|
Hi guys.
I developed a web application, that permits my users to manage some aspects of a web site dynamically (yes, some kind of cms) in LAMP environment (debian, apache, php, mysql)
Well, for example, they create a news in their private area on my server...
Started by DaNieL on
, 9 posts
by 9 people.
Answer Snippets (Read the full thread at stackoverflow):
Trying to strip out rogue HTML from user input is nearly impossible, for example
<scr<script>ipt etc="...">
Removing from this will leave
<script etc... .
Rather than allow HTML, you should have some other markup that can be converted to HTML .
|
|
Could someone please describe what is exactly risks management in software development? What are the main tasks, goals, strategies, tools, e.t.c.?
Update:
This is not a homework question. I am being put into the position of one-man project management ...
Started by Inso Reiges on
, 6 posts
by 6 people.
Answer Snippets (Read the full thread at stackoverflow):
The risks you identify for your project a risk mitigation plan -- what will the project do if the risk comes to pass ? Since risks are, by my check points)....
Of a risk as the result of careful planning and management.
|
|
I'm planning on throwing together a quick web page for my students to teach them about JavaScript programming. On this page, I'd like to give them a text box and allow them to run JavaScript so that they can see the dynamic nature of the language at work...
Started by Spitfire on
, 8 posts
by 8 people.
Answer Snippets (Read the full thread at stackoverflow):
In short, there's very little risk (except performance-wise) of giving them free-reign with JavaScript to PHP /etc on the....
Since everything is being run client-on.
.)
If it's on a local "Throw-away" machine, then there is very little risk.
|
Ask your Facebook Friends
|
I'm considering installing macports on my mac so I can have easy access to *nix dev tools/apps. However, I'm wondering if there are any risks. I'm ok with the inevitable compatibility issue from time to time (hear snow leopard + macports has issues) but...
Started by timepilot on
, 7 posts
by 7 people.
Answer Snippets (Read the full thread at stackoverflow):
But its only stopped me from installing any new....
However, I did completely break my Mac Ports install - I now can't install or selfupdate .
I've been using it for years.
Its fine - I use MacPorts - it won't overwrite any of your existing apps in the Path .
|
|
I have written a .NET Windows service which runs as "Local System". Recently I read that, running as local system might expose system credential to hackers enabling them to take over the system. What are the risks involved and how can I prevent them when...
Started by n0vic3c0d3r on
, 4 posts
by 4 people.
Answer Snippets (Read the full thread at stackoverflow):
Http://www.sans.org/top20/
I think the main problem.
Information about the risks due to Local System.
|
|
I have an existing code base that is not packaged at all.
The code base is all minor Java programs designed to extend/enhance the functionality of a third party program. The current process is one jar per class, one class per file, no package.
I'd like...
Started by GoingTharn on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at stackoverflow):
The only risks are around explicit (or more likely, implicit) package definitions being out of date.
|
|
Relating to my question on upgrading a Fedora Core 6 machine , in the interim, before the upgrade is completed (which may take some time, given its not my machine, etc etc), are there any Fedora utils for identifying packages with security risks, like...
Started by Chris Kimpton on
, 4 posts
by 4 people.
Answer Snippets (Read the full thread at serverfault):
Even if there were other people looking at the packages, it probably would not:
Make it to the distro's update repo... .
I would recommend upgrading ...
Are you planning to update FC6 to a newer version or just patch it? FC6 is no longer actively supported .
|
|
The internet is full of " Tin foil hat " kind of people who would not dare use a wireless setup, but as the amount of wireless networks grows, I am interested in good and objective case studies and the general attitude towards the subject.
Does your company...
Started by Aron Rotteveel on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at serverfault):
Wireless health risks tend to be touted by the same nutters who think DNA can be supercharged, water can.
|
|
I want to set up IIS on an old XP box that I have on our our LAN at work so that I can host some Silverlight stuff on it that I am plying with so I show it to others on the internet. I have a public IP set up already that shoots straight through my firewall...
Started by MattSlay on
, 6 posts
by 6 people.
Answer Snippets (Read the full thread at stackoverflow):
Even if a compromise is....
That machine with their web browser?
You always increase your risk level by allowing access of risk by hosting this at the same location where you would like to conduct secure transactions from the outside world.
|
|
Guys,
We are in the process of migrating from SQL 2000 to SQL 2005. We have hundreds of DTS pacakges, that the development team is reluctant to redevelop using SSIS.
When migrating these packages to SSIS, I am faced with a problem - many of these packages...
Started by Raj on
, 3 posts
by 3 people.
Answer Snippets (Read the full thread at stackoverflow):
Xp_cmdshell is the biggest security risk in SQL Server because it allows a compromised SQL Server.
|
