Search Results

Search found 8253 results on 331 pages for 'secure coding'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 91/331 | < Previous Page | 87 88 89 90 91 92 93 94 95 96 97 98  | Next Page >

  • Server Security

    - by mahatmanich
    I want to run my own root server (directly accessible from the web without a hardware firewall) with debian lenny, apache2, php5, mysql, postfix MTA, sftp (based on ssh) and maybe dns server. What measures/software would you recomend, and why, to secure this server down and minimalize the attack vector? Webapplications aside ... This is what I have so far: iptables (for gen. packet filtering) fail2ban (brute force attack defense) ssh (chang default, port disable root access) modsecurity - is really clumsy and a pain (any alternative here?) ?Sudo why should I use it? what is the advantage to normal user handling thinking about greensql for mysql www.greensql.net is tripwire worth looking at? snort? What am I missing? What is hot and what is not? Best practices? I like "KISS" - Keep it simple secure, I know it would be nice! Thanks in advance ...

    Read the article

  • switch views using a button, going to a table view, iphone

    - by Jaime Rae
    My program has 4 buttons and each button calls a different table view. That works fine, but my problem is, the view controller I'm using brings up a table view that covers up my navigation bar and my tab bar. I need to replace that coding with something that will bring up a table and not cover up my nav and tab bars. Here is the coding I'm using: -(IBAction)buttonNorthWest { NorthWestViewController *nwController = [[NorthWestViewController alloc] initWithNibName:@"NorthWestView" bundle:nil]; self.nwViewController = nwController; [self.view insertSubview:nwViewController.view atIndex:0]; [self presentModalViewController:nwViewController animated:YES]; [nwController release]; } The [self presentModalViewController....] is the problem. Does anyone know how I can replace that code with something that keeps my nav and tab bars? Thanks, Jaime

    Read the article

  • Spring Security - is Role and ACL security overkill?

    - by HDave
    I have a 3 tier application that requires security authorizations be placed on various domain objects. Whether I use Spring's ACL implementation or roll my own, it seems to me that ACL based security can only be used to authorize (service) methods and cannot be used to authorize URL or web service invocations. I think this because how could a web service call check the ACL before it has hydrated the XML payload? Also, all the examples for web access security in the Spring documentation are securing URL's based on Role. Is it typical to use Spring's roles to secure web presentation and web service calls, while at the same time using ACL's to secure the business methods? Is this overkill?

    Read the article

  • sql database connection on remote server

    - by arti pathak
    i create my web site on asp.net and i create database in sql using inbuilt it in visual studio i use step to create database 1.right click on solution explorer then add newSqldatabase then ok then if i connect it by coding then it will work on my local PC but actuall i am making website so i want to store it on my web server then if i load databse file (.mdf) file in my web server where my all files are loaded then it is showing it error "A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)" so please help me and send me all step how i create database and what coding i use to connect on remote server....... Thank You......

    Read the article

  • Good Guide For Web App Security?

    - by QAH
    Hello! I am pretty good on making web applications and I know how to transfer data to and from client/server, etc. I need some help though learning how to make the data exchanges more secure. That is the reason why I feel kind of scared to publish any web app I make. I wanted to know what are some good guides to help you understand and learn how to secure data transfer with your web application? Things like better authentication for example and making better logins. You can post any suggestion, but just for your information, I mainly code my web apps with Javascript and PHP. Also, I transfer my data using JSON or XML. Thanks a lot

    Read the article

  • vb.net .aspxauth

    - by Morgan
    I am working with a large site trying to implement web parts for particular users in a particular subdirectory but I can't get the .ASPXAUTH cookie to be recognized. I've read dozens of tutorials and MS class library pages that tell me how it should work to no avail. I am brand new to Web parts, so I'm sorry if I'm unclear. The idea is that logged in users can travel the site, but then when they go to their dashboard, they are programmatically authenticated using Membership and FormsAuthentication to pull up their Personalization. When I step through the code, I can see the cookie being set, and that it exists on the following page, but Membership.GetUser() and User.Identity are both empty. I know the user exists because I created it programmatically using Membership.CreateUser() and I can see it when I do Membership.GetAllUsers() and it's online when i use Membership.GetUser(username) but the Personalization doesn't work. Right now, I'm just trying to get the proof of concept going. I've tried creating the ticket and cookie myself, and also using SetAuthCookie() (code follows). I really just need a clue as to what to look for. Here's the "login" page... If Membership.ValidateUser(testusername, testpassword) Then -- Works FormsAuthentication.SetAuthCookie(testusername, true) Response.Redirect("webpartsdemo1.aspx", False) End If And the next page (webpartsdemo1.aspx) Dim cookey As String = ".ASPXAUTH" lblContent.Text &= "<br><br>" & Request.Cookies(cookey).Name & " Details" lblContent.Text &= "<br>path = " & Request.Cookies(cookey).Path lblContent.Text &= "<br>domain = " & Request.Cookies(cookey).Domain lblContent.Text &= "<br>expires = " & Request.Cookies(cookey).Expires lblContent.Text &= "<br>Secure only? " & Request.Cookies(cookey).Secure lblContent.Text &= "<br>HTTP only? = " & Request.Cookies(cookey).HttpOnly lblContent.Text &= "<br>Has subkeys? " & Request.Cookies(cookey).HasKeys lblContent.Text &= "<br/><br/>request authenticated? " & Request.IsAuthenticated.ToString lblContent.Text &= " Getting user<br/>Current User: " Dim muGidget As MembershipUser If Request.IsAuthenticated Then muGidget = Membership.GetUser lblContent.Text &= Membership.GetUser().UserName Else lblContent.Text &= "none found" End If Output: .ASPXAUTH Details path = / domain = expires = 12:00:00 AM Secure only? False HTTP only? = False Has subkeys? False request authenticated? False Getting user Current User: none found Sorry to go on so long. Thanks for any help you can provide.

    Read the article

  • jQuery Toggle with Cookie

    - by Cameron
    I have the following toggle system, but I want it to remember what was open/closed using the jQuery cookie plugin. So for example if I open a toggle and then navigate away from the page, when I come back it should be still open. This is code I have so far, but it's becoming rather confusing, some help would be much appreciated thanks. jQuery.cookie = function (name, value, options) { if (typeof value != 'undefined') { options = options || {}; if (value === null) { value = ''; options = $.extend({}, options); options.expires = -1; } var expires = ''; if (options.expires && (typeof options.expires == 'number' || options.expires.toUTCString)) { var date; if (typeof options.expires == 'number') { date = new Date(); date.setTime(date.getTime() + (options.expires * 24 * 60 * 60 * 1000)); } else { date = options.expires; } expires = '; expires=' + date.toUTCString(); } var path = options.path ? '; path=' + (options.path) : ''; var domain = options.domain ? '; domain=' + (options.domain) : ''; var secure = options.secure ? '; secure' : ''; document.cookie = [name, '=', encodeURIComponent(value), expires, path, domain, secure].join(''); } else { var cookieValue = null; if (document.cookie && document.cookie != '') { var cookies = document.cookie.split(';'); for (var i = 0; i < cookies.length; i++) { var cookie = jQuery.trim(cookies[i]); if (cookie.substring(0, name.length + 1) == (name + '=')) { cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); break; } } } return cookieValue; } }; // var showTop = $.cookie('showTop'); if ($.cookie('showTop') == 'collapsed') { $(".toggle_container").hide(); $(".trigger").toggle(function () { $(this).addClass("active"); }, function () { $(this).removeClass("active"); }); $(".trigger").click(function () { $(this).next(".toggle_container").slideToggle("slow,"); }); } else { $(".toggle_container").show(); $(".trigger").toggle(function () { $(this).addClass("active"); }, function () { $(this).removeClass("active"); }); $(".trigger").click(function () { $(this).next(".toggle_container").slideToggle("slow,"); }); }; $(".trigger").click(function () { if ($(".toggle_container").is(":hidden")) { $(this).next(".toggle_container").slideToggle("slow,"); $.cookie('showTop', 'expanded'); } else { $(this).next(".toggle_container").slideToggle("slow,"); $.cookie('showTop', 'collapsed'); } return false; }); and this is a snippet of the HTML it works with: <li> <label for="small"><input type="checkbox" id="small" /> Small</label> <a class="trigger" href="#">Toggle</a> <div class="toggle_container"> <p class="funding"><strong>Funding</strong></p> <ul class="childs"> <li class="child"> <label for="fully-funded1"><input type="checkbox" id="fully-funded1" /> Fully Funded</label> <a class="trigger" href="#">Toggle</a> <div class="toggle_container"> <p class="days"><strong>Days</strong></p> <ul class="days clearfix"> <li><label for="1pre16">Pre 16</label> <input type="text" id="1pre16" /></li> <li><label for="2post16">Post 16</label> <input type="text" id="2post16" /></li> <li><label for="3teacher">Teacher</label> <input type="text" id="3teacher" /></li> </ul> </div> </li>

