Search Results

Search found 16163 results on 647 pages for 'advanced security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 104/647 | < Previous Page | 100 101 102 103 104 105 106 107 108 109 110 111  | Next Page >

  • WCF: Using Streaming and Username/Password authentication at the same time

    - by Kay
    Hi, I have a WCF Service with the following requirements: a) The client requests a file from the server which is transferred as a Stream. Files may be 100MB or larger. I need streaming or chucking or whatever to make sure that IIS is not loading the whole package into memory before starting to send it. b) The client will transfer an ID to identify the file to be downloaded. The user should be authenticated by providing username/password. c) While the username/password part of the communication needs to be encrypted, encryption of the downloaded file is optional for our use case. My other services, where I am returning smaller files, I am using the following binding: <ws2007HttpBinding> <binding name="ws2007HttpExtern" maxReceivedMessageSize="65536000"> <security mode="Message"> <message clientCredentialType="UserName" /> </security> </binding> </ws2007HttpBinding> But, as I said, that is no good for streaming (Message encryption needs the complete message to encrypt and that is not the case when streaming). So, I asked Microsoft support and I got more or less the following proposal: <bindings> <basicHttpBinding> <binding name="basicStreaming" messageEncoding="Mtom" transferMode="StreamedResponse"> <security mode="Transport"> <transport clientCredentialType="Basic" /> </security> </binding> </bindings> <services> <service behaviorConfiguration="MyProject.WCFInterface.DownloadBehavior" name="MyProject.WCFInterface.DownloadFile"> <endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicStreaming" contract="MyProject.WCFInterface.IDownloadFile" /> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> </service> </services> <behaviors> <serviceBehaviors> <behavior name="MyProject.WCFInterface.DownloadBehavior"> <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors> When I use this, I get the following error message: Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http]. I am using the Web Development Server so far (for production IIS7). I have two questions. a) How would you configure WCF to achieve the goal? b) If the MS proposal is good: What I am doing wrong, the error message does not really help me. Thanks.

    Read the article

  • Winforms role based security limitations

    - by muhan
    I'm implementing role based security using Microsoft's membership and role provider. The theoretical problem I'm having is that you implement a specific role on a method such as: [PrincipalPermissionAttribute(SecurityAction.Demand, Role="Supervisor")] private void someMethod() {} What if at some point down the road, I don't want Supervisors to access someMethod() anymore? Wouldn't I have to change the source code to make that change? Am I missing something? It seems there has to be some way to abstract the relationship between the supervisors role and the method so I can create a way in the application to change this coupling of role permission to method. Any insight or direction would be appreciated. Thank you.

