idea: What if I created a software raid 1 of the SSD and partition on my Hard disk? All data would be mirrored on both drives, making this a lot safer. But what about performance? Will Windows 7 detect that the SSD is faster than the hard drive and always read from the SSD? Or will it randomly read from both, thus reducing read performance? Thanks, Adrian Edit: I just found this article which basically answers my question. Feel free to close this post.

  Read the article

• Create mirror software raid with bad blocks hdd. How to check data integrity?

  - by rumburak

  There is error in System event log like this one: "The device, \Device\Harddisk1\DR1, has a bad block." Because of above I created Raid 1 on this disk and other one. I'm using Windows Server 2008 R2 software RAID volumes. Volume in Disk Manager is marked as "Failed Redundancy" and "At Risk". I could command to "Reactivate Disk" and it's starts to re-sync, but after a while it stops and returns to previous state. It stops re-sync on bad block on old disk and creates same error in System event log. Old disk status is Errors, new disk status is Online. How can I check that there is exact copy of the old disk on new one ? It is server machine so I would prefer to keep it running during this check.

  Read the article

• Best Practices: How can admin deploy software to 100s of PC ?

  - by Gopal

  Hi ... The Environment: I am working for a college. We have a couple of labs (about 100 PCs) for students. At the end of the semester, the PCs will be full of viruses, corrupt system files, all sorts of illegal downloads etc. (everything you can expect from a student environment). At the end of the semester, we would like to wipe out all the systems and do a clean install (WindowsXP + a set of application suites) to get ready for the next batch of students. Question: Is there any free software that will enable an admin to deploy a clean disk image to all the PCs in one go?

  Read the article

• How to change the security level of a local assembly to internet or customized permission set?

  - by Jamebo

  I built a assembly which is a class library, for example lib.dll . And I also have a application to access this lib, for example test.exe. I changed the security permission for the test.exe to "intranet". At the same time, I want to change lib.dll to "Internet" like this: (Because I want to do some testing for security.) CasPol.exe -m -ag 1.2 -strong -file lib.dll lib 1.0.0.0 Internent But it seems the lib.dll can not get the security permission as I wanted. What is wrong with the command? Or maybe there are some other better solutions? Thanks -Jamebo

  Read the article

• What is the best free software to learn touch-typing?

  - by gojira

  What is the best free software to learn touch-typing? Features it needs to have: should NOT display the keyboard layout on the screen! should give detailed statistics which actually measure progress (for which key do I have the highest error rate, graphs showing how typing speed improved over time, etc) should enable me to actually learn touch-typing in about one long weekend were I don't do much else than learning to touch-type. it would be very good if it were possible to load a text-file and the program will use words from the text-file for the exercises as well My goals are: at least same typing speed as I have now but which touch-typing, want to be able to look at the screen only when typing P.S.: EDIT: I forgot to mention, I'm using Win 7. And I know what the Dvorak and Colemak keyboard layouts are, but I'm not interested in them. My question was with respect to standard US keyboard layout.

  Read the article

• How to view status of software RAID 1 resynching?

  - by tputkonen

  I have two 500 GB disks and yesterday I mirrored first drive to the second one using software RAID 1. PC has now been on for 30 hours. Both disks say "Resynching", but there is no progress indicator. In addition, there is a small yellow exclamation mark on both disks. My questions are: How long could the synch take for 500 GB drive with about 150 GB of data? PC has 4 GBs of RAM and AMD dual core 4000+ Is there a way to monitor status of the synching? How can I check what the exclamation mark means?

  Read the article

• Software RAID to hardware RAID, can it be done?

  - by gtaylor85

  Can it be done ... well. (For the record, I did not set this server up.) In my server there are 4 disks. 3 of them are in a software RAID5, and 1 has the OS installed. I want to buy a RAID controller, 4 new HDs and set up a hardware RAID5. If possible, I'd like to just image the current setup, and use it to build my new one. My questions are: Can I image a 3 disk RAID5 to 4 disk RAID5? Are there problems with this? What is considered best practice for your OS. To have it on a separate disk like it currently is, or to install it on the RAID5? Thank you. I can clarify anything. I'm not sure what other info might be pertinent.

