OT: Site security

Check out this article. It's about a new service that will
check your site's reputation and security.
http://www.informationweek.com/news/showArticle.jhtml?articleID=199600394

security is a cat and mouse game that goes around in circles, regardless of what technology we're talking about.  What's good today is bad tomorrow (not literally but you get the point).
you should choose what best fits your needs and your required level of security.  Anything is better than nothing, but anything isn't everything.  From javascript/ajax, custom programming, validation techniques (example: honeypots, captcha,..), and server side considerations, to secure forms there are countless counter measures that can be used.
dreamweaver provides users with an AJAX framework called SPRY, that has form field checks that are easy to implement and will help secure your forms by requiring data entered follows format standards and that they are required to execute your sql.  are they full proof and impenetrable, no, but they are an excellent step in protecting your database from unnecessary form spam.  unless you have a reason to suspect you will be a high value target for attacks, this basic counter measure should suffice, especially combined with the honeypot or captcha technique.  You can also integrate some if else statements using php to verify the existence of, and sanitize, the required form fields in the rare situation the user doesn't have javascript support.

Similar Messages

  • SharePoint 2013 internet facing pubic site security

    Hi All,
    Are there any best practices or recommendations to make public internet facing SharePoint sites secure.
    We have scan internet exposed SharePoint site from a VA/PEN test tool and got recommendations on below:
    1. Cookies needs to make Secure
    2. Http methods like TRACE need to be disabled
    3. Cache-Control settings should be set to no-store
    Is there any guidance on whether these IIS level settings are possible for SharePoint?
    sudesh withanage

    You can control the cache by enabling BlobCaching and setting the maxAge attribute. I have a tool to make this easier located here:
    BlobCache
    The other two you can ignore. Pen test tools typically do not take into account SharePoint, which has specific requirements, e.g. you can't disable the TRACE verb.
    Trevor Seward
    Follow or contact me at...
    &nbsp&nbsp
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

  • Since updating to Firefox 4.0.1 I have lost the site security ranking provided by Norton. can I incorporate this in the latest Firefox? Failing that, how can I return to my previous version?

    Since updating to Firefox 4.0.1 I have lost the site security ranking provided by Norton. can I incorporate this in the latest Firefox? Failing that, how can I return to my previous version?

    http://community.norton.com/t5/Norton-Internet-Security-Norton/Norton-Toolbar-not-compatible-with-FF-4-0-1/td-p/442788

  • Where is the site security indicator?

    I cannot find the site security indicator in beta 4.0b. It is usually a padlock- locked or unlocked. I cannot find it now.

    That "lock" is gone, as is the Statusbar where the "lock" used to appear. Use the Site Identity Button for viewing security information about the page you are viewing, the new "lock" appears there in the information box when you click on the Site Identity Button.
    https://support.mozilla.com/en-US/kb/Site+Identity+Button

  • Disable site security checking

    I am opposed to security in real life and especially as regards my computers and software - I want to try to do what I want to do and I do not in the least care what the consequences are, regardless. Sooner or later I will suceed in doing what I set out to do, and once I do, I will no longer care about any other consequences no matter what.
    Checking webistes for security certificatres in any fashion is a major BUG as far as I am concerned. I can not deal with this in any way acceptable to me other than these:
    1. Abolish the ptactice world-wide
    2. Abolish its use as regards me
    3. Abolish its use as regards me but give me the option to add a site/situation where I MIGHT someday find some use in verifying who I sm sending or receiving information with or sharing userprivileges with etc.