    Read the article

  • best way to authenticate and consume web service using phonegap (html5/javascript)

    - by Raiss
    I am going to develop a phonegap application which is pretty simple. I need to implement an authentication and some simple data transfer back and forth to the phone and server. I prefer to use ASP.NET as a web service and our database is MS SQL but I am not sure what approach should I take to create a secure communication between Phonegap App and webservice. The problem with a simple AJAX request is limitation in cross-domain and I’m not sure if JSONP is a good option. I was wondering if someone can tell me what technology I should use in order to make a semi secure connection which works with PhoneGap (html5, javascript ) and .Net webservice. I understand that it’s a general question but I need to know what technology is the best in such a case. thanks

    Read the article

  • IE Mixed Content Warining when using https URLs and http:443 URLs?

    - by Campbeln
    I'm getting the good ole' "This page contains both secure and nonsecure items." dialog in IE when connecting to an HTTPS site. No big deal... I've just got something coming in over a non-secure connection so that should be an easy fix, right? So I go into "View Web Page Privacy Policy..." to look to see where I've included an HTTP file, and this is what I see... https://blah/path/to/file.htm https://blah/path/to/file.js http://blah:443/path/to/file.css Um... ok... so... there is an HTTP only URL being requested, but it is going over port 443 ("https://blah/" is shorthand for "http://blah:443/") so... What is the deal with this!? IE 7.0.5730.13 can't possibly be THAT stupid, can it? Is there an IIS setting that needs to be tweaked?

    Read the article

  • What web based programming environments exist, on which to learn?

    - by jjclarkson
    I loved appjet (the programming environment) before it was taken over by Google. What other web based complete programming environments are out there? Which one do you think is best for starting to do real world coding the fastest? I really think coding from your browser will make programming more accessible to the public. Are there any out there that use a vim style, (e.g. jsvi) in combination with free server side hosting? The last time I looked at Bespin it was a little green. Are there others?

    Read the article

  • Can I retain a Google apps session token permanently for a specific user who logs into my google app