    Read the article

  • ORA-03113 in code. In addition, TNS-12535 and ORA-03137 in alert file

    - by user1348107
    I've got an exception that contain ORA-03113: (SiPPSS.GetPrintWorkDirectDetail) - ERR:ORA-03113: end-of-file on communication channel Process ID: 7448 Session ID: 30 Serial number: 9802 ?????:12110937 ????:T855 Oracle.DataAccess.Client.OracleException ORA-03113: end-of-file on communication channel Process ID: 7448 Session ID: 30 Serial number: 9802 ?? Oracle.DataAccess.Client.OracleException.HandleErrorHelper(Int32 errCode, OracleConnection conn, IntPtr opsErrCtx, OpoSqlValCtx* pOpoSqlValCtx, Object src, String procedure, Boolean bCheck) ?? Oracle.DataAccess.Client.OracleException.HandleError(Int32 errCode, OracleConnection conn, String procedure, IntPtr opsErrCtx, OpoSqlValCtx* pOpoSqlValCtx, Object src, Boolean bCheck) ?? Oracle.DataAccess.Client.OracleCommand.ExecuteReader(Boolean requery, Boolean fillRequest, CommandBehavior behavior) ?? Oracle.DataAccess.Client.OracleDataAdapter.Fill(DataTable[] dataTables, Int32 startRecord, Int32 maxRecords, IDbCommand command, CommandBehavior behavior) ?? System.Data.Common.DbDataAdapter.Fill(DataTable dataTable) ?? SiPPSS.VSireiMeisaiDsTableAdapters.V_SIREI_MEISAITableAdapter.FillByRunningNoAndProcNo(V_SIREI_MEISAIDataTable dataTable, String RUNNING_NO, String PROC_NO) ?? C:\SVM\trunk\SiPPSSServer\Server\Dao\View\VSireiMeisaiDs.Designer.vb:? 386 ?? SiPPSS.GetPrintWorkDirectDetail.Execute(BLogicParam param) ?? C:\SVM\trunk\SiPPSSServer\Server\BLogic\Screen\Printing\Rprt0701\GetPrintWorkDirectDetail.vb:? 105 In this case, the oracle alert log as beblow: Fatal NI connect error 12170. VERSION INFORMATION: TNS for 64-bit Windows: Version 11.2.0.1.0 - Production Oracle Bequeath NT Protocol Adapter for 64-bit Windows: Version 11.2.0.1.0 - Production Windows NT TCP/IP NT Protocol Adapter for 64-bit Windows: Version 11.2.0.1.0 - Production Time: 01-11?-2012 13:50:45 Tracing not turned on. Tns error struct: ns main err code: 12535 TNS-12535: TNS: ??????·???????? ns secondary err code: 12560 nt main err code: 505 TNS-00505: ??????????? nt secondary err code: 60 nt OS err code: 0 Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=10.41.102.53)(PORT=1794)) Thu Nov 01 13:54:17 2012 Thread 1 cannot allocate new log, sequence 1880 Private strand flush not complete Current log# 1 seq# 1879 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO01.LOG Thread 1 advanced to log sequence 1880 (LGWR switch) Current log# 2 seq# 1880 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO02.LOG Thu Nov 01 13:54:21 2012 Archived Log entry 1118 added for thread 1 sequence 1879 ID 0xe48db805 dest 1: Thu Nov 01 14:40:12 2012 Thread 1 cannot allocate new log, sequence 1881 Private strand flush not complete Current log# 2 seq# 1880 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO02.LOG Thread 1 advanced to log sequence 1881 (LGWR switch) Current log# 3 seq# 1881 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO03.LOG Thu Nov 01 14:40:16 2012 Archived Log entry 1119 added for thread 1 sequence 1880 ID 0xe48db805 dest 1: Thu Nov 01 15:27:42 2012 Thread 1 cannot allocate new log, sequence 1882 Private strand flush not complete Current log# 3 seq# 1881 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO03.LOG Thread 1 advanced to log sequence 1882 (LGWR switch) Current log# 1 seq# 1882 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO01.LOG Thu Nov 01 15:27:46 2012 Archived Log entry 1120 added for thread 1 sequence 1881 ID 0xe48db805 dest 1: Thu Nov 01 16:23:48 2012 Thread 1 cannot allocate new log, sequence 1883 Private strand flush not complete Current log# 1 seq# 1882 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO01.LOG Thread 1 advanced to log sequence 1883 (LGWR switch) Current log# 2 seq# 1883 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO02.LOG Thu Nov 01 16:23:52 2012 Archived Log entry 1121 added for thread 1 sequence 1882 ID 0xe48db805 dest 1: Thu Nov 01 17:05:50 2012 Thread 1 cannot allocate new log, sequence 1884 Private strand flush not complete Current log# 2 seq# 1883 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO02.LOG Thread 1 advanced to log sequence 1884 (LGWR switch) Current log# 3 seq# 1884 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO03.LOG Thu Nov 01 17:05:55 2012 Archived Log entry 1122 added for thread 1 sequence 1883 ID 0xe48db805 dest 1: Thu Nov 01 17:26:52 2012 Fatal NI connect error 12170. VERSION INFORMATION: TNS for 64-bit Windows: Version 11.2.0.1.0 - Production Oracle Bequeath NT Protocol Adapter for 64-bit Windows: Version 11.2.0.1.0 - Production Windows NT TCP/IP NT Protocol Adapter for 64-bit Windows: Version 11.2.0.1.0 - Production Time: 01-11?-2012 17:26:52 Tracing not turned on. Tns error struct: ns main err code: 12535 TNS-12535: TNS: ??????·???????? ns secondary err code: 12560 nt main err code: 505 TNS-00505: ??????????? nt secondary err code: 60 nt OS err code: 0 Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=10.41.102.62)(PORT=1286)) Thu Nov 01 17:27:16 2012 Fatal NI connect error 12170. VERSION INFORMATION: TNS for 64-bit Windows: Version 11.2.0.1.0 - Production Oracle Bequeath NT Protocol Adapter for 64-bit Windows: Version 11.2.0.1.0 - Production Windows NT TCP/IP NT Protocol Adapter for 64-bit Windows: Version 11.2.0.1.0 - Production Time: 01-11?