Search Results

Search found 47679 results on 1908 pages for 'web admin'.

Page 109/1908 | < Previous Page | 105 106 107 108 109 110 111 112 113 114 115 116  | Next Page >

  • Idiomatic PHP web page creation

    - by GreenMatt
    My PHP experience is rather limited. I've just inherited some stuff that looks odd to me, and I'd like to know if this is a standard way to do things. The page which shows up in the browser location (e.g. www.example.com/example_page) has something like: <? $title = "Page Title"; $meta = "Some metadata"; require("pageheader.inc"); ?> <!-- Content --> Then pageheader.inc has stuff like: <? @$title = ($title) ? $title : ""; @$meta = ($meta) ? $meta : ""; ?> <html> <head> <title><?=$title?></title </head> <!-- and so forth --> Maybe others find this style useful, but it confuses me. I suppose this could be a step toward a rudimentary content management system, but the way it works here I'd think it adds to the processing the server has to do without reducing the load on the web developer enough to make it worth the effort. So, is this a normal way to create pages with PHP? Or should I pull all this in favor of a better approach? Also, I know that "<?" (vs. "<?php" ) is undesirable; I'm just reproducing what is in the code.

    Read the article

  • Calling web service from seems to hang

    - by anothershrubery
    I am trying to call an asmx web service from an Android app. Just literally started some Android development today. I've been following various solutions I have found on the net and on here and it seems it is more difficult than anticipated. I have tried various solutions and using KSoap2 seems to be the easiest way to implement this, well it would be if I could get it working. I have the following code which works up until a point: private class CallWebService extends AsyncTask<Void, Void, Void> { private static final String SOAP_ACTION = "http://tempuri.org/GetUser"; private static final String METHOD_NAME = "GetUser"; private static final String NAMESPACE = "http://tempuri.org/"; private static final String URL = "http://160.10.1.79:59315/Service1.asmx"; TextView tv; @Override protected Void doInBackground(Void... params) { tv=(TextView)findViewById(R.id.txtMessage); try { SoapObject request = new SoapObject(NAMESPACE, METHOD_NAME); SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(SoapEnvelope.VER11); envelope.dotNet=true; envelope.setOutputSoapObject(request); HttpTransportSE androidHttpTransport = new HttpTransportSE(URL); androidHttpTransport.call(SOAP_ACTION, envelope); Object result = (Object)envelope.getResponse(); tv.setText(result.toString()); } catch (Exception e) { tv.setText(e.getMessage()); } return null; } } It seems to hang at the line androidHttpTransport.call(SOAP_ACTION, envelope); Any ideas why? Is this the correct approach? Should I be looking in another direction?

    Read the article

  • Duplicate C# web service proxy classes generated for Java types

    - by Sergey
    My question is about integration between a Java web service and a C# .NET client. Service: CXF 2.2.3 with Aegis databinding Client: C#, .NET 3.5 SP1 For some reason Visual Studio generates two C# proxy enums for each Java enum. The generated C# classes do not compile. For example, this Java enum: public enum SqlDialect { GENERIC, SYBASE, SQL_SERVER, ORACLE; } Produces this WSDL: <xsd:simpleType name="SqlDialect"> <xsd:restriction base="xsd:string"> <xsd:enumeration value="GENERIC" /> <xsd:enumeration value="SYBASE" /> <xsd:enumeration value="SQL_SERVER" /> <xsd:enumeration value="ORACLE" /> </xsd:restriction> </xsd:simpleType> For this WSDL Visual Studio generates two partial C# classes (generated comments removed): [System.CodeDom.Compiler.GeneratedCodeAttribute("System.Runtime.Serialization", "3.0.0.0")] [System.Runtime.Serialization.DataContractAttribute(Name="SqlDialect", Namespace="http://somenamespace")] public enum SqlDialect : int { [System.Runtime.Serialization.EnumMemberAttribute()] GENERIC = 0, [System.Runtime.Serialization.EnumMemberAttribute()] SYBASE = 1, [System.Runtime.Serialization.EnumMemberAttribute()] SQL_SERVER = 2, [System.Runtime.Serialization.EnumMemberAttribute()] ORACLE = 3, } [System.CodeDom.Compiler.GeneratedCodeAttribute("System.Xml", "2.0.50727.3082")] [System.SerializableAttribute()] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://somenamespace")] public enum SqlDialect { GENERIC, SYBASE, SQL_SERVER, ORACLE, } The resulting C# code does not compile: The namespace 'somenamespace' already contains a definition for 'SqlDialect' I will appreciate any ideas...

