Search Results

Search found 13222 results on 529 pages for 'security gate'.

Page 104/529 | < Previous Page | 100 101 102 103 104 105 106 107 108 109 110 111  | Next Page >

  • Authenticated WCF: Getting the Current Security Context

    - by bradhe
    I have the following scenario: I have various user's data stored in my database. This data was entered via a web app. We'd like to expose this data back to the user over a web service so that they can integrate their data with their applications. We would also like to expose some business logic over these services. As such we do not want to use OData. This is a multi-tenant application so I only want to expose their data back to them and not other users. Likewise, the business logic we expose should be relative to the authenticated user. I would like let the user use an OASIS scheme to authenticate with the web service -- WCF already allows for this out of the box as far as I understand -- or perhaps we can issue them certificates to authenticate with. That bit hasn't really been worked out yet. Here is a bit of pseudo-code of how I envision this would work within the service: function GetUsersData(id) var user := Lookup User based on Username from Auth Context var data := Get Data From Repository based on "user" return data end function For the business logic scenario I think it would look something like this: function PerformBusinessLogic(someData) var user := Lookup User based on Username from Auth Context var returnValue := Perform some logic based on supplied data return returnValue end function The hard bit here is getting the current username (or cert info in the cert scenario) that the user authenticated with! Does WCF even enable this scenario? If not would WSE3 enable this? Thanks,

    Read the article

  • Public ASPXAUTH cookie and security

    - by Bara
    Due to a bug in Flash, I have to use the ASPXAuth cookie to log a user in on a page that a flash upload script calls after upload. See this page for more information: http://geekswithblogs.net/apopovsky/archive/2009/05/06/working-around-flash-cookie-bug-in-asp.net-mvc.aspx I have to make the ASPXAUTH string "public" in the sense that it will be in the HTML of the page. My question is, how secure is this? I understand that anyone that can get to the string in the HTML can probably get to it from the cookie just as easily, but let's say someone does have this ASPXAUTH string. Is it possible that they can login as another user using this cookie? Would they be able to decrypt it? Bara

    Read the article

  • PHP URL Security Question

    - by TaG
    I want to have users store the url in my database I'm using php mysql and htmlpurifier I was wondering if the following code was good way to filter out bad data? Here is the Partial PHP code. $url = mysqli_real_escape_string($mysqli, $purifier->purify(htmlspecialchars(strip_tags($_POST['url'])));

    Read the article

  • Facebook Flash app security?

    - by mhdouglas
    I'm developing a Facebook app implemented in Flash, and I'd like to authenticate communication between my app and my server. In other words, I'd like to guarantee that all communication with my server is coming from my app, which has been launched from within facebook by a valid facebook user. Does the Facebook actionscript API support this type of operation? Or am I on my own?

    Read the article

  • Paypal IPN security

    - by keithics
    Hello! I am developing a website which will allow users to pay via Paypal. Paypal IPN seems to be easy to integrate and it works on my localhost. Now the problem is that, the amount and the business name are passed to paypal using POST Data. I know it's very dangerous to put it that way, but I am not sure what are the alternatives. How can I make Paypal IPN secure?

    Read the article

  • False sense of security with `snprintf_s`

    - by xtofl
    MSVC's "secure" sprintf funcions have a template version that 'knows' the size of the target buffer. However, this code happily paints 567890 over the stack after the end of bytes... char bytes[5]; _snprintf_s( bytes, _TRUNCATE, "%s", "1234567890" ); Any idea what I do wrong, or is this a known bug? (I'm working in VS2005 - didn't test in 2008 or 2010)

    Read the article

  • What fields have job security?

    - by computergeek6
    I can program pretty well, and I'm trying to think of a programming area that I can practice so I have a better chance of getting a job when I finish my education. I'm currently learning game development, but there are a ton of other people trying to get into game dev, so I want to find something a little more secure and sustainable to develop skills in. I've thought of things like financial systems and engineering stuff, but nothing I can think of is accessible to someone in high school. I'm trying to find something that involves physics or networking and isn't as popular a field as game dev. Does anyone have any ideas?