-2012 17:27:16 Tracing not turned on. Tns error struct: ns main err code: 12535 TNS-12535: TNS: ??????·???????? ns secondary err code: 12560 nt main err code: 505 TNS-00505: ??????????? nt secondary err code: 60 nt OS err code: 0 Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=10.41.102.62)(PORT=1285)) Thu Nov 01 18:08:39 2012 Thread 1 advanced to log sequence 1885 (LGWR switch) Current log# 1 seq# 1885 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO01.LOG Thu Nov 01 18:08:40 2012 Archived Log entry 1123 added for thread 1 sequence 1884 ID 0xe48db805 dest 1: Thu Nov 01 19:33:21 2012 Thread 1 cannot allocate new log, sequence 1886 Private strand flush not complete Current log# 1 seq# 1885 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO01.LOG Thread 1 advanced to log sequence 1886 (LGWR switch) Current log# 2 seq# 1886 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO02.LOG Thu Nov 01 19:33:25 2012 Archived Log entry 1124 added for thread 1 sequence 1885 ID 0xe48db805 dest 1: Thu Nov 01 20:32:25 2012 Thread 1 cannot allocate new log, sequence 1887 Private strand flush not complete Current log# 2 seq# 1886 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO02.LOG Thread 1 advanced to log sequence 1887 (LGWR switch) Current log# 3 seq# 1887 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO03.LOG Thu Nov 01 20:32:29 2012 Archived Log entry 1125 added for thread 1 sequence 1886 ID 0xe48db805 dest 1: Thu Nov 01 21:13:07 2012 Thread 1 advanced to log sequence 1888 (LGWR switch) Current log# 1 seq# 1888 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO01.LOG Thu Nov 01 21:13:08 2012 Archived Log entry 1126 added for thread 1 sequence 1887 ID 0xe48db805 dest 1: Thu Nov 01 22:00:00 2012 Setting Resource Manager plan SCHEDULER[0x3006]:DEFAULT_MAINTENANCE_PLAN via scheduler window Setting Resource Manager plan DEFAULT_MAINTENANCE_PLAN via parameter Thu Nov 01 22:00:00 2012 Starting background process VKRM Thu Nov 01 22:00:00 2012 VKRM started with pid=32, OS id=4048 Thu Nov 01 22:00:59 2012 Thread 1 cannot allocate new log, sequence 1889 Private strand flush not complete Current log# 1 seq# 1888 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO01.LOG Thread 1 advanced to log sequence 1889 (LGWR switch) Current log# 2 seq# 1889 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO02.LOG Thu Nov 01 22:01:03 2012 Archived Log entry 1127 added for thread 1 sequence 1888 ID 0xe48db805 dest 1: Thu Nov 01 22:32:36 2012 Thread 1 advanced to log sequence 1890 (LGWR switch) Current log# 3 seq# 1890 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO03.LOG Thu Nov 01 22:32:37 2012 Archived Log entry 1128 added for thread 1 sequence 1889 ID 0xe48db805 dest 1: Thu Nov 01 22:33:18 2012 Errors in file d:\oracle\diag\rdbms\siporex\siporex\trace\siporex_ora_11884.trc (incident=101313): ORA-03137: TTC protocol internal error : [12333] [8] [49] [50] [] [] [] [] Incident details in: d:\oracle\diag\rdbms\siporex\siporex\incident\incdir_101313\siporex_ora_11884_i101313.trc Thu Nov 01 22:33:21 2012 Trace dumping is performing id=[cdmp_20121101223321] Thu Nov 01 22:40:43 2012 Thread 1 cannot allocate new log, sequence 1891 Private strand flush not complete Current log# 3 seq# 1890 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO03.LOG Thread 1 advanced to log sequence 1891 (LGWR switch) Current log# 1 seq# 1891 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO01.LOG Thu Nov 01 22:40:47 2012 Archived Log entry 1129 added for thread 1 sequence 1890 ID 0xe48db805 dest 1: Thu Nov 01 23:47:30 2012 Thread 1 cannot allocate new log, sequence 1892 Private strand flush not complete Current log# 1 seq# 1891 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO01.LOG Thread 1 advanced to log sequence 1892 (LGWR switch) Current log# 2 seq# 1892 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO02.LOG Thu Nov 01 23:47:34 2012 Archived Log entry 1130 added for thread 1 sequence 1891 ID 0xe48db805 dest 1: Fri Nov 02 00:49:31 2012 Thread 1 cannot allocate new log, sequence 1893 Private strand flush not complete Current log# 2 seq# 1892 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO02.LOG Thread 1 advanced to log sequence 1893 (LGWR switch) Current log# 3 seq# 1893 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO03.LOG Fri Nov 02 00:49:35 2012 Archived Log entry 1131 added for thread 1 sequence 1892 ID 0xe48db805 dest 1: Fri Nov 02 01:43:12 2012 Thread 1 cannot allocate new log, sequence 1894 Private strand flush not complete Current log# 3 seq# 1893 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO03.LOG Thread 1 advanced to log sequence 1894 (LGWR switch) Current log# 1 seq# 1894 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO01.LOG Fri Nov 02 01:43:17 2012 Archived Log entry 1132 added for thread 1 sequence 1893 ID 0xe48db805 dest 1: Fri Nov 02 01:52:51 2012 Errors in file d:\oracle\diag\rdbms\siporex\siporex\trace\siporex_ora_6124.trc (incident=101273): ORA-03137: TTC protocol internal error : [12333] [4] [80] [82] [] [] [] [] Incident details in: d:\oracle\diag\rdbms\siporex\siporex\incident\incdir_101273\siporex_ora_6124_i101273.trc Fri Nov 02 01:52:54 2012 Trace dumping is performing id=[cdmp_20121102015254] Fri Nov 02 02:00:00 2012 Clearing Resource Manager plan via parameter