    Read the article

  • How would a user stay logged in to a REST-based website?

    - by unforgiven3
    A year or so ago I asked this question: Can you help me understand this? “Common REST Mistakes: Sessions are irrelevant”. My question was essentially this: Okay, I get that HTTP authentication is done automatically on every message - but how? Is the username/password sent with every request? Doesn't that just increase attack surface area? I feel like I'm missing part of the puzzle. The answers I received made perfect sense in the context of a mobile (iPhone, Android, WP7) app - when talking to a REST service, the app would just send user credentials along with each request. That worked great for me. But now, I would like to better understand how one would secure a REST-like website, like StackOverflow itself or something like Reddit. How would things work if it was a user logged in via a web browser instead of logged in via an iPhone app? What happens when a user logs in? Are the credentials saved in the browser somehow? How would the browser know what credentials to send with subsequent REST requests? What if it's a JavaScript call to a webservice? How would the JavaScript call include user credentials? I'll be quite frank: my understanding of security when it comes to websites is pretty limited. I enjoyed working with REST services from an app perspective, but now I want to try and build a website that is based on REST principles, and I'm finding myself to be pretty lost. If there is anything in the above question that is unclear that you'd like me to clarify, please leave a comment and I'll address it.

    Read the article

  • gwt seperate modules with no code sharing

    - by Code freak
    Hi, I have to make a web application using GWT. The project has a core module that'll expose a set of apis to be used by other apps; each of these app are unrelated. Each shall be loaded in a separate iframe. My idea was to compile core into core.js and each app shall have its own app1.js app2.js and so on... App1 script type="text/javascript" src="core.js" ></script> script type="text/javascript" src="app1.js" ></script> with this design, due to browser caching, each app laod only the app.js which should be smaller ~20kb in size. Making a core module is straightforward but the apps are problematic. The reason being after compilation, each app contains the entire GWT library - this substantially increases the download size of the complete webapp. Can anyone suggest a way to get aroung this problem ? I've checked similar questions on SO, but failed to find a simple working answer fr the problem. Thanks for any help.

    Read the article

  • asmx web service returning xml instead of json in .net 4.0

    - by Baldy
    i have just upgraded a test copy of my site to asp.net 4.0 and have noticed a strange issue that only arises when i upload the site to my server. the site has an asmx web service that returns json, yet when i run the site on my server it returns xml. it as been working fine in asp.net 3.5 for over a year. the webMethod is decorated with the correct attributes... [WebMethod][ScriptMethod(ResponseFormat = ResponseFormat.Json)] public List<LocationRecentChange> RecentChanges() and on my local machine it returns json. yet on the server (Windows 2008 64bit) it returns xml. you can inspect the response on the test site here... my test site using firebug console you will see a 200 OK response and a bunch of XML, and on my local machine the data returned is the JSON i expect. Here is the javascript that calls the service.. function loadRecentData() { $.ajax({ type: "POST", url: "service/spots.asmx/RecentChanges", data: "{}", contentType: "application/json; charset=utf-8", dataType: "json", success: loadRecentUpdates, failure: function(msg) { //alert(msg); } }); } Any suggestions welcome, this has got me stumped!

    Read the article

  • How to pass value in url using web request GET method asp.net

    - by Narasi
    Am new to .Net and web service..i like to pass id through url..how to do that?whether it was done post or get method?guide me string url = "http://XXXXX//"+id=22; WebRequest request = WebRequest.Create(url); request.Proxy.Credentials = new NetworkCredential(xxxxx); request.Credentials = CredentialCache.DefaultCredentials; //add properties request.Method = "GET"; request.ContentType = "application/json"; //convert byte[] byteArray = Encoding.UTF8.GetBytes(data); request.ContentLength = byteArray.Length; //post data Stream streamdata = request.GetRequestStream(); streamdata.Write(byteArray, 0, byteArray.Length); streamdata.Close(); //response WebResponse response = request.GetResponse(); // Get the stream containing content returned by the server. Stream dataStream = response.GetResponseStream(); // Open the stream using a StreamReader for easy access. StreamReader reader = new StreamReader(dataStream); // Read the content. string responseFromServer = reader.ReadToEnd(); // Clean up the streams and the response. reader.Close(); response.Close(); Thanks in advance

    Read the article

  • Problem consuming a dataset via a .NET web service from Flex-ActionScript

    - by DEH
    Hi, I am returning a .NET dataset to Flex Actionscript via a web service. Actionscript snippet as follows: var websvc:WebService = new WebService(); websvc.useProxy=false; websvc.wsdl = "http://localhost:13229/test/mysvc.asmx?WSDL"; websvc.loadWSDL(); var operation:Operation = new Operation(null, "GetData"); operation.arguments.command="xx_gethierdata_"+mode+"_"+identifier; operation.addEventListener(ResultEvent.RESULT, onResultHandler, false, 0, true); operation.addEventListener(FaultEvent.FAULT, onFaultHandler, false, 0, true); operation.resultFormat="object"; websvc.operations = [operation]; operation.send(); Once in the onResultHandler function I have access to the datatable - I then want to grab the column names. The following code outputs my column names: for each (var tcolumn:Object in datatable.Columns){trace('Column:'+tcolumn);} This works ok, but the column names are encoded, so a column name that is actually "1-9" is output as "_x005B_1-9_x005D_" Anyone know the best way to decode the column name? I could replace all the encoding strings, but surely there is a better way? Thanks

    Read the article

  • nhibernate sessionfactory instance more than once on web service

    - by Manuel
    Hello, i have a web service that use nhibernate. I have a singleton pattern on the repositorry library but on each call the service, it creates a new instance of the session factory wich is very expensive. What can i do? region Atributos /// <summary> /// Session /// </summary> private ISession miSession; /// <summary> /// Session Factory /// </summary> private ISessionFactory miSessionFactory; private Configuration miConfiguration = new Configuration(); private static readonly ILog log = LogManager.GetLogger(typeof(NHibernatePersistencia).Name); private static IRepositorio Repositorio; #endregion #region Constructor private NHibernatePersistencia() { //miConfiguration.Configure("hibernate.cfg.xml"); try { miConfiguration.Configure(); this.miSessionFactory = miConfiguration.BuildSessionFactory(); this.miSession = this.SessionFactory.OpenSession(); log.Debug("Se carga NHibernate"); } catch (Exception ex) { log.Error("No se pudo cargar Nhibernate " + ex.Message); throw ex; } } public static IRepositorio Instancia { get { if (Repositorio == null) { Repositorio = new NHibernatePersistencia(); } return Repositorio; } } #endregion #region Propiedades /// <summary> /// Sesion de NHibernate /// </summary> public ISession Session { get { return miSession.SessionFactory.GetCurrentSession(); } } /// <summary> /// Sesion de NHibernate /// </summary> public ISessionFactory SessionFactory { get { return this.miSessionFactory; } } #endregion In wich way can i create a single instance for all services?

    Read the article

  • Web Crawler C# .Net

    - by sora0419
    I'm not sure if this is actually called the web crawler, but this is what I'm trying to do. I'm building a program in visual studio 2010 using C# .Net. I want to find all the urls that has the same first part. Say I have a homepage: www.mywebsite.com, and there are several subpage: /tab1, /tab2, /tab3, etc. Is there a way to get a list of all urls that begins with www.mywebsite.com? So by providing www.mywebsite.com, the program returns www.mywebsite.com/tab1, www.mywebsite.com/tab2, www.mywebsite.com/tab3, etc. ps. I do not know how many total sub pages there are. --edit at 12:04pm-- sorry for the lack of explanation. I want to know how to write a crawler in C# that do the above task. All I know is the main url www.mywebsite.com, and the goal is to find all its sub pages. -- edit at 12:16pm-- Also, there is no links on the main page, the html is basically blank. I just know that the subpages exist, but have no way to link to it except for providing the exact urls.

    Read the article

  • Why do we need serialization in web service

    - by Cloud2010
    I have one webservice: public class Product { public int ProductId { get; set; } public string ProductName { get; set; } } public class Service : System.Web.Services.WebService { public Service () { //Uncomment the following line if using designed components //InitializeComponent(); } [WebMethod] public List<Product> GetItems() { List<Product> productList = new List<Product>() { new Product{ProductId=1,ProductName="Pencil"}, new Product{ProductId=2,ProductName="Pen"} }; return productList; } and in a asp.net application I am consuming it like: localhost.Service s = new localhost.Service(); List<localhost.Product> k = new List<localhost.Product>(); k = s.GetItems().ToList(); // i am getting the values here. now my question is do I need to serialize my webmethod as i am returning custom types? when should we serialize ? is it necessary at all, if yes , then what are the conditions?