    - by Ali
    Hi guys, is it possible to retain upon authorization a single session token for a user who signs into my gogle application. CUrrently my application seems to every now and then require the user to authenticate into google apps. I think it has to do with session dying out or so. I have the following code: function getCurrentUrl() { global $_SERVER; $php_request_uri = htmlentities(substr($_SERVER['REQUEST_URI'], 0, strcspn($_SERVER['REQUEST_URI'], "\n\r")), ENT_QUOTES); if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') { $protocol = 'https://'; } else { $protocol = 'http://'; } $host = $_SERVER['HTTP_HOST']; if ($_SERVER['SERVER_PORT'] != '' && (($protocol == 'http://' && $_SERVER['SERVER_PORT'] != '80') || ($protocol == 'https://' && $_SERVER['SERVER_PORT'] != '443'))) { $port = ':' . $_SERVER['SERVER_PORT']; } else { $port = ''; } return $protocol . $host . $port . $php_request_uri; } function getAuthSubUrl($n=false) { $next = $n?$n:getCurrentUrl(); $scope = 'http://docs.google.com/feeds/documents https://www.google.com/calendar/feeds/ https://spreadsheets.google.com/feeds/ https://www.google.com/m8/feeds/ https://mail.google.com/mail/feed/atom/'; $secure = false; $session = true; //echo Zend_Gdata_AuthSub::getAuthSubTokenUri($next, $scope, $secure, $session);; return Zend_Gdata_AuthSub::getAuthSubTokenUri($next, $scope, $secure, $session).(isset($_SESSION['domain'])?'&hd='.$_SESSION['domain']:''); } function _regenerate_token() { global $BASE_URL; if(!$_SESSION['token']) { if(isset($_GET['token'])): $_SESSION['token'] = Zend_Gdata_AuthSub::getAuthSubSessionToken($_GET['token']); return; else: _regenerate_sessions(); _redirect(getAuthSubUrl($BASE_URL . '/index.php?'.$_SERVER['QUERY_STRING'])); endif; } } _regenerate_token(); I know I'm doing it all wrong here and I don't know why :( I have a CONSUMER SECRET code but only use it whereever I need to access a google service. However something is wrong with my authentication as the user has to periodically 'grant access to my application' and reauthorise himself... help please

    Read the article

  • How to fix First Data payment gateway issues "unable to load certificate" ?

    - by Krishnan
    Our asp.net team working on Shopping cart projects We have integrated First Data payment gateway for payment process We have included Visa/master card verification using Alternative First Data payment gateway After visa/master card verification we got cavv(secure code), xid, eci values. After getting cavv, xid and eci values we have appended these values to First data payment gateway. We have set the host as "secure.linkpt.net" and port as 1129 and also set the config and pem files. Now we got an error when sending the xml values to payment gateway as given below Unable to load certificate ERRs: wsa=33558530 err=33558530 ssl=537317504 sys=33558530. INFO: ACE_SSL (3260|3384) error code: 33558530 - error:02001002:lib(2):func(1):reason(2) please help our team to fix the issue

    Read the article

  • How easy is it to hack a plist file in an app store app?

    - by user249488
    Don't worry, I'm not trying to hack someone else's app, if that's what you're thinking =). I want to have 2 versions of my app, a free version and a deluxe version. My plan was to use an in-app purchase to enable the deluxe version by setting a boolean value in the plist file. My question is: is this secure or is it easily circumvented? And if it is not secure, can someone suggest a simple alternative? I don't want to download additional content, I would rather keep all of the functionality within the app and enable it somehow.

    Read the article

  • What is the best python module skeleton code?