Fri Nov 02 02:43:37 2012 Thread 1 cannot allocate new log, sequence 1895 Private strand flush not complete Current log# 1 seq# 1894 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO01.LOG Thread 1 advanced to log sequence 1895 (LGWR switch) Current log# 2 seq# 1895 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO02.LOG Fri Nov 02 02:43:41 2012 Archived Log entry 1133 added for thread 1 sequence 1894 ID 0xe48db805 dest 1: Fri Nov 02 04:46:18 2012 Thread 1 cannot allocate new log, sequence 1896 Private strand flush not complete Current log# 2 seq# 1895 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO02.LOG Thread 1 advanced to log sequence 1896 (LGWR switch) Current log# 3 seq# 1896 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO03.LOG Fri Nov 02 04:46:22 2012 Archived Log entry 1134 added for thread 1 sequence 1895 ID 0xe48db805 dest 1: Fri Nov 02 04:51:41 2012 Errors in file d:\oracle\diag\rdbms\siporex\siporex\trace\siporex_ora_4048.trc (incident=101425): ORA-03137: TTC protocol internal error : [12333] [4] [67] [85] [] [] [] [] Incident details in: d:\oracle\diag\rdbms\siporex\siporex\incident\incdir_101425\siporex_ora_4048_i101425.trc Fri Nov 02 04:51:44 2012 Trace dumping is performing id=[cdmp_20121102045144] Fri Nov 02 05:54:44 2012 Thread 1 cannot allocate new log, sequence 1897 Private strand flush not complete Current log# 3 seq# 1896 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO03.LOG Thread 1 advanced to log sequence 1897 (LGWR switch) Current log# 1 seq# 1897 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO01.LOG Fri Nov 02 05:54:48 2012 Archived Log entry 1135 added for thread 1 sequence 1896 ID 0xe48db805 dest 1: Fri Nov 02 07:00:34 2012 Thread 1 cannot allocate new log, sequence 1898 Private strand flush not complete Current log# 1 seq# 1897 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO01.LOG Thread 1 advanced to log sequence 1898 (LGWR switch) Current log# 2 seq# 1898 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO02.LOG Fri Nov 02 07:00:38 2012 Archived Log entry 1136 added for thread 1 sequence 1897 ID 0xe48db805 dest 1: Fri Nov 02 08:32:41 2012 Thread 1 cannot allocate new log, sequence 1899 Private strand flush not complete Current log# 2 seq# 1898 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO02.LOG Thread 1 advanced to log sequence 1899 (LGWR switch) Current log# 3 seq# 1899 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO03.LOG Fri Nov 02 08:32:45 2012 Archived Log entry 1137 added for thread 1 sequence 1898 ID 0xe48db805 dest 1: Fri Nov 02 09:48:57 2012 Thread 1 advanced to log sequence 1900 (LGWR switch) Current log# 1 seq# 1900 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO01.LOG Fri Nov 02 09:48:58 2012 Archived Log entry 1138 added for thread 1 sequence 1899 ID 0xe48db805 dest 1: Fri Nov 02 10:18:15 2012 Thread 1 cannot allocate new log, sequence 1901 Private strand flush not complete Current log# 1 seq# 1900 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO01.LOG Thread 1 advanced to log sequence 1901 (LGWR switch) Current log# 2 seq# 1901 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO02.LOG Fri Nov 02 10:18:19 2012 Archived Log entry 1139 added for thread 1 sequence 1900 ID 0xe48db805 dest 1: Fri Nov 02 10:22:58 2012 Thread 1 cannot allocate new log, sequence 1902 Private strand flush not complete Current log# 2 seq# 1901 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO02.LOG Thread 1 advanced to log sequence 1902 (LGWR switch) Current log# 3 seq# 1902 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO03.LOG Fri Nov 02 10:23:02 2012 Archived Log entry 1140 added for thread 1 sequence 1901 ID 0xe48db805 dest 1: Fri Nov 02 10:27:38 2012 Thread 1 cannot allocate new log, sequence 1903 Checkpoint not complete Current log# 3 seq# 1902 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO03.LOG Thread 1 cannot allocate new log, sequence 1903 Private strand flush not complete Current log# 3 seq# 1902 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO03.LOG Thread 1 advanced to log sequence 1903 (LGWR switch) Current log# 1 seq# 1903 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO01.LOG Fri Nov 02 10:27:45 2012 Archived Log entry 1141 added for thread 1 sequence 1902 ID 0xe48db805 dest 1: Fri Nov 02 10:32:27 2012 Thread 1 cannot allocate new log, sequence 1904 Checkpoint not complete Current log# 1 seq# 1903 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO01.LOG Thread 1 cannot allocate new log, sequence 1904 Private strand flush not complete Current log# 1 seq# 1903 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO01.LOG Thread 1 advanced to log sequence 1904 (LGWR switch) Current log# 2 seq# 1904 mem# 0: D:\ORACLE\ORADATA\SIPOREX\REDO02.LOG Fri Nov 02 10:32:34 2012 Archived Log entry 1142 added for thread 1 sequence 1903 ID 0xe48db805 dest 1: Fri Nov 02 10:35:42 2012 Errors in file d:\oracle\diag\rdbms\siporex\siporex\trace\siporex_ora_15856.trc (incident=101353): ORA-03137: TTC protocol internal error : [12333] [8] [49] [50] [] [] [] [] Incident details in: d:\oracle\diag\rdbms\siporex\siporex\incident\incdir_101353\siporex_ora_15856_i101353.trc Fri Nov 02 10:35:44 2012 Trace dumping is performing id=[cdmp_20121102103544] I don't know main reason of this issue as well as how to fixing it. Please help me.