    No point in trying to change your decision.
    I hope you researched the risks, and have well rehearsed restore or mitigation procedures, maybe daily backups suitable for baremetal restores and maybe using a virtual machine for your insecure online activities.
    Just use the HTTP version of sites instead of the HTTPS version and there will be no certificates to worry about. Firefox will by default connect you to a HTTPS site if you have used https previously,but you can use forget about this site to access the http version (That removes history & cookies also )
    * For explanation of HTTPS purpose see http://en.wikipedia.org/wiki/Https
    * [[Remove websites from the Awesome Bar suggestions#w_clearing-all-items-for-a-single-site]]_clearing-all-items-for-a-single-site
    *An explanation of some Firefox information on site security [[How do I tell if my connection to a website is secure?]]
    *This explains how to turn on one of the security systems <br />[[Enable SSL to fix the Firefox cannot connect securely error message]] <br /> Conversely it shows '''how to turn it off'''
    By the way even the Google search will use https by default on Firefox. Prevent that and you are more likely too get directed to incorrect sites by your search results.
    You are free to do such things if that is what you like. This is however not a forum for discussing firefox development or feature changes and certainly not for changing the way the web works.
    Firefox also has phishing and attack warning turned on by default. Again turn the off if you want, all they do is warn you and give you the option to override any warning. Especially if using http only you may wish to leave that feature turned on.
    * http://www.mozilla.org/en-US/firefox/security/#secure

  • Project Server 2010: PWA Removing Default Project Site Security Groups When Creating a New Project

    I looked for this specific issue with Project Server 2010/PWA/SharePoint and could not find an exact answer... hopefully someone can help.
    We are currently using Project Server 2010 and have a number of project site templates that are used dependent upon the enterprise project type selected. Each of these project site templates have unique permissions which should create the default security
    groups on the project site upon publishing/syncing:
    <Project Name> Members
    <Project Name> Owners
    <Project Name> Visitors
    <Project Name> Project Managers (Project Web App Synchronized)
    <Project Name> Team Members (Project Web App Synchronized)
    Web Administrators (Project Web App Synchronized)
    Whether a user creates a project through PWA or Project Pro 2010 and imports the project into PWA, we get a weird result in the Site Permissions of the newly created project site. PWA will remove all default security groups from the project site template
    and add a whole list of users in the Site Permissions list without groups. 
    Once the project is published and the project site is created, we can then go back and add those default security groups back in the project Site Permissions and even add a couple of custom groups without them being removed on all subsequent project syncs
    or publishing. 
    How do we get PWA to not overwrite the project site templates' security groups and place each user in the proper default security groups? At the same time, how is PWA adding a number of users into the Project Site Permissions?
    Thanks in advance.

    Paul,
    Thanks for that information. Right now we are using the Test environment to turn the Auto-sync feature back on. I suspect that the reason this is happening is due to PWA groups/categories/security templates. There may be more than one PWA group that is "overwriting"
    the default project site groups upon initial creation of the project. We will look further into the security settings to tighten up the policies. 

  • Project site security best practise - project server 2010

    I have following requirement
    environment:
    project server 2010
    project sites created out of project site templates. So they follow project server security model.
    requirement:
    the are users who do not needs to see any thing except the content on project site.  The user does not need to access project \pwa
    Question:
    what is the best approach
    create sharepoint based  groups for the projectsite?
    Create project server based group?

    pgshah570,
    If you are using the automatic synchronization for project site permissions, then the permissions are granted based on the following rules:
    Project managers who have published a project or who have Save Project permissions on a project are added to the Project Managers (Microsoft Project Server) site group.
    Team members with assignments in a project are added to the Team members (Microsoft Project Server) site group.
    Other Project Server users who have View Project Site permission on a project are added to the Readers (Microsoft Project Server) site group. 
    If you are NOT using the automatic synchronization, then project sites are like any other SharePoint Sites, and you can use SharePoint groups or AD groups. I recommend using AD groups to grant permissions. The Project Server Security groups in this scenario
    do not have any impact on Project Site permissions.
    Cheers,
    Prasanna Adavi, Project MVP
    Blog:
      Podcast:
       Twitter:   
    LinkedIn:
      

  • On secure site security lock (bottom right) 'padlock' is missing. how do I activate??

    After downloading 'Firefox 4' we noticed the 'padlock' indicating that the line was secure was missing. I have tryed almost everything I know to correct this to no avail. After talking to our bank they told us that the error was with the computer and not with them. We did not have this error with your for-runner.

    Firefox has a different method of displaying secure sites - see [[Site Identity Button]] for more about it.

  • Remove users from Sharepoint site security group

    I have to close a share point 2007 site for all users for an update. I don't have access to CA. the easiest approach is to remove the users from security group and add them back when the site modification is done. All users all under "NT/Aunthenticated
    users" and they are in Members group. I'm just wondering will it cause any issues when adding them back or it can be done in 1 click. Do i need any tweaks from CA side to add them back?
    Any response is appreciated.
     Thanks!

    Once you add the users back to the site, it should work as expected.
    >>Do i need any tweaks from CA side to add them back?
    No i believe, because you are changing the permissions at site level.
    My Blog- http://www.sharepoint-journey.com|
    If a post answers your question, please click Mark As Answer on that post and Vote as Helpful

  • Site security

    Forgive me if this is a "dumb question" - but when I log into the Apple discussions the little padlock at the bottom of my screen has a red line through it. Does that mean that the discussion board is not a "secure site." I notice that it doesn't have an "s" in the web address.

    MGW wrote:
    ...although only registered users can pot or reply.
    You got some yummylicious pot of stew in the oven Miriam? A Freudian slip there as it seems not all of your concetwation was on AD. Some of it must have been on the timer so that the stew isn't burnt, perhaps? I'm feeling kinda peckish now. Salivating even. Wifey had better have some good yummylicious nosh prepared for me when I get home.
    Kryten

  • HTTPS SITES DO NOT SHOW A "SECURE" KEY/ICON. CAN I USE THESE SITES SECURELY?

    WHEN HTTPS SITES ARE ENTERED, NO SECURE KEY ICON IS SHOWN.
    CAN THESE SITES BE USED SECURELY/SAFELY?

    The padlock has been replaced by the site identity button, for details on using it see https://support.mozilla.com/kb/Site+Identity+Button
    If you want to add a padlock icon to the location bar, you can use the Padlock add-on - https://addons.mozilla.org/firefox/addon/padlock-icon/

  • Is site secure?

    I was about to enter some credit card info on a site that appeared to be secure (HTTPS) but I noticed that there was no "padlock" icon at the upper right side of the screen. Is the HTTPS site really secure if the padlock does not appear?

    Hi Kenneth,
    The lock icon usually doesn't appear until you type in a user name and password. You can then click that icon to check to see if the certificate is valid.
    Is the HTTPS site really secure if the padlock does not appear?
    If the certificate is valid, it should be.
    If you are running v10.6.3 (your profile), there are software updates available from your Apple menu / Software Update...
    Carolyn

  • How to disable checking for sites security certificates

    I work in a company which manipulates its server in a way to make all unwanted sites look like not having a valid certificate so when I try to open them like gmail site I get a message that this site doesnt have a valid certificate and firefox - or any other browser- dont open the site. The question is: how to disable this feature in firefox to stop looking for sites certificates or doesnt care about them?

    Exporting a root certificate in another browser would only be helpful if it did work in that browser.
    If it happens in other browsers as well then it would be of any help.
    I'm not seeing the button to add an exception as that would allow to inspect the certificate in the Certificate Manager.
    Is that specific page opened in an (i)frame?
    If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".

  • Connectivity to Intranet sites : Security popup

    Hi all,
    We have provided connection to many intranet sites of clients network as URL iView on portal.
    These sites work perfectly whenever opened directly in browser.
    When I try to open the same site through portal (URL iView), I get a popup which asks to download a cookie/authenticity certificate into end useru2019s browser.
    This is one time activity, as adding the cookie/trusting a site will be stored into end useru2019s browser.
    But client is asking to bypass such popup, as end users are afraid of accepting cookie/authentication certificate.
    Is there any configuration in portal which will allow certain sites to function without popup, natively?
    The issue is mainly for IBM quickplace sites.
    regards
    Kedar Kulkarni

    Hi Jamie,
    For your scenario, you can try to clean the Cache for TFS manually(delete the content of the folder only, not the cache folder itself):
    Clean the Cache folder on client computer. The folder path is: C:\Users\username(Team Explorer user name)\AppData\Local\Microsoft\Team Foundation\5.0\Cache. (os: Windows Server 2008 R2)
    Clean the Cache folder on Server machine. The folder path is: C:\ProgramData\Microsoft\Team Foundation\Web Access\Cache_v11.0. (os: Windows Server 2008 R2)
     After cleaned, on Server machine, click Start and select Run… to open the dialog box, then input iisreset.exe and click OK, wait it run completely.
    Also sign out all the applications which authenticated with MS account. Delete the credential used to connect to TFS in credential manager and try again. Check whether you use windows authentication if it not works for you. Another option is repair your
    Visual Studio to make sure it was intalled correctly. If the problem still exist, elaborate more details about your scenario.
    Best regards,
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. <br/> Click <a
    href="http://support.microsoft.com/common/survey.aspx?showpage=1&scid=sw%3Ben%3B3559&theme=tech"> HERE</a> to participate the survey.

  • Using 6.0.2 on a Mac but received a message from Government site security concerns so upgrade to Firefox 7. In (about dialogue Box when selecting Check updates, I am informed that it is up to date.New version 7 available from website . What am I to do

    I am using a Apple Mac running Snow Leopard.

    I'm not able to reproduce this. I wonder if it is being caused by a plugin or add-on.
    '''Try Firefox Safe Mode''' to see if the problem goes away. [[Troubleshoot Firefox issues using Safe Mode|Firefox Safe Mode]] is a troubleshooting mode that temporarily turns off hardware acceleration, resets some settings, and disables add-ons (extensions and themes).
    '''If Firefox is open,''' you can restart in Firefox Safe Mode from the Help menu:
    * Click the menu button [[Image:New Fx Menu]], click Help [[Image:Help-29]] and select ''Restart with Add-ons Disabled''.
    '''If Firefox is not running,''' you can start Firefox in Safe Mode as follows:
    * On Windows: Hold the '''Shift''' key when you open the Firefox desktop or Start menu shortcut.
    * On Mac: Hold the '''option''' key while starting Firefox.
    * On Linux: Quit Firefox, go to your Terminal and run ''firefox -safe-mode'' <br>(you may need to specify the Firefox installation path e.g. /usr/lib/firefox)
    When the Firefox Safe Mode window appears, select "Start in Safe Mode".
    ;[[Image:SafeMode-Fx35]]
    '''''If the issue is not present in Firefox Safe Mode''''', your problem is probably caused by an extension, theme, or hardware acceleration. Please follow the steps in the [[Troubleshoot extensions, themes and hardware acceleration issues to solve common Firefox problems]] article to find the cause.
    ''To exit Firefox Safe Mode, just close Firefox and wait a few seconds before opening Firefox for normal use again.''
    When you figure out what's causing your issues, please let us know. It might help others with the same problem.

Maybe you are looking for

  • Attachments in Mail Downloads folder

    I found a folder Home>Library>Mail Downloads which was loaded with about every attachment I have ever received using Mail. I was trying to figure out why. In Mail prefs, there is an option to select a folder, I have chosen Home>Downloads pretty much

  • How to change a date format to a calendar format

    Date Dateformat= getDateFormat(); Calendar CalendarFormat= Calendar.getInstance(); CalendarFormat.setTime(DateFormat);

  • Where is "gallery"

    how do i publish a web gallery from iPhoto. i cannot see the "gallery" button, just the "mobileMe" icon, and clicking on that only tells me that i AM signed in , and takes me to the "account", "sync", etc... window. i have no "gallery" anywhere in, o

  • IMy nternal mic is not working. Any suggestions? Internal mic is checked in box.

    My mic on my mac does not work, I have it checked on but won't work in facetime or photobooth. you can't hear my voice but you can hear others.

  • Custom catalog messages from java

    Hi all, I have a question concerning cstomcatalog messages. I would like my java application to return a text from the catalog. I used the key and returned it in a string but it doesn't get translated to the correct value. Any ideas? Kevin