    - by user213060
    == Subjective Question Warning == Looking for well supported opinions or supporting evidence. Let us assume that skeleton code can be good. If you disagree with the very concept of module skeleton code then fine, but please refrain from repeating that opinion here. Many python IDE's will start you with a template like: print 'hello world' That's not enough... So here's my skeleton code to get this question started: My Module Skeleton, Short Version: #!/usr/bin/env python """ Module Docstring """ # ## Code goes here. # def test(): """Testing Docstring""" pass if __name__=='__main__': test() and, My Module Skeleton, Long Version: #!/usr/bin/env python # -*- coding: ascii -*- """ Module Docstring Docstrings: http://www.python.org/dev/peps/pep-0257/ """ __author__ = 'Joe Author ([email protected])' __copyright__ = 'Copyright (c) 2009-2010 Joe Author' __license__ = 'New-style BSD' __vcs_id__ = '$Id$' __version__ = '1.2.3' #Versioning: http://www.python.org/dev/peps/pep-0386/ # ## Code goes here. # def test(): """ Testing Docstring""" pass if __name__=='__main__': test() Notes: """ ===MODULE TYPE=== Since the vast majority of my modules are "library" types, I have constructed this example skeleton as such. For modules that act as the main entry for running the full application, you would make changes such as running a main() function instead of the test() function in __main__. ===VERSIONING=== The following practice, specified in PEP8, no longer makes sense: __version__ = '$Revision: 1.2.3 $' for two reasons: (1) Distributed version control systems make it neccessary to include more than just a revision number. E.g. author name and revision number. (2) It's a revision number not a version number. Instead, the __vcs_id__ variable is being adopted. This expands to, for example: __vcs_id__ = '$Id: example.py,v 1.1.1.1 2001/07/21 22:14:04 goodger Exp $' ===VCS DATE=== Likewise, the date variable has been removed: __date__ = '$Date: 2009/01/02 20:19:18 $' ===CHARACTER ENCODING=== If the coding is explicitly specified, then it should be set to the default setting of ascii. This can be modified if necessary (rarely in practice). Defaulting to utf-8 can cause anomalies with editors that have poor unicode support. """ There are a lot of PEPs that put forward coding style recommendations. Am I missing any important best practices? What is the best python module skeleton code? Update Show me any kind of "best" that you prefer. Tell us what metrics you used to qualify "best".

    Read the article

  • Cakephp doesn't write a cookie

    - by radious
    Hello! I have a problem with writing cookies in cakephp and even don't know how to debug it or where too look for a clue. I've inherited a project where cookie were only created using the Session component, of course i added 'Cookie' to $components array in app_controller and put this in beforeFilter: $this->Cookie->name = 'foo'; $this->Cookie->path = '/home/~nick'; $this->Cookie->domain = 'hostname'; $this->Cookie->secure = false; //i.e. only sent if using secure HTTPS $this->Cookie->key = 'some key'; and in some action i use: $this->Cookie->write('key', 'value'); I access page by http://hostname/home/~nick/foo and actually try to put even something so silly. I doesn't work. I would be really gratefully for any clue where to search problem. Thanks!

    Read the article

  • Why use MVVM???

    - by LnDCobra
    Okay, I have been looking into MVVM pattern, and each time I have previously tried looking into it, I gave up for a number of reasons: Unnecessary Extra Long Winded Coding No apparent advantages for coders (no designers in my office. Currently only myself soon to be another coder) Not a lot of resources/documentation of good practices! (Or at least hard to find) Cannot think of a single scenario where this is advantageous. I'm about to give up on it yet again, and thought I'd ask to see if someone answer the reasons above. I honestly can't see an advantage of using this for a single/partner coding. Even in complex projects with 10's of windows. To me the DataSet is a good enough view and binding like in the answer by Brent following question

    Read the article

  • Handling credit cards and IOS

    - by Susan Jackie
    I am using NSUrlConnection asyncronous request to transmit credit card information to a secure third party server. I do the following: I get the credit card number, cvv, etc from the uitextfields. Encode the credit card information into a json format. Set as httpd body of the nsurlconnection request as follows: NSURL * url = [[NSURL URLWithString: "https://www.example.com"]; NSMutableURLRequest * request = [[NSMutableURLRequest alloc] initWithURL: url]; [request setHTTPMethod: @"POST"]; [request setValue:@"application/json" forHTTPHeaderField:@"Accept"]; [request setValue:@"application/json" forHTTPHeaderField:@"Content-Type"]; [request setHTTPBody: [NSJSONSerialization dataWithJSONObject: params options: kNilOptions error: &parseError]]; Send this information via asynchronous request to a secure third party server: [NSURLConnection sendAsynchronousRequest:request queue: queue completionHandler:^(NSURLResponse *response, NSData *data, NSError * requestError) { What should I be considering to send user credit card information to a third party server using nsurlconnection asynchronous request?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 87 88 89 90 91 92 93 94 95 96 97 98  | Next Page >