    Read the article

  • System.Security.VerificationException: Operation could destabilize the runtime

    - by Rigobert Song
    I have a web service which is queried using linq to sql but returns an array of objects. I keep getting the following error: System.Security.VerificationException: Operation could destabilize the runtime When I run a method that uses a linq statement to return an array I get this error, but only on my test server, which is windows server 2008. Everything works fine in my win 7 machine. The project is a .net 3.5. Any ideas what the problem might be? Thanks UPDATE: My linq queries return IQueryable.

    Read the article

  • Quick question on session security.

    - by Scarface
    Hey guys, I was scanning my site for security and I noticed that it was possible for non users to send requests and post information, so I decided to put login checks on all information posts. I was wondering if it was a good way to keep a session id that is created by md5(uniqid()); in a session variable $_SESSION['id']=md5(uniqid()); for each user and then store that in a database under active users for that user. Then when a user tries to insert information, verify that their $_SESSION['id'] variable is equal to the one in the database where the username equals their $_SESSION['username']. What are your ideas on this guys? Thanks in advance!

    Read the article

  • Implementing Security on custom BCS/.net class?

    - by Michael Stum
    I'm implementing a custom BCS Model to get data from a backend system. As the backend uses it's own user management, I'm accessing it through a service account. All of this works well and allows me to pull data into SharePoint. However because it's channeled through the service account, everyone can access it, which is bad. Can anyone give me some tips which method to implement? The backend does not give me NT ACLs, but I wonder if I could just "fake" them somehow? (Essentially saying "This NT Group has Read Access" is good enough). I am aware of ISecurityTrimmer2 for Search Results, but ideally I want to cover security inside the BCS Model so that it applies to external lists as well. I want to avoid using Secure storage and mapping each individual user to the backend.

    Read the article

  • Hacking your own application

    - by instigator
    I am a web developer that is very conscious of security and try and make my web applications as secure as possible. How ever I have started writing my own windows applications in C# and when it comes testing the security of my C# application, I am really only a novice. Just wondering if anyone has any good tutorials/readme's on how to hack your own windows application and writing secure code.

    Read the article

  • I have a problem with a AE1200 Cisco/Linksys Wireless-N USB adapter having stopped working after I ran the update manager in Ubuntu 12.04