  Read the article

• I've created a software RAID on SUSE EL 10 and now I need to monitor it.......

  - by Thomas B.

  I have created a Software Raid using the yast2 GUI on SUSE ES 10/11. The raid works great and it's a raid 5. I have 5 Drives they are cheap 2GB Cases that have 2 - 1TB Drives in each case (Serial ATA Drives) and I connect them in via Esata to the motherboard. The problem I have as this is "cheap" storage when of the the 5 drives goes out on the RAID I seem to have no logs of any issues and it get's harder and harder to write to it until it dies. I use SAMBA to mount the 4TB parition to my PC's in my home on a GIG network. My question is this, are there any good (Free) tools in Linux to monitor a raid or the drives on the raid to detect any problems??? I haven't found any yet and was just wondering if some exist.

  Read the article

• Commercial NAS RAID1 disks moved to Software Raid system?

  - by Rolnik

  I've got a couple of commercial NAS boxes and I'm wondering if they (ReadyNas duo, DLink DNS-323) or any other NAS is suitable for having their RAIDed disks moved to a software-based NAS. To be specific, I'm a big fan of the (largely) Debian-based Ubuntu. Can the aforementioned NAS drives be migrated to Ubuntu (e.g. using the mdadm Linux command)? Secondly, is there any commercial NAS that can be migrated over? Incidentally, here is a link to somebody who succeeded in a migration: http://www.linuxquestions.org/questions/slackware-14/moving-raid1-drives-into-computer-with-same-md-numbers-862312/ My specific scenario I'd like to prepare for, is the eventual (sudden) death of one of the NAS motherboards.

  Read the article

• At what level should security be implemented in a social network web application ?

  - by Rajkumar Gupta

  I am developing a social web application in php/mysql, I would like to hear your advice about what would be a better way to implement security. I am planning something like this:- At the presentation level, I restricting the user to see only those items/content he is eligible to see with the rights he is eligible & at the database level, whenever my data is read/ written or updated I verify that the person has rights to such interactions with that part of data. So for each action there is 2 layers of security one at the view level & another at the database level. Would double checking be much overhead ? ofcourse this handles only with the internal security issues ..

  Read the article

• How do large companies handle software updates for users without administrative rights?

  - by CT

  I just started working for a small-medium size company doing IT support. Maybe 150 or less users. Right now every user has administrative rights to their own machine. This allows them to install updates or whatever else they would like to. I'm tired of getting on user's machines that are bloated with crap they put on themselves. So my first thought would be to take away administrative rights to their computer. This would also have other advantages such as preventing a lot of drive-by malware on the web etc. The problem arises that users are unable to install updates. (Even though I find most ignore these anyway) How do large companies handle software updates on all client machines? EDIT: Windows environment. Most servers are Windows Server 2003 Enterprise. Clients are all Windows. Win XP, Vista, and 7.

  Read the article

• Need to detect the same application open on another computer on the network. Any software around tha

  - by Joe Schmoe

  I have a time management application that I use at home quite a lot and have running most of the time. At home, I have a desktop PC and a couple of laptops scattered around the house...all networked together. Unfortunately, the application I use is not multi-user and I risk losing/corrupting data if it has been left running on one computer inadvertently while I start using it on another one in another part of the house. I use Live Mesh to automatically keep the application's database synced across the different computers and I just need some way of making sure that I don't start using the application on another computer before closing it down on the previous one. Anyone know of any Windows software that can detect if an application is running simultaneously on different computers on my network, and warn me if I am about to have two open at the same time?

  Read the article

• What software works well for viewing massive TIFF images on Windows 7?

  - by nhinkle

  Today I saw an article about a half-gig, 24000 square-pixel high-res composite image of the moon. (This is a much smaller version of the image) I find astronomy interesting, so I thought I'd download it and take a look. With 4GB of RAM and an i5 processor, I figured my computer could handle it. Unfortunately, the built-in Windows Picture Viewer didn't do such a great job. While it opened the file without a problem, zooming in was ineffective. The zoomed out image loaded, but zooming in just showed a scaled-up version of the zoomed-out version, not any detail: Closing the picture viewer also took a very long time, and the whole process used up much more RAM than the 500MB of the picture (usage went from 1.3GB to 3.8GB). What other software would work better for this? I would prefer something that is free and fairly simple. I don't really want to use an editor (like photoshop or GIMP), just a nice lightweight viewer. Any suggestions?