    Read the article

  • Coldbox Security Interceptor

    - by faheem
    Hi I am new to coldbox and working on a guestbook messaging forum. does anyone know how I can apply some rule in coldbox to show edit and delete for specified users of admin or user in the edit page. I am not sure how to specify this as I already have my rules here as shown in securityRules.xml: SecurityRules.XML <?xml version="1.0" encoding="UTF-8"?> <!-- Declare as many rule elements as you want, order is important Remember that the securelist can contain a list of regular expression if you want ex: All events in the user handler user\..* ex: All events .* ex: All events that start with admin ^admin If you are not using regular expression, just write the text that can be found in an event. <whitelist>ehSecurity\.dspLogin,ehSecurity\.doLogin,ehSecurity\.dspLogoff</whitelist> --> <rules> <rule> <whitelist>^entries,ehSecurity\..*,registry\..*</whitelist> <securelist></securelist> <roles>admin</roles> <permissions>read,write</permissions> <redirect>ehSecurity.dspLogin</redirect> </rule> <rule> <whitelist>^entries,ehSecurity\..*,main\..*,^registry</whitelist> <securelist></securelist> <roles>author,admin</roles> <permissions>read</permissions> <redirect>ehSecurity.dspLogin</redirect> </rule> </rules>

    Read the article

  • Google Chrome showing javascript security error

    - by Clint
    I need help resolving this Google Chrome Error..."Uncaught Error: SECURITY_ERR: DOM Exception 18" Here is the code. //Get Cookie function get_cookie (cookie_name) { var results = document.cookie.match ( '(^|;) ?' + cookie_name + '=([^;]*)(;|$)' ); if (results) return ( unescape ( results[2] ) ); else return null; }; Many thanks, C

    Read the article

  • XML security in world wide web

    - by nikky
    Hi, Im a newbie in XML and i have some questions Can XML be used in stead of normal database (store data in a tuple and column) in website? XML is built to share information easier (from my understanding) such as can share cross platform and in different language used so Is it secure to store secure data in XML? thank you so much

    Read the article

  • Security issue using Nant

    - by Diego C.
    I need to store authentication information and I rather not have the password in plain text: <property name="user" value="theUser"/> <property name="password" value="secret"/> Has anyone figured out a way to encrypt property values in Nant? I've looked in Nant and Nantcontrib docs but no mention of encryption. I am considering going the route of creating my own Nant Task. Any suggestions?

    Read the article

  • .NET ORM and Security

    - by Sphynx
    We're going to use an ORM tool with a .NET desktop application. The tool allows creation of persistent classes. It generates all database tables automatically. In addition to other data, our system needs to store user credentials, and deliver access control. The question is, is there any possibility of access control by means of ORM, without creating the database authentication mechanisms manually? Is there any product on the market which allows this? We thought of limiting the access in the program itself, but users can easily access the database directly, and bypass the program limitations. Thanks.

    Read the article

  • IE6 https security message appearing after closing jQuery colorbox overlay

    - by RyanP13
    I am working on a secure site, https. I am using the colorbox jquery plugin to iframe another page from the same site over the current content. In IE6 when i close the colorbox overlay i get the following message: "This page contains both secure and nonsecure items. Do you want to display the nonsecure items?" Any ideas why this is happening? Can it be prevented? Assume i would have to make the whole site http rather than https but this is not possible as we have online payments.

    Read the article

  • Stream post URL security and wall post links

    - by Jeff Lee
    Our app's mobile client can create wall post links to our app's web-facing pages. Since this happens in the context of a mobile app, we do this on behalf of our user using the Graph API's feed/message endpoint. I noticed that the links showing up in the wall posts are being routed through our app's auth dialog, which is NOT what we want. We just want transparent links, without forcing the client to auth our app, similar to what happens when you share to FB in Path. I went ahead and disabled the "Stream post URL option" several hours ago, but we still seem to be getting the re-routed links for wall posts. The target URLs for these links are within the domain we've registered for our Facebook app. Is there anything else I need to do fix this?