    - by user69670
    Here is the problem, I use a Cisco/Linksys AE1200 wireless network adapter to connect my desktop to a public wifi internet connection. I use ndiswrapper to use the windows driver and it had been working fine for me untill I ran the update manager overnight a few days ago. When I woke up it was asking for the normal computer restart to implement the changes but after rebooting the computer, the wireless adapter did not work, the status light on the adapter did not light up even though ubuntu recognizes it is there and according to ndiswrapper the drivers are loaded and the hardware is present. the grep command is being a bitch for some unknown reason today so this will be long sorry Output from "lspci": 00:00.0 Host bridge: Advanced Micro Devices [AMD] nee ATI Radeon Xpress 200 Host Bridge (rev 01) 00:01.0 PCI bridge: Advanced Micro Devices [AMD] nee ATI RS480 PCI Bridge 00:12.0 SATA controller: Advanced Micro Devices [AMD] nee ATI SB600 Non-Raid-5 SATA 00:13.0 USB controller: Advanced Micro Devices [AMD] nee ATI SB600 USB (OHCI0) 00:13.1 USB controller: Advanced Micro Devices [AMD] nee ATI SB600 USB (OHCI1) 00:13.2 USB controller: Advanced Micro Devices [AMD] nee ATI SB600 USB (OHCI2) 00:13.3 USB controller: Advanced Micro Devices [AMD] nee ATI SB600 USB (OHCI3) 00:13.4 USB controller: Advanced Micro Devices [AMD] nee ATI SB600 USB (OHCI4) 00:13.5 USB controller: Advanced Micro Devices [AMD] nee ATI SB600 USB Controller (EHCI) 00:14.0 SMBus: Advanced Micro Devices [AMD] nee ATI SBx00 SMBus Controller (rev 13) 00:14.1 IDE interface: Advanced Micro Devices [AMD] nee ATI SB600 IDE 00:14.3 ISA bridge: Advanced Micro Devices [AMD] nee ATI SB600 PCI to LPC Bridge 00:14.4 PCI bridge: Advanced Micro Devices [AMD] nee ATI SBx00 PCI to PCI Bridge 01:05.0 VGA compatible controller: Advanced Micro Devices [AMD] nee ATI RC410 [Radeon Xpress 200] 02:02.0 Communication controller: Conexant Systems, Inc. HSF 56k Data/Fax Modem 02:03.0 Multimedia audio controller: Creative Labs CA0106 Soundblaster 02:05.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10) Output from "lsusb": Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 001 Device 009: ID 13b1:0039 Linksys AE1200 802.11bgn Wireless Adapter [Broadcom BCM43235] Bus 003 Device 002: ID 045e:0053 Microsoft Corp. Optical Mouse Bus 004 Device 002: ID 1043:8006 iCreate Technologies Corp. Flash Disk 32-256 MB Output from "ifconfig": eth0 Link encap:Ethernet HWaddr 00:19:21:b6:af:7c UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:20 Base address:0xb400 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:13232 errors:0 dropped:0 overruns:0 frame:0 TX packets:13232 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1084624 (1.0 MB) TX bytes:1084624 (1.0 MB) Output from "iwconfig": lo no wireless extensions. eth0 no wireless extensions. Output from "lsmod": Module Size Used by nls_iso8859_1 12617 1 nls_cp437 12751 1 vfat 17308 1 fat 55605 1 vfat uas 17828 0 usb_storage 39646 1 nls_utf8 12493 1 udf 84366 1 crc_itu_t 12627 1 udf snd_ca0106 39279 2 snd_ac97_codec 106082 1 snd_ca0106 ac97_bus 12642 1 snd_ac97_codec snd_pcm 80845 2 snd_ca0106,snd_ac97_codec rfcomm 38139 0 snd_seq_midi 13132 0 snd_rawmidi 25424 2 snd_ca0106,snd_seq_midi bnep 17830 2 parport_pc 32114 0 bluetooth 158438 10 rfcomm,bnep ppdev 12849 0 snd_seq_midi_event 14475 1 snd_seq_midi snd_seq 51567 2 snd_seq_midi,snd_seq_midi_event snd_timer 28931 2 snd_pcm,snd_seq snd_seq_device 14172 3 snd_seq_midi,snd_rawmidi,snd_seq snd 62064 11 snd_ca0106, snd_ac97_codec,snd_pcm,snd_rawj9fe snd_ca0106,snd_ac97_codec,snd_pcm,snd_rawmidi,snd_seq,snd_timer,snd_seq_device soundcore 14635 1 snd snd_page_alloc 14108 2 snd_ca0106,snd_pcm sp5100_tco 13495 0 i2c_piix4 13093 0 radeon 733693 3 ttm 65344 1 radeon drm_kms_helper 45466 1 radeon drm 197692 5 radeon,ttm,drm_kms_helper i2c_algo_bit 13199 1 radeon mac_hid 13077 0 shpchp 32325 0 ati_agp 13242 0 lp 17455 0 parport 40930 3 parport_pc,ppdev,lp usbhid 41906 0 hid 77367 1 usbhid 8139too 23283 0 8139cp 26759 0 pata_atiixp 12999 1 Output from "sudo lshw -C network": *-network description: Ethernet interface product: RTL-8139/8139C/8139C+ vendor: Realtek Semiconductor Co., Ltd. physical id: 5 bus info: pci@0000:02:05.0 logical name: eth0 version: 10 serial: 00:19:21:b6:af:7c size: 10Mbit/s capacity: 100Mbit/s width: 32 bits clock: 33MHz capabilities: pm bus_master cap_list ethernet physical tp mii 10bt 10bt-fd 100bt 10 0bt-fd autonegotiation configuration: autonegotiation=on broadcast=yes driver=8139too driverversion=0.9.28 duplex=half latency=64 link=no maxlatency=64 mingnt=32 multicast=yes port=MII speed=10Mbit/s resources: irq:20 ioport:b400(size=256) memory:ff5fdc00-ff5fdcff Output from "iwlist scan": lo Interface doesn't support scanning. eth0 Interface doesn't support scanning. Output from "lsb_release -d": Ubuntu 12.04 LTS Output from "uname -mr": 3.2.0-24-generic-pae i686 Output from "sudo /etc/init.d/networking restart": * Running /etc/init.d/networking restart is deprecated because it may not enable again some interfaces * Reconfiguring network interfaces... [ OK ]

    Read the article

  • Flash security popup is unclickable on a layered window

    - by sjlewis
    I have a layered (TransparencyKey is set) winform w/ a WebBrowser control on it that navigates to a page that contains flash (swf). Everything works okay except that when flash shows a security popup, none of the buttons on the popup respond to mouse click, so I can't click Allow/Deny. Right-click works but only shows the context menu that is normal to flash. I tried overriding WndProc on the WebBrowser control, as suggested here, but it still does not respond to mouse click. If I comment out the TransparencyKey setting, even w/o the WndProc override, the buttons respond. I thought this'd be a container issue so I decided to host the swf file on the form, using the example here, but this, too, had the same problem w/ layered window. So, is there another way that can get around this problem? What is it w/ layered window that renders the buttons on the flash popup unclickable? What is it w/ flash...?

    Read the article

  • Objective-C Plugin Architecture Security (Mac, not iphone)

    - by Tom Dalling
    I'm possibly writing a plugin system for a Cocoa application (Mac, not iphone). A common approach is the make each plugin a bundle, then inject the bundle into the main application. I'm concerned with the security implications of doing this, as the bundle will have complete access to the Objective-C runtime. I am especially concerned with a plugin having access to the code that handles registration and serial keys. Another plugin system we are considering is based on distributed notifications. Basically, each plugin will be a separate process, and they will communicate via distributed notifications only. Is there a way to load bundles securely (e.g. sandboxing)? If not, do you see any problems with using distributed notifications? Are there any other plugin architectures that would be better?

    Read the article

  • outputting html in runtime in asp.net

    - by madness800
    Hi all, I'm building a website at the moment, I've some html fragment that is being stored into the database, I've been reading around that inserting HTML at runtime poses security risks by using the InnerHTML property of any html tag with runat server on it. So, my question is there any alternative way to safely display the html code and won't pose security risks and is it best to assume any textboxes on any given page is dangerous and process the text in the textboxes with Server.HtmlEncode before I store it to database? Cheers

    Read the article

  • ie6 p3p 'file download security warning'

    - by cometta
    i have a page inside iframe, so i set the header to "P3P","CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"" after that my page inside iframe able to load properly and i able to authenticate user with 'form' post . but on ie6, when i post 'form' inside iframe, i get ie6 message 'file download security warning on javascript file' . those javascript files are put on 'head' of pages inside iframe. how comes ie6 suddenly pop up dialog asking to download those files? anyone know which p3p parameter cause this problem?

    Read the article

  • Need a Security Scenario for asp.net webservice

    - by Karamafrooz
    I have developed a .Net 3.5 windows forms application. I also want to design a website that has a webservice with multiple Webmethods to query the database on the host machine. I want the webservice to be called ONLY through my winapp and my website! And I don't want any other people to be able to call and use my webservice but only some people who have access to the windows application that I have developed. I need a good security scenario for this! I truly appreciate anyone who can help me because this is my first experience of developing a webservice and I really need it to be as secure as I mentioned!

    Read the article

  • Making sure a web page is not cached, across all browsers.

    - by Edward Wilde
    Our investigations have shown us that not all browsers respect the http cache directives in a uniform manner. For security reasons we do not want certain pages in our application to cached, ever, by the web browser. This must work for at least the following browsers: Internet Explorer versions 6-8 FireFox versions 1.5 - 3.0 Safari version 3 Opera 9 Our requirement came from a security test. After logging out from our website you could press the back button and view cached pages.

    Read the article

  • serving files using django - is this a security vulnerability

    - by Tom Tom
    I'm using the following code to serve uploaded files from a login secured view in a django app. Do you think that there is a security vulnerability in this code? I'm a bit concerned about that the user could place arbitrary strings in the url after the upload/ and this is directly mapped to the local filesystem. Actually I don't think that it is a vulnerability issue, since the access to the filesystem is restricted to the files in the folder defined with the UPLOAD_LOCATION setting. UPLOAD_LOCATION = is set to a not publicly available folder on the webserver url(r'^upload/(?P<file_url>[/,.,\s,_,\-,\w]+)', 'aeon_infrastructure.views.serve_upload_files', name='project_detail'), @login_required def serve_upload_files(request, file_url): import os.path import mimetypes mimetypes.init() try: file_path = settings.UPLOAD_LOCATION + '/' + file_url fsock = open(file_path,"r") file_name = os.path.basename(file_path) file_size = os.path.getsize(file_path) print "file size is: " + str(file_size) mime_type_guess = mimetypes.guess_type(file_name) if mime_type_guess is not None: response = HttpResponse(fsock, mimetype=mime_type_guess[0]) response['Content-Disposition'] = 'attachment; filename=' + file_name #response.write(file) except IOError: response = HttpResponseNotFound() return response

    Read the article

  • How would a php or java client authenticate if I'm using WCF w/ forms auth?