  Read the article

• Software RAID 1 broken, how do I fix this?

  - by Edward

  I'm running CentOS 6 x86_64. There is a software RAID 1 being used on the two internal 80GB drives. I got the following e-mail sent to me: A DegradedArray event had been detected on md device /dev/md1. Faithfully yours, etc. P.S. The /proc/mdstat file currently contains the following: Personalities : [raid1] md0 : active raid1 sda1[0] 511988 blocks super 1.0 [2/1] [U_] md1 : active raid1 sda2[0] 8190968 blocks super 1.1 [2/1] [U_] bitmap: 1/1 pages [4KB], 65536KB chunk md4 : active raid1 sdc1[0] sdb1[1] 1953512400 blocks super 1.2 [2/2] [UU] md3 : active raid1 sdd5[1] sda5[0] 61224892 blocks super 1.1 [2/2] [UU] bitmap: 1/1 pages [4KB], 65536KB chunk md2 : active raid1 sdd3[1] sda3[0] 8190968 blocks super 1.1 [2/2] [UU] unused devices: <none> The system appears to have booted fine and is working. The two drives' content did not change at all. I only removed and reinstalled them while I was booted on the CentOS Live DVD. How do I get the array working again?

  Read the article

• Software Architecture: Quality Attributes

  Quality is what all software engineers should strive for when building a new system or adding new functionality. Dictonary.com ambiguously defines quality as a grade of excellence. Unfortunately, quality must be defined within the context of a situation in that each engineer must extract quality attributes from a project’s requirements. Because quality is defined by project requirements the meaning of quality is constantly changing base on the project. Software architecture factors that indicate the relevance and effectiveness The relevance and effectiveness of architecture can vary based on the context in which it was conceived and the quality attributes that are required to meet. Typically when evaluating architecture for a specific system regarding relevance and effectiveness the following questions should be asked.   Architectural relevance and effectiveness questions: Does the architectural concept meet the needs of the system for which it was designed? Out of the competing architectures for a system, which one is the most suitable? If we look at the first question regarding meeting the needs of a system for which it was designed. A system that answers yes to this question must meet all of its quality goals. This means that it consistently meets or exceeds performance goals for the system. In addition, the system meets all the other required system attributers based on the systems requirements. The suitability of a system is based on several factors. In order for a project to be suitable the necessary resources must be available to complete the task. Standard Project Resources: Money Trained Staff Time Life cycle factors that affect the system and design The development life cycle used on a project can drastically affect how a system’s architecture is created as well as influence its design. In the case of using the software development life cycle (SDLC) each phase must be completed before the next can begin.  This waterfall approach does not allow for changes in a system’s architecture after that phase is completed. This can lead to major system issues when the architecture for the system is not as optimal because of missed quality attributes. This can occur when a project has poor requirements and makes misguided architectural decisions to name a few examples. Once the architectural phase is complete the concepts established in this phase must move on to the design phase that is bound to use the concepts and guidelines defined in the previous phase regardless of any missing quality attributes needed for the project. If any issues arise during this phase regarding the selected architectural concepts they cannot be corrected during the current project. This directly has an effect on the design of a system because the proper qualities required for the project where not used when the architectural concepts were approved. When this is identified nothing can be done to fix the architectural issues and system design must use the existing architectural concepts regardless of its missing quality properties because the architectural concepts for the project cannot be altered. The decisions made in the design phase then preceded to fall down to the implementation phase where the actual system is coded based on the approved architectural concepts established in the architecture phase regardless of its architectural quality. Conversely projects using more of an iterative or agile methodology to implement a system has more flexibility to correct architectural decisions based on missing quality attributes. This is due to each phase of the SDLC is executed more than once so any issues identified in architecture of a system can be corrected in the next architectural phase. Subsequently the corresponding changes will then be adjusted in the following design phase so that when the project is completed the optimal architectural and design decision are applied to the solution. Architecture factors that indicate functional suitability Systems that have function shortcomings do not have the proper functionality based on the project’s driving quality attributes. What this means in English is that the system does not live up to what is required of it by the stakeholders as identified by the missing quality attributes and requirements. One way to prevent functional shortcomings is to test the project’s architecture, design, and implementation against the project’s driving quality attributes to ensure that none of the attributes were missed in any of the phases. Another way to ensure a system has functional suitability is to certify that all its requirements are fully articulated so that there is no chance for misconceptions or misinterpretations by all stakeholders. This will help prevent any issues regarding interpreting the system requirements during the initial architectural concept phase, design phase and implementation phase. Consider the applicability of other architectural models When considering an architectural model for a project is also important to consider other alternative architectural models to ensure that the model that is selected will meet the systems required functionality and high quality attributes. Recently I can remember talking about a project that I was working on and a coworker suggested a different architectural approach that I had never considered. This new model will allow for the same functionally that is offered by the existing model but will allow for a higher quality project because it fulfills more quality attributes. It is always important to seek alternatives prior to committing to an architectural model. Factors used to identify high-risk components A high risk component can be defined as a component that fulfills 2 or more quality attributes for a system. An example of this can be seen in a web application that utilizes a remote database. One high-risk component in this system is the TCIP component because it allows for HTTP connections to handle by a web server and as well as allows for the server to also connect to a remote database server so that it can import data into the system. This component allows for the assurance of data quality attribute and the accessibility quality attribute because the system is available on the network. If for some reason the TCIP component was to fail the web application would fail on two quality attributes accessibility and data assurance in that the web site is not accessible and data cannot be update as needed. Summary As stated previously, quality is what all software engineers should strive for when building a new system or adding new functionality. The quality of a system can be directly determined by how closely it is implemented when compared to its desired quality attributes. One way to insure a higher quality system is to enforce that all project requirements are fully articulated so that no assumptions or misunderstandings can be made by any of the stakeholders. By doing this a system has a better chance of becoming a high quality system based on its quality attributes