    Read the article

  • My HTML5 web app crashes and I have no clue how to debug

    - by Shouvik
    Hi All, I have written a word game using HTML5 canvas tag and a little bit of audio. I developed the application on the chrome web browser on a linux system. Recently during the testing phase it was tried on safari 5.0.3 on Mac and the webpage froze. Not just the canvas element, but interactive element on the page froze. I have at some times experienced this problem on google chrome when I was developing but since the console did not throw any error before this happened, I did not give it much credence. Now as per requirements I am supposed to support both chrome and safari but this dismal performance on safari has left me shocked and I cannot see what error can be thrown which might lead to such a situation. Worse yet the CPU usage on using this application peaks to 70-80percent on my 2yr old macbook running ubuntu... I can only but pity the person who uses mac to operate this app, which undoubtedly is a heavier OS. Could someone help me out with a place I can start with to find out what exactly is causing this issue. I have run profiles on this webapp on google chromes console and noticed that in the heap spanshot value increases steadily with the playing of the game, specifically (root) value which jumps up by 900 counts. Any help would be very appreciated! Thanks EDIT: I don't know if this helps, but I have noticed that even on refreshing the page after the app becomes unresponsive the page reloads and I am still not able to interact with the page elements but the tab scroll bar continues to work and I can see my application window completely. So to summaries the tab stops accepting any sort of user interaction inside the page. Edit2: Nop. It doesn't work still... The app crashes on double click on the canvas element. The console is not throwing any errors either! =/ I have noticed this problem is isolated only to safari!

    Read the article

  • Tip #104: Did you know … How to view text for the ‘hint’ buttons on the Publish Web Dialog?

    - by The Official Microsoft IIS Site
    After the Beta 2 release of Visual Studio 2010, the Publish Web Dialog was modified to include two information buttons associated with the Service URL and Site/application text boxes. (See Figure 1) Figure 1 – New information (‘hint’) buttons (see circled question marks) There are two keys to remember when trying to view the ‘help’ text associated with these buttons: Patience Hover – don’t click In order to reveal the valuable information that these help icons can unlock, simply move your mouse to...(read more)

    Read the article

  • Deeper Integration with phpBB

    - by The Official Microsoft IIS Site
    More good news on the Interoperability front: the new phpBB release is now available for installation from the Windows Web Application Gallery and Web Platform Installer (Web PI) for Windows, IIS and SQL Server. Version 3.0.7-PL1 of phpBB takes advantage of a number of features for PHP applications on the Microsoft Web Platform with Windows, IIS and SQL Server, including SQL Server Driver for PHP 1.1 , which provides key interoperability for PHP applications to use SQL Server or SQL Azure for data...(read more)

    Read the article

  • Fluid VS Responsive Website Development Questions

    - by Aditya P
    As I understand these form the basis for targeting a wide array of devices based on the browser size, given it would be a time consuming to generate different layouts targeting different/specific devices and their resolutions. Questions: Firstly right to the jargon, is there any actual difference between the two or do they mean the same? Is it safe to classify the current development mainly a html5/css3 based one? What popular frameworks are available to easily implement this? What testing methods used in this regard? What are the most common compatibility issues in terms of different browser types? I understand there are methods like this http://css-tricks.com/resolution-specific-stylesheets/ which does this come under?. Are there any external browser detection methods besides the API calls specific to the browser that are employed in this regard? Points of interest [Prior Research before asking these questions] Why shouldn't "responsive" web design be a consideration? Responsive Web Design Tips, Best Practices and Dynamic Image Scaling Techniques A recent list of tutorials 30 Responsive Web Design and Development Tutorials by Eric Shafer on May 14, 2012 Update Ive been reading that the basic point of designing content for different layouts to facilitate a responsive web design is to present the most relevant information. now obviously between the smallest screen width and the highest we are missing out on design elements. I gather from here http://flashsolver.com/2012/03/24/5-top-commercial-responsive-web-designs/ The top of the line design layouts (widths) are desktop layout (980px) tablet layout (768px) smartphone layout – landscape (480px) smartphone layout – portrait (320px) Also we have a popular responsive website testing site http://resizemybrowser.com/ which lists different screen resolutions. I've also come across this while trying to find out the optimal highest layout size to account for http://stackoverflow.com/questions/10538599/default-web-page-width-1024px-or-980px which brings to light seemingly that 1366x768 is a popular web resolution. Is it safe to assume that just accounting for proper scaling from width 980px onwards to the maximum size would be sufficient to accommodate this? given we aren't presenting any new information for the new size. Does it make sense to have additional information ( which conflicts with purpose of responsive web design) to utilize the top size and beyond?

    Read the article

  • Skip the Requirements - 10 Problems With Web Development Projects, and How to Solve Them

    For most businesses, hiring a freelancer or web company to develop a web site is a frustrating but necessary endeavor. After working with over a hundred small businesses and organizations, we've discovered some pitfalls that make the whole thing worse. Fortunately, powerful new platforms like Drupal make it easy to make a steady stream of small changes to your site after it launches. Here's how to align the interests of a web developer and a business to make sure your web site succeeds!

    Read the article

  • GDD-BR 2010 [2G] So What's A Web App? Introduction to the Chrome Web Store

    GDD-BR 2010 [2G] So What's A Web App? Introduction to the Chrome Web Store Speaker: Eric Bidelman Track: Chrome and HTML5 Time slot: G [16:30 - 17:15] Room: 2 Level: 151 What does it mean to install a web app? This session will give an overview of how to build a beautiful application for the Chrome Web Store, monetize, and distribute it to 70 million users! From: GoogleDevelopers Views: 146 3 ratings Time: 38:57 More in Science & Technology

    Read the article

  • IntelliSense for Razor Hosting in non-Web Applications

    - by Rick Strahl
    When I posted my Razor Hosting article a couple of weeks ago I got a number of questions on how to get IntelliSense to work inside of Visual Studio while editing your templates. The answer to this question is mainly dependent on how Visual Studio recognizes assemblies, so a little background is required. If you open a template just on its own as a standalone file by clicking on it say in Explorer, Visual Studio will open up with the template in the editor, but you won’t get any IntelliSense on any of your related assemblies that you might be using by default. It’ll give Intellisense on base System namespace, but not on your imported assembly types. This makes sense: Visual Studio has no idea what the assembly associations for the single file are. There are two options available to you to make IntelliSense work for templates: Add the templates as included files to your non-Web project Add a BIN folder to your template’s folder and add all assemblies required there Including Templates in your Host Project By including templates into your Razor hosting project, Visual Studio will pick up the project’s assembly references and make IntelliSense available for any of the custom types in your project and on your templates. To see this work I moved the \Templates folder from the samples from the Debug\Bin folder into the project root and included the templates in the WinForm sample project. Here’s what this looks like in Visual Studio after the templates have been included:   Notice that I take my original example and type cast the Context object to the specific type that it actually represents – namely CustomContext – by using a simple code block: @{ CustomContext Model = Context as CustomContext; } After that assignment my Model local variable is in scope and IntelliSense works as expected. Note that you also will need to add any namespaces with the using command in this case: @using RazorHostingWinForm which has to be defined at the very top of a Razor document. BTW, while you can only pass in a single Context 'parameter’ to the template with the default template I’ve provided realize that you can also assign a complex object to Context. For example you could have a container object that references a variety of other objects which you can then cast to the appropriate types as needed: @{ ContextContainer container = Context as ContextContainer; CustomContext Model = container.Model; CustomDAO DAO = container.DAO; } and so forth. IntelliSense for your Custom Template Notice also that you can get IntelliSense for the top level template by specifying an inherits tag at the top of the document: @inherits RazorHosting.RazorTemplateFolderHost By specifying the above you can then get IntelliSense on your base template’s properties. For example, in my base template there are Request and Response objects. This is very useful especially if you end up creating custom templates that include your custom business objects as you can get effectively see full IntelliSense from the ‘page’ level down. For Html Help Builder for example, I’d have a Help object on the page and assuming I have the references available I can see all the way into that Help object without even having to do anything fancy. Note that the @inherits key is a GREAT and easy way to override the base template you normally specify as the default template. It allows you to create a custom template and as long as it inherits from the base template it’ll work properly. Since the last post I’ve also made some changes in the base template that allow hooking up some simple initialization logic so it gets much more easy to create custom templates and hook up custom objects with an IntializeTemplate() hook function that gets called with the Context and a Configuration object. These objects are objects you can pass in at runtime from your host application and then assign to custom properties on your template. For example the default implementation for RazorTemplateFolderHost does this: public override void InitializeTemplate(object context, object configurationData) { // Pick up configuration data and stuff into Request object RazorFolderHostTemplateConfiguration config = configurationData as RazorFolderHostTemplateConfiguration; this.Request.TemplatePath = config.TemplatePath; this.Request.TemplateRelativePath = config.TemplateRelativePath; // Just use the entire ConfigData as the model, but in theory // configData could contain many objects or values to set on // template properties this.Model = config.ConfigData as TModel; } to set up a strongly typed Model and the Request object. You can do much more complex hookups here of course and create complex base template pages that contain all the objects that you need in your code with strong typing. Adding a Bin folder to your Template’s Root Path Including templates in your host project works if you own the project and you’re the only one modifying the templates. However, if you are distributing the Razor engine as a templating/scripting solution as part of your application or development tool the original project is likely not available and so that approach is not practical. Another option you have is to add a Bin folder and add all the related assemblies into it. You can also add a Web.Config file with assembly references for any GAC’d assembly references that need to be associated with the templates. Between the web.config and bin folder Visual Studio can figure out how to provide IntelliSense. The Bin folder should contain: The RazorHosting.dll Your host project’s EXE or DLL – renamed to .dll if it’s an .exe Any external (bin folder) dependent assemblies Note that you most likely also want a reference to the host project if it contains references that are going to be used in templates. Visual Studio doesn’t recognize an EXE reference so you have to rename the EXE to DLL to make it work. Apparently the binary signature of EXE and DLL files are identical and it just works – learn something new everyday… For GAC assembly references you can add a web.config file to your template root. The Web.config file then should contain any full assembly references to GAC components: <configuration> <system.web> <compilation debug="true"> <assemblies> <add assembly="System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> <add assembly="System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> <add assembly="System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> </assemblies> </compilation> </system.web> </configuration> And with that you should get full IntelliSense. Note that if you add a BIN folder and you also have the templates in your Visual Studio project Visual Studio will complain about reference conflicts as it’s effectively seeing both the project references and the ones in the bin folder. So it’s probably a good idea to use one or the other but not both at the same time :-) Seeing IntelliSense in your Razor templates is a big help for users of your templates. If you’re shipping an application level scripting solution especially it’ll be real useful for your template consumers/users to be able to get some quick help on creating customized templates – after all that’s what templates are all about – easy customization. Making sure that everything is referenced in your bin folder and web.config is a good idea and it’s great to see that Visual Studio (and presumably WebMatrix/Visual Web Developer as well) will be able to pick up your custom IntelliSense in Razor templates.© Rick Strahl, West Wind Technologies, 2005-2011Posted in Razor  