    Read the article

  • code access security

    - by rkrauter
    Why do I need to Demand permission? Why can't it simply fail (commenting out the .Demand() call)? ref: http://support.microsoft.com/kb/315529 Thanks! try { // Demand the permission to access the C:\Temp folder. permFileIO.Demand(); resultText.Append("The demand for permission to access the C:\\Temp folder succeeded.\n\n"); }

    Read the article

  • Security & Authentication: SSL vs SASL

    - by 4herpsand7derpsago
    My understanding is that SSL combines an encryption algorithm (like AES, DES, etc.) with akey exchange method (like Diffier-Hellman) to provide secure encryption and identification services between two endpoints on an un-secure network (like the Internet). My understanding is that SASL is an MD5/Kerberos protocol that pretty much does the same thing. So my question: what are the pros/cons to choosing both and what scenarios make both more preferable? Basically, I'm looking for a guidelines to follow when choosing SSL or to go with SASL instead. Thanks in advance!

    Read the article

  • WCF cross-domain policy security error

    - by George2
    Hello everyone, I am using VSTS 2008 + C# + WCF + .Net 3.5 + Silverlight 3.0. I host Silverlight control in an html page and debug it from VSTS 2008 (press F5, then run in VSTS 2008 built-in ASP.Net development web server), then call another WCF service (hosted in another machine running IIS 7.0 + Vista). The WCF service is very simple, just return a constant string to client. When invoking the WCF service from Silverlight, I got the following error message, An error occurred while trying to make a request to URI 'https://LabTest/Test.svc'. This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for SOAP services. You may need to contact the owner of the service to publish a cross-domain policy file and to ensure it allows SOAP-related HTTP headers to be sent. This error may also be caused by using internal types in the web service proxy without using the InternalsVisibleToAttribute attribute. Please see the inner exception for more details. Here is the clientaccesspolicy.xml file, anything wrong? <?xml version="1.0" encoding="utf-8" ?> <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*"> <domain uri="*"> </domain> </allow-from> <grant-to> <resource path="/" include-subpaths="true"></resource> </grant-to> </policy> </cross-domain-access> </access-policy> thanks in advance, George

    Read the article

  • Castle windsor security exception

    - by Sunil
    I developed a small WCF service that uses Castle Windsor IoC container and it works fine on my PC. When I deploy it onto a Win 2008 R2 server and host the WCF service in IIS 7 it fails with the following error. I checked the server level web.config and the trust level is set to "Full". What do I need to do to get this to work. As a test I deployed the same service as it is onto a Windows 2003 server with the trust level set to "Full" and it works fine. I am unable to figure out what setting/configuration I am missing on the 2008 server that is making the service fail. Stack Trace: [SecurityException: That assembly does not allow partially trusted callers.] Castle.Windsor.WindsorContainer..ctor() +0 WMS.ServiceContractImplementation.IoC.IoCInstanceProvider..ctor(Type serviceType) in D:\WCF\WCFProofOfConcept\WMSServices \WMS.ServiceContractImplementation\IoC\IoCInstanceProvider.cs:19 WMS.ServiceContractImplementation.IoC.IoCServiceBehavior.ApplyDispatchBehav­ior(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase) in D:\WCF \WCFProofOfConcept\WMSServices\WMS.ServiceContractImplementation\IoC \IoCServiceBehavior.cs:24 System.ServiceModel.Description.DispatcherBuilder.InitializeServiceHost(Ser­viceDescription description, ServiceHostBase serviceHost) +377 System.ServiceModel.ServiceHostBase.InitializeRuntime() +37 System.ServiceModel.ServiceHostBase.OnBeginOpen() +27 System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout) +49 System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +261 System.ServiceModel.HostingManager.ActivateService(String normalizedVirtualPath) +121 System.ServiceModel.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath) +479

    Read the article

< Previous Page | 100 101 102 103 104 105 106 107 108 109 110 111  | Next Page >