    - by Toran Billups
    I have a generic proof of concept WCF service that is using forms authentication to secure access. All works great when my client is .NET (vb code below) Dim client As SupplierServiceClient = New SupplierServiceClient() client.ClientCredentials.UserName.UserName = "[email protected]" client.ClientCredentials.UserName.Password = "password" Dim SupplierList As List(Of Supplier) = client.GetSuppliers() but as I want this to interop w/ anyone who can do SOAP 1.1/1.2 - how would a PHP or Java client connect? My WCF web.config is listed below (fyi) <system.serviceModel> <services> <service name="SampleApplicationWCF.Library.SupplierService" behaviorConfiguration="NorthwindBehavior"> <endpoint address="" name="wsHttpSupplierService" contract="SampleApplicationWCF.Library.ISupplierService" binding="wsHttpBinding" bindingConfiguration="wsHttp"/> <endpoint address="https://server/SampleApplicationWCF/SupplierService.svc/Basic" name="basicHttpSupplierService" contract="SampleApplicationWCF.Library.ISupplierService" binding="basicHttpBinding" bindingConfiguration="basicHttp"/> <endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex"/> </service> </services> <bindings> <wsHttpBinding> <binding name="wsHttp"> <security mode="TransportWithMessageCredential"> <transport/> <message clientCredentialType="UserName" negotiateServiceCredential="false" establishSecurityContext="true"/> </security> </binding> </wsHttpBinding> <basicHttpBinding> <binding name="basicHttp"> <security mode="TransportWithMessageCredential"> <transport/> <message clientCredentialType="UserName"/> </security> </binding> </basicHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior name="NorthwindBehavior"> <serviceMetadata httpGetEnabled="true"/> <serviceAuthorization principalPermissionMode="UseAspNetRoles"/> <serviceCredentials> <userNameAuthentication userNamePasswordValidationMode="MembershipProvider"/> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> </system.serviceModel>

    Read the article

  • Security Token/Cross Domain Cookie in Classic ASP?

    - by jlrolin
    I have an interesting conundrum. We have a site that is a completely separate domain, we'll say http://www.x.com and our own site that is http://www.y.com. The y.com site is actually a classic ASP site, and we aren't converting it to .NET at this time. The problem is that there is a link on x.com that redirects to y.com from a members area. We want to "authenticate" the user to make sure they are a member from the other site. If they are, they are directed to a members area on y.com. If not, they have to provide login information on y.com. Cookies obviously don't work due to the cross domain security, but is there a way around this? I've also looked at a service for tokens, but I'm not sure exactly how that works in Classic ASP. Any ideas or suggestions?

    Read the article

  • About SQL Server security

    - by Felipe Fiali
    I have an ASP.NET application which runs under the Classic .NET AppPool in IIS. I have a report to render from my website. The problem is SQL Server keeps telling me that it failed to create a connection to the datasource, because login failed for user IUSR. After adding that user directly to the databse I could get the report to work, but I'm concerned about security. By doing that, am I opening my specified databases to all websites hosted on IIS? Or is that account identity-specific?

    Read the article

  • Using a password to generate two distinct hashes without reducing password security

    - by Nevins
    Hi there, I'm in the process of designing a web application that will require the storage of GPG keys in an encrypted format in a database. I'm planning on storing the user's password in a bCrypt hash in the database. What I would like to be able to do is to use that bCrypt to authenticate the user then use the combination of the stored bCrypt hash and another hash of the password to encrypt and decrypt the GPG keys. My question is whether I can do this without reducing the security of the password? I was thinking I may be able to use something like an HMAC-SHA256 of a static string using the password and a salt as the secret key. Is there a better way to do this that I haven't thought of? Thanks

    Read the article

  • Is web.config more secure than a class?

    - by o-logn
    I was reading a tutorial on ASP.NET and third party API's and it mentioned that the API KEY and SECRET KEY should be stored in the web.config file, for security on production servers, instead of in the classes that use them. However, I'm not quite sure what's more secure about a web.config file than a class? I understand the convenience of storing it in a config file, but I don't see the security benefit?

    Read the article

  • Java Security filter together with thickbox pop-ups

    - by user197127
    Hi, I have a java application that uses a security filter to protect certain resources. If there is no user logged on, it will keep in session the request path and redirect to a logon page. After a successful logon, user is redirected to the original requested page. I have now added some thickbox (ajax bases pop-up) popups to the application. Unfortunately, when I get now a popup that is "secure" the filter redirects to a logon page (which is not a popup) and makes the whole application messy. Anyone with ideas on how to solve this? Thanks

    Read the article

  • Security sandbox violation when connecting to Socket from flex

    - by KensoDev
    Hi, I am using a Socket (not xmlSocket) connection between flex applications and the server pushing messages. Now, when I connect from the local machine to the server everything is working file and running, connection is succesful and I get data back and forth. When I upload the application (flex) to the server and run it from there, I get a security sandBox violation message. Note: 1. I do have a crossdomain file with * wildcard both on port and on domain. 2. I created a Securiy.allowDomain("*") as well. Another thing. I also created another listener on that same server, listening to connections for port 843 (default) and this service just waited for a connection send policy file to the client and that's it. That did not solve the problem as well... That's next? What should I do to fix the problem? Appreciate your help. Avi

    Read the article

  • php: security question

    - by Syom
    in my cms i have index.php, where client must enter username and password. if they are correct, he'll moove to admin.php, where the cms is. but now hacker can enter to cms/admin.php, so my security now is awful. i know, that i can use $_SESSION variable. index.php - i can give some value to $_SESSION['error']: $_SESSION['error'] = TRUE, and in admin.php just verify it admin.php if($_SESSION['error'] == TRUE) { my script here... } else header("Location: index.php"); but i want to rich this effect without SESSION. could you give me an idea, how can i do it? thanks

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 100 101 102 103 104 105 106 107 108 109 110 111  | Next Page >