  Read the article

• Java Plugin a huge security risk? How to preseve Java plugin from privilege escalation?

  - by Johannes Weiß

  Installing a regular Java plugin is IMHO a real security risk for non-IT people. Normally Java applets run in a sandbox and the applet cannot do anything harmful to your computer. If an applet, however, needs to do something like read-only accessing your filesystem e.g. uploading an image, you have to give it more privileges. Usually that's ok but I think not everyone knows that you give the applet the same privileges to your computer as your user has! And that's everything Java asks you: That looks as 'harmful' as a self-signed SSL certificate on a random page where no sensitive data is exchanged. The user will click on Run! You can try that at home using JyConsole, that's Jython (Python on Java)! Simply type in python code, e.g. import os os.system('cat /etc/passwd') or worse DON'T TYPE IN THAT CODE ON YOUR COMPUTER!!! import os os.system('rm -rf ~') ... Does anyone know how you can disable the possibily of privilege escalation? And by the way, does anyone know why SUN displays only a dialog as harmless as the one shown above (the self-signed-SSL-certificate-dialog from Firefox 3 and above is much clearer here!)? Live sample from my computer:

  Read the article

• Need advice in setting up server. fastCGI, suExec, speed, security, etc.

  - by lewisqic

  I am running my own dedicated server with centOS 5 and WHM/cPanel. I would like to configure my server to meet my needs but I need a little help. It will only be my own websites being run on this server. I'm still a little green when it comes to server administration so please forgive my ignorance. What I Would Like to Have: I need some public directories to be writable (for user image uploads and things like that) but I don't want those directories to have 777 permissions. I need individual accounts to have the ability to set custom php settings for their own account without affecting other accounts, whether through a php.ini file or through .htaccess or any other method. I would like things to run as fast as possible, whether that means using a php optimizer or cacher, such as eaccelerator or xcache or anything else. I need things to be as secure as possible. Here Are My Questions What should I use for my php handler? DSO? CGI? fastCGI? suPHP? Other? Should I be using suEXEC? What are the benefits or downfalls of this? What php optimizer/cacher is best to use? Are there any other security tips I need to know about all of this? I'd appreciate any advice or direction that can be offered. Thanks!

  Read the article

< Previous Page | 81 82 83 84 85 86 87 88 89 90 91 92  | Next Page >