when is secure, secure?
I wrote a custom authentication handler for PureFTPD, using a combination of
authentication methods, for about 4 different types of users.
So far, from testing it, it does look to work properly, and does it's job
pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and
use warnings, and the code returns no errors or warnings when run.
I am right to presume that this basically only really tells me the my syntax
and structure of the application is right? What's a good way to see whether
it is actually SECURE... There is a couple of lines of...How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I
have learned how to protect my PC from the inside out. But what about
security risks to my info 'before' it gets to my computer? Like my mail
box on the server. Could someone hack into that and thumb through my
If so, how would I ever know?
(The short story)
We have a rogue employee at my work who one day decided to run the web
site, she got in tight with the ISP, got tools to set and delete
passwords on a protected directory on the server. Who knows if she has
telnet access to other things, li...security too secure
Summary: security too secure
The security thing won't let me in this sight no matter how I accept,
confirm, get certificate, etc.
Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4
From URL: http://hendrix.mozilla.org/
Note to readers: Hendrix gives no expectation of a response to this feedback
but if you wish to provide one you must BCC (not CC) the sender for them to
...form security against security
i have a form in my website which is to be filled by user and that form stores in database(sql server 2005).
but someone told me that anyone can run script in textboxes in that form and can damage database,
so how to avoid such security lack.
it is common practice to use parameterized sql statements or stored procs to insure you are protected from sql injections attacks.
if you concatenate user input directly into a sql statement, then you are at risk.Mike Banavige~~~~~~~~~~~~Need a site code sample in a different language? Try converting it with: http://converte...Duplicate Security Roles Showing up In Security Roles Manager
Anyone have any ideas? We have had and instance of 3.0.13 with one child portal running for about a month now. A few days ago our adminstrator noticed that we have duplicate entries for security roles. For example, the Security Roles Manager shows:Name Description Fee Every Period Trial Every Period Public Auto Administrators Portal Administration False False Administrators Portal Administration False False Registered Users Registered Users &n...Login with form based authentication and roles based security
I've develop Sign In pages apply Forms Authentication and Roles Based Security. It means, 1 user can have many roles (HttpContext.Current.User = New GenericPrincipal(fi, astrRoles)). Let's say User ID: sr102, then it roles is Sales, Marketing and Logistic.
Im using User.IsInRole("Sales") to control the applications modules. My application like as follow
1. After login success, application show all the application modules such as Logistic, Sales, Marketing, IT, Human Resource and Warehouse.
From user id, application will know the roles assigned.
How to enable and di...How secure is AuthenticationTypes.Secure?
I understand that AuthenticationTypes.Secure requests secure authentication using Kerberos or NTLM (??). However, here is a scenario I am trying to understand. Let us say that I am having a regular ASP.NET site - with SSL certificates not installed on the web server. The login sends the request out to an AD server which also does not have certificates installed. However, I have set Secure flag to AuthenticationTypes.Secure. When the username and password data gets transmitted between the application and the LDAP server, how secure are the password and username info? In other words is this in...Password secure...is it secure?
Yes I just got this baby and I LOVE it! Its great. I have stored all my
passwords inside of it (and yes made a few backups from them in secure
locations) How secure is this program really? It uses blowfish to encrypt
the database but how strong blowfish? 128bits? 256? 448?
Anything else I should think about it? I have putted it and its databases
inside PGPdisk just to play it safe...but then again Im a paranoid. :)
My privacy related homepage and PGP keys:
********...Secure connections: how secure are they?
......... both useful and malicious information can be transmitted via network
connections. Standard solutions protect computers against threats present in
standard network connections, but aren't able to counter threats present in
secure connections. Verifying the contents of a secure connection is
impossible by virtue of its secure nature, as demonstrated by the different
types of protection listed above. As a result, malicious data within secure
channels can cause a significant amount of damage, and sometimes more than if
it were to be transmitted via a standard, non-s...How secure is secure enough?
July 28, 2008 (Computerworld) This story originally appeared in
Computerworld's print edition.
If there is a Holy Grail in the information security industry, it surely is
the answer to the question, "How secure is secure enough?"
It's a question that many security managers have either avoided answering
altogether or tried to quickly sidestep by throwing a fistful of mainly
pointless operational metrics at anyone who cared to ask.
This is a multi-part message in MIME format.
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
I'm a Mac user 10.4.8 of Thunderbird 18.104.22.168 & am wondering how
"Enabling FIPS" will improve my security? I can't seem to find any
explanation of FIPS under Thunderbird help.
Have a good day R Schwager
Content-Type: text/html; charset=ISO-8859-1
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Tr...RSA Secure ID enabled website along with role based access to the RSA Secure ID Users
I am trying to implement RSA Security to my intranet website. I want to access the 'RSA Secure ID User Name' and 'Password(Passcode here if possible)' in my application to set the roles of the user
in the website. I want the RSA Secure ID user as my website user if it is registered into my database only. It means 'RSA access' and 'allocating the page access rights' to the user is totally depends upon the 'secure Id user' . I have to retrieve this information from RSA server and use it into my applic...Secure By Design: How Guardian Digital Secures EnGarde Secure Linux
"EnGarde Secure Linux is not just another "repackaged" Linux
distribution, but a modern open source system built from the ground up
to provide secure services in the threatening world of the modern
...."The Community edition of EnGarde Secure Linux is completely free
and open source, and online security and application updates are
freely available with GDSN registration."...
...Form based security with Roles and Permissions
Hi, we are looking at adding form based security into our new web application. Our users want the ability to control access down to the field level on every form. We are thinking about creating a view and edit role for each field on each form. However, there is another complexity in that when editing Clients (for example), the field level control also depends on the Status of the Client. We have this sub-role or permission level control issue in quite a few areas within the system, giving you the following example grid or Roles and Permissions: