Spry security (and maybe ajax security)?

Similar Messages

• What security site is compatible with Firefox? I have both McAffe and Total Defense Security Center

  I have both McAfee Security and Total Defense Security Center and I am having pulling up some surveys I used to be able to pull up like Harris Polls and Ipos. Please tell me if I need to delete one one these security sites.

  The choice of security software is up to you.
  It is probably worth noting that
  *It is usual to use only one set of AntiVirus software and only a single security suite.
  * Window provides security software free of charge for users of its MicroSoft Windows. (Windows 8 come with security software pre installed) <br /> http://windows.microsoft.com/en-US/windows/security-essentials-download
  * By default Firefox itself has anti phishing and anti malware features <br /> [[How does built-in Phishing and Malware Protection work?]]
  * Security software tends to be bundled with other software, some of which may be of speculative value.

• Ajax Login both secure and non secure url

  Does anyone know if there is a way to use ajax to log a user in for both the non secure and secure url. Normally if you're submitting a log in form over the secure url with the non secure url in the referrer parameter it will log you in on both domains but not via ajax. Anyone have a good work around?

  Here’s the code I’ve used…
  {% if Settings.Site_Live -%}
  {% assign redirectHTTP = "" -%}
  {% assign redirectDOMAIN = Settings.Site_URL -%}
  {% assign redirectEXTEND = "" -%}
  {% else -%}
  {% assign redirectHTTP = "http%3a%2f%2f" -%}
  {% assign redirectDOMAIN = Settings.System_Name -%}
  {% assign redirectEXTEND = ".fueldesign.co.nz" -%}
  {% endif -%}
  {% capture redirectURL -%}{{redirectHTTP}}{{redirectDOMAIN}}{{redirectEXTEND}}{% endcapture -%}
  <form class="form--box escapeWorldSecureSystems" method="post" action="https://{{Settings.System_Name}}.worldsecuresystems.com/ZoneProcess.aspx?ZoneID=51&amp;Referrer={{ redirectURL}}&amp;OID=&amp;OTYPE=" data-parsley-validate>
  Note: I have a Settings collection that has a lot of data from a Settings web app that controls a lot of settings for the website, such as “Site_Live” checkbox etc. this allows my sign-ins to be generic and editable site to site.
  And here’s the development URL where I’m working on this. (don’t just my site during development stage lol)
  http://astrolift.fueldesign.co.nz/ <http://astrolift.fueldesign.co.nz/>
  username: dev
  password: dev123
  Hopt this gives you some inspiration.
  Let us know if you get the ajax working.
  Cheers guys

• Web - What is easiest way to implement User Security and User Profiles

  Hi, I am new to these forums and kind of new to Java. Sorry if this is in the wrong forum!
  Bit of background to my experience with java
  I have been playing about with java for a number of years and have created a few basic programs such as a screen shot tool that allows you to capture to default locations and look at previews first etc. I am now venturing into web related stuff. I work in IT doing systems testing and have done bits of basic development on various things.
  What I've done so far
  I am using Netbeans IDE 6.7 and MySQL 5.0
  I am trying to learn more complex java and have decided to try build a basic web / database system that basically implements adding / amending / deleting data from a MySQL database through web pages. I am now trying to implement basic user access and profiles. I have so far got the following:
  - MySQL table with user info - username / password
  - JSP page with usual login stuff
  - Servlet that validates the username and password - if correct forwards to main menu page.
  Its as simple as that - there is nothing stopping you just typing in the URL of the main menu page and going from there.
  What I want
  I am wanting to eventually get the following:
  - User authentication so that you have to logon before you can access anything else
  - User profiles that determine what each user can or can't do, restricting the pages / services / options available (i.e. normal user can't delete etc)
  - Would it need some sort of session manager to allow multiple users etc?
  I appreciate this is a fairly open question but what is the easiest way to start implementing this? Not after specific code as I would prefer to try figger things out myself, but a point in the right direction would be great. It doesn't have to be extremely secure as this is just for me at the minute.
  I have spent all day looking at things like session data / url rewriting / security settings in web.xml / bespoke servlets and am now in java overload!

  Hi everyone,
  I've now actually gone back to the tutorial that I linked to above and implemented that using form login and j_security_check.
  Agree with Saish, and although I don't know enough about the other options to give a good reason, using realms and j_security_check just seems to be a bit cluncky and messy. I would also prefer something a bit more generic, that doesn't rely on setting users in glassfish, hence why I started with my own user table.
  Anyway, I will leave it as is for now and maybe come back and try one of the other options.
  The only problem I can see now is that to add users i will need to go through all the steps of adding users in glassfish and web.xml... Is there a way to do this through a servlet or something so I can have a jsp page to add users that also creats all the other bits for it to work?
  Thanks everyone for your help

• Securing file download with standard web security and ssl

  Hi,
  I want to put some files for download in my webapp. At the same time, I want to protect these files using standard servlet security and ssl. So I added <security-constraint> in my web.xml and configured tomcat to allow SSL connection. Now I got the files protected as I expected. When I try to access the file directly from browser, tomcat shows me the login page. However, after correct login, I.E. pops up an error saying something like "Internet Explorer cannot download XXX from XXX. The file could not be written to the cache.". The log file showed the following exception:
  javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset by peer: socket write error
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1154)
       at com.sun.net.ssl.internal.ssl.AppInputStream.available(AppInputStream.java:40)
       at org.apache.tomcat.util.net.TcpConnection.shutdownInput(TcpConnection.java:90)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:752)
       at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:526)
       at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
       at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
       at java.lang.Thread.run(Thread.java:595)
  Caused by: javax.net.ssl.SSLException: java.net.SocketException: Connection reset by peer: socket write error
       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1443)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1407)
       at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:64)
       at org.apache.coyote.http11.InternalOutputBuffer.realWriteBytes(InternalOutputBuffer.java:747)
       at org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:403)
       at org.apache.coyote.http11.InternalOutputBuffer.endRequest(InternalOutputBuffer.java:400)
       at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:961)
       at org.apache.coyote.Response.action(Response.java:182)
       at org.apache.coyote.Response.finish(Response.java:304)
       at org.apache.catalina.connector.OutputBuffer.close(OutputBuffer.java:281)
       at org.apache.catalina.connector.Response.finishResponse(Response.java:473)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:825)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:738)
       ... 4 more
  Caused by: java.net.SocketException: Connection reset by peer: socket write error
       at java.net.SocketOutputStream.socketWrite0(Native Method)
       at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
       at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
       at com.sun.net.ssl.internal.ssl.OutputRecord.writeBuffer(OutputRecord.java:283)
       at com.sun.net.ssl.internal.ssl.OutputRecord.write(OutputRecord.java:272)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:663)
       at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
       ... 15 more
  I've tried separating concerns, for example protect files but not require SSL, and enable SSL but do not protect files. Both works respectively but not together. I also tried using a download4j's DownloadServlet. Still doesn't work.
  Have any of you encouter the same situation? If so, could you enlight me what I did wrong? It maybe just a simple SSL configuration or something. Thanks in advance!
  Jack

  My environment setup is:
  JDK 1.5.01
  Tomcat 5.5.7
  For downloading files, I just use plain old <a href> method. I simply right-click the link and choose "save target as...".
  Thanks,
  Jack

• Using AX as wireless router, how to set up w/ security and airtunes on XP

  I previously had a Linksys wireless router. I just purchased an Airport express to use as the wireless router (and remove the Linksys router) as well as use the Airtunes functionality.
  After some trial and error, I have been able to wireless connect my computer to the AX on it's own (the linksys router is now unplugged and out of the equation). I can connect to the internet fine on my PC (XP Pro SP2).
  Trouble is, when I use the Network Setup Assistant, it shows the apple network listed, but it can't connect to it, no matter how many times I try, reboot my machine or reboot the AX. I've tried both the "setting up a new network" and "editing an existing network" option, and in each selection, after a few minutes of trying to connect to the network, I just get a failure message.
  If I try and use the Admin utility, nothing shows up in the left-hand list window, and when I Press re-scan, still nothing shows (it doesn't even appear to scan).
  I'm not sure what I'm doing wrong. I can't find simple instructions on how to set up the AX as the only wireless router for a PC and set up security and Airtunes (I'm assuming enabling airtunes is done in these applications, as I haven't seen anything about that yet either).
  Any ideas on how this is done with a PC? Much thanks!
  Dell 4500 series

  I have found the 'DHCP Reservations' option on the AirPort Extreme to be buggy.  I seem to remember it causing IP conflicts for some reason.  I think what I remember is that if the computer with the reservation was off, and the DHCP server then handed out that IP to another DHCP client, then there would be a conflict when the reserved IP computer was turned back on.  Maybe it was an issue in ealier versions of the AE or OS X as the case may be, and maybe it's been corrected, but I've never bothered using it agian since the method I describe below has always worked without fail.  Also, I'm guessing DHCP Reservations would work fine if one manually enters IPs outside of the DHCP range but in the AE 'DHCP Reservation Setup Assistant' the IP options provided are within the DHCP range which to me makes no sense and increases the potential for IP conflicts.
  Here's what I do to setup a mixed environment of static and dynamic IPs on my network.  It works like a charm and does not require the DHCP server (beyond the distribution of dynamic IPs to hosts using DHCP).
  For machines on my network that are accepting services from the public network, I set them up with static IPs using the 'Manually' option (System Preferences/Network/Ethernet/Configure IPv4).  The settings for 'Router' IP address and 'DNS Server' IP address should both be set with your gateway/router LAN IP).  Use an IP address below or above the DHCP range of adresses (in AE/Internet/DHCP/DHCP Beginning & Ending Address).
  i.e. if my subnet is 10.0.1.1 and my DHCP range is 10.0.1.100 to 10.0.1.150, you could set the static IPs on your local hosts as 10.0.1.x where x = any number from 2 - 99 or from 151 - 200 as an example.
  All other machines and devices that do not require static routing are setup as DHCP clients and get a dynamic IP from the AE.  To me it's a simpler setup though it might take a little extra time to setup initially.
  John

• Security and login problems

  iMac G5, 10.3.9
  Recently, the computer began to occasionally refuse passwords for accounts when trying to log on. From the logon screen, selecting an account and typing the password wouldn't work. The only solution was to restart.
  Unfortunately, when re-started, the computer bypassed the login screen and went straight to the Admin user account, allowing any user access to all functions. This is a major security problem. (Note, once re-started, logging out and back in worked fine, with passwords correct for each account).
  I ran Repair Permissions and thousands were fixed. Ran it again and it checked out fine. Now, restarting bypasses the login screen entirely, going straight to the Admin account. If you log out and back in, all still works fine.
  This is a serious problem. What's going on and how can I fix this?
  Carl
  Powerbook Pismo (G3 400)   Mac OS X (10.3.9)  

  Thanks, ali.
  It is, in fact, set as automatically log in as the admin account. Odd because it was never set that way in the beginning, but this is a relative's computer, and maybe someone else re-set the auto log in. I've re-set it back and will test the system again.
  Anyway, any ideas why the passwords would get corrupted and not work while the system is running? It typically happens when the computer goes to sleep.
  Carl

• Spam Control and a Personal Security protector

  I still use my old dinasour, AOL, (don't ask me why), and the Desktop AOL is not compatible with Snow Leopard, so the AOL spam Controls won't work. I can do a workaround by going to the internet and getting into AOL Mail, and do it that way, BUT IT'S A PAIN!!
  Does anyone have a favorite, reliable application I can buy or download that would prevent spam from getting into my email?? I am also looking for a personal security application...
  Suggestions, please?
  Paty

  Hi Paty!
  I'm still using AOL For Mac OSX Version 10.3.7; available from here AOL Downloads For Mac.
  At the bottom of the All-in-One Software column there is a link to legacy software which will start the download immediately.
  It has an excellent Spam filter and maybe will still be compatible with Snow Leopard.
  ali b

• Security and/or filtering error in data form creation

  Hi,
  I am getting this error when I am trying to preview my data form.
  This is the first time I am creating an application and data form in Hyperion.
  The data form is multicurrency and plan type is Plan1.
  Row:
  Account members: Descendants(Account)
  Column:
  Year:Descendants(FY10)
  Period:Descendants(YearTotal)
  Page Dimension(s)
  Entity:Descendants(Entity)
  Scenario:Current
  Version:BU Version_1
  POV:
  Currency:USD
  Disabled all options in "Other options" and Not selected any business rukes.
  When selecting preview data form I am getting below error:
  Security and/or filtering has resulted in a required dimension not being represented on this data form
  I have not selected any security/filter settings as of now. Please suggest whats causing this.
  Thanks,

  Hi Jake,
  I did what you suggested,but I am still getting same error.
  Here I would like to point out that. I have selected my application to support multicurrency, but 'HSP_RATES' does not come in Dimension selection drop down. I can see 'HSP_RATES' in Performance settings tab, but I cant see it in Dimensions tab or Evaluation order tab.
  Is this causing problem? Should I add it manually?
  Thanks,
  Rajni.

• Is there a way to check FF as BOTH webroot security and now my bank sent a security notification that my Firefox is not secure and may be redirecting elsewhere.

  "ACTIVE PROCESS HAS A POSSIBLE MEMORY LEAK firefox.exe"
  When I run a system analyzer for WEBROOT the results state that there is a security breach for my Firefox browser.
  When I went to access my bank info I receive a message that Firefox is redirecting to a site with a bad certificate.
  Is there a way to CHECK to see if I have a secure copy of Firefox? (Yes, I did install through the main site.
  I TEACH technology for the public school system and have top security which updates regularly and my pc itself runs regular maintenance as well.

