I am talking about production database. There are couple of people who use crystal on daily basis for various types of reports. Some use it to just peak at the data, other generate reports of it. Should this be allowed from security/performance/other point of view? There is no http access ...
I need some design ideas for a requirement to audit when uses are added/removed from an object. I need to collect the user doing the add/remove, date time, and reason for adding. I need to do this to sites, libraries lists and anything for that matter that has security ...
Here is my scenario: I've got SSRS 2008 R2 running in integrated mode with SharePoint 2010. Everything works as expected in that I can create data sources, models (either through studio or via the "generate model" option on the ECB for a datasource in a report library). My datasource is using ...
I am trying to work out a strategy to appropriately hand out certain levels of permissions to junior admins on the system across multiple distributions, especially Ubuntu Server and RedHat Enterprise Linux, but also the occasional Debian and CentOS machines. I'm trying to find documentation on what each of the ...
i have a problem. i am a rookie programmer, about a year ago i started learning php by myself to write an application. like all rookies i made some big mistakes that i realized after the application was launched. things like missing foreign keys un-encrypted cookie stored password....and stuff like that. now before you ...
I created an Android app, and I'm ready to post it on playstore. But I'm not sure of secure of my app content. The point is that I have a database inside of my app, and I don't want anyone to get info from it in any other way except through ...
I recently read about Kerberos and its great algorithm to securely authenticate user. But the "drawback" of Kerberos is that it requires credentials (calls "principals") to be added manually directly from the authentication server (implemented with Kerberos so). So, unless I ignore it, it's impossible to use a classic form in an ...
I'm building an android app that needs to authenticate with a php service. My current approach is when the user initially logs in, a unique id is generated using uniqid(). This uid is then stored in a table on the database along with their username.The user is then passed back ...
I have separate web (Apache/PHP) and database (MySQL) servers using mysqli over an SSL connection working nicely. In the ssl_set() function in the database connection library within the framework, I can specify the path to the keys/pem files as long as it's within the docroot. If the files ...
I'm trying to implement fosUserBundle in my symfony project. I've successfully installed an configured the bundle. But now, when I log in, I'm having this error message: You must configure the check path to be handled by the firewall using form_login in your security firewall configuration. Why is that happening ? ...
Let's say a user wants to delete a post and you want to perform this asynchronously, you'd probably do something like... $.post('https://mysite.com/execs/remove.php?&post_id=' + post); Or you wouldn't, because you don't want someone to be able to just copy that link with the user's post id and trick them into deleting it. So ...
I am working with a credit card processor script -- provided by the processor -- which takes in various credit card data and merchant account data, fetches a cURL, and parses the return XML for transaction status. Code: define("CURL_PROCESSING_URL", "https://ideposit.vbprograms.net/servlet/pg"); $params = "Merchant_User_Name=" . "vitale" . ...
I know it's not possible to reverse an MD5 hash back to its original value. But what about generating a set of random characters which would give the exact same value when hashed? Is that possible? ...
i have a problem. i am a rookie programmer, about a year ago i started learning php by myself to write an application. like all rookies i made some big mistakes that i realized after the application was launched. things like missing foreign keys un-encrypted cookie stored password....and stuff like that. now before you ...
I followed the steps here: Enabling a plugpoint for custom password encryption In particular, implementing the interface given here: Plug point for custom password encryption However, I'm using SHA-256 encryption, i.e. import java.security.MessageDigest; MessageDigest messageDigest = MessageDigest.getInstance("SHA-256"); But, how can I implement a decrypt method for SHA-256? I thought the whole idea was ...
I was confused by an answer on another post I made here: http://sharepoint.stackexchange.com/questions/40057/is-an-updatepanel-a-bad-decision/40412#40412 My understanding is that an UpdatePanel handling a Button_Click is not doing anything different from a security standpoint than a normal postback. The UpdatePanel IS still doing a full postback, it's just happening asynchronously inside the confines of ...
I've been doing some research on security vulnerabilities with Android custom keyboards, and noticed something interesting. When I install a keyboard on my Sharp Aquos Gingerbread phone, it tells me that it "may be able to collect all the text you type including passwords". However, on my Samsung Galaxy Tab ...
What is the procedure for securing static assets (javascript and css) behind the firewall? I have an admin section which uses javascript heavily. I don't really want to expose the code to the public. I currently compile all my javascript using assetic to files in /web/admin/js/xyz.js Is there a simple way to do ...
My code suddenly stopped working after I updated ti IE9 , both IE9 and FF don't work. FF gives me "SecurityError: The operation is insecure" on the line data: JSON.stringify(someVar), When I am doing jquery ajax call $.ajax({ contentType: 'application/json, charset=utf-8', ...