  Are there any unknown addons, and do a malware check with some different programs, unless Webroot is bashing firefox over a memory leak it had 2 years ago.
  * [http://www.microsoft.com/security/scanner/default.aspx Microsoft Safety Scanner]
  * [http://www.malwarebytes.org/products/malwarebytes_free/ MalwareBytes' Anti-Malware]
  * [http://support.kaspersky.com/faq/?qid=208283363 TDSSKiller - AntiRootkit Utility]
  * [http://www.surfright.nl/en/hitmanpro/ Hitman Pro]
  * [http://www.eset.com/us/online-scanner/ ESET Online Scanner]

• Secure and non-secure access to the web application in one war

  Say we have one web application (in one war) which includes JSP, servlets and the security intercepter. There is one business requirement to have most of the JSP(s) accessed via HTTPS, but a few JSP(S) accessed via HTTP.
  My questions are:
  a. Is this possible, or a reasonable requirement or a good practice?
  b. if yes, what can we do to make it happen in the security intercepter implementation?
  c. If not, what is the technical reasons?
  Thanks much.

  a) Yes its is reasonable and good practive, there is an overhead using https, so you should only encrypt file you need to. When you use an online store, only account details / payments are https, the shop itself is http
  b) I dont really understand your difficulty. You can define a folder as 'secure' and put all your secure pages in this folder, leaving non secure files in a different folder. Whenever a page in the secure folder is accessed, https is automatically invoked.

• HT5047 I've just downloaded ver 7 operating software AND ENTERED A SECURE CODE FOR THE PHONE NOW I CAN"T USE IT TO OPEN  A MESSAGE FROM FACE BOOK

  I just downloaded 0s 7 ser a code for security and when i recieved a nessage from facebook and was asked to enter the code it would:nt work and finally locked my phone. Help!!

  Reinstall Safari 5.1.1
  If that doesn't help install the Mac OS X 10.6.8 Update Combo. It's ok to do this even though you are already running v10.6.8.
  Restart your Mac after installing software.

• After AVG PC Tune up, software update message for security and stability update is available FireFox 3.6.18. Should I Update?

  My Dell laptop (Operating on Windows XP) was hit with multiple viruses - I could not open Mozilla Firefox or any other applications for that matter. After much time and many attempts, I was finally able to install and run an AVG Scan and then an AVG PC Tune up. 4,559 problems found and repaired. After the repairs, I received the following message:
  "Software Update - A security and stability update for Firefox is available: Firefox 3.6.18 - It is strongly recommended that you apply this update for Firefox as soon as possible. - an underlined link reading, "View more information about this update" and then 2 choices - "Ask Later" or "Update Firefox." Since part of the problem was with Firefox and some error messages pointed to that, I'm hesitant to click on any of the three options above. Can you help me to get past this error message, please. I am sending this from my home computer. Thank you. Diane

  Sometimes the updater gets in a funny state - Go to http://www.mozilla.org/en-US/firefox/new/ and download the full installer. Close Firefox and run the installer

• After upgrading to Mountain Lion I am not able to access "security and privacy" button under "system preferences". I like to activate "find my mac" but cannot access privacy setting after upgrade. Kindly advice.

  After upgrading to Mountain Lion I am not able to access "security and privacy" button under "system preferences". I like to activate "find my mac" but cannot access privacy setting after upgrade. Kindly advice.

• I am having email problems with the new Lion.  stmp, imap, etc. I have looked up google info and It is confusing when it comes to TS, SSL also, please explain how to set it up so my email goes out and comes in securely.  Help

  I am having email problems with the new Mountain Lion.  stmp, imap, etc. I have looked up google info and It is confusing when it comes to TS, SSL also, please explain how to set it up so my email goes out and comes in securely.  Help
  Incoming Mail (IMAP) Server - requires SSL:
  imap.gmail.com
  Use SSL: Yes
  Port: 993
  Outgoing Mail (SMTP) Server - requires TLS:
  smtp.gmail.com (use authentication)
  Use Authentication: Yes
  Use STARTTLS: Yes (some clients call this SSL)
  Port: 465 or 587
  Account Name:
  your full email address (including @gmail.com) Google Apps users, please enter username@your_domain.com
  Email Address:
  your full Gmail email address ([email protected]) Google Apps users, please enter username@your_domain.com
  Password:
  your Gmail password
  The Quick Answer
  Follow the instructions below to set up IMAP1 access in most email clients.
  Google Apps users, please follow the default instructions unless otherwise noted, replacing 'your_domain.com' with your actual domain2 name.
  this is all greek to me. WHAT IS STARTTLS? On the first page of Apple set up there is a TLS certificate and it is marked NONE- should I change it to the long APPLE CERT option?  The next page under ADVANCED: THERE IS A BOX SSL MARKED.  Then IMAP Path Prefix - I put stmp.gmail.com.. is that right?  Port 993 can  use this one? as 456 doesn't work and 587 said it wasn't safe.  Under AUTHENTICATION I used PASSWORD.  Should I have used external client cert TLS?
  Please help me set this up securely. Thanks

  Apple - Support - Mail Setup Assistant