    Read the article

  • A New Threat To Web Applications: Connection String Parameter Pollution (CSPP)

    - by eric.maurice
    Hi, this is Shaomin Wang. I am a security analyst in Oracle's Security Alerts Group. My primary responsibility is to evaluate the security vulnerabilities reported externally by security researchers on Oracle Fusion Middleware and to ensure timely resolution through the Critical Patch Update. Today, I am going to talk about a serious type of attack: Connection String Parameter Pollution (CSPP). Earlier this year, at the Black Hat DC 2010 Conference, two Spanish security researchers, Jose Palazon and Chema Alonso, unveiled a new class of security vulnerabilities, which target insecure dynamic connections between web applications and databases. The attack called Connection String Parameter Pollution (CSPP) exploits specifically the semicolon delimited database connection strings that are constructed dynamically based on the user inputs from web applications. CSPP, if carried out successfully, can be used to steal user identities and hijack web credentials. CSPP is a high risk attack because of the relative ease with which it can be carried out (low access complexity) and the potential results it can have (high impact). In today's blog, we are going to first look at what connection strings are and then review the different ways connection string injections can be leveraged by malicious hackers. We will then discuss how CSPP differs from traditional connection string injection, and the measures organizations can take to prevent this kind of attacks. In web applications, a connection string is a set of values that specifies information to connect to backend data repositories, in most cases, databases. The connection string is passed to a provider or driver to initiate a connection. Vendors or manufacturers write their own providers for different databases. Since there are many different providers and each provider has multiple ways to make a connection, there are many different ways to write a connection string. Here are some examples of connection strings from Oracle Data Provider for .Net/ODP.Net: Oracle Data Provider for .Net / ODP.Net; Manufacturer: Oracle; Type: .NET Framework Class Library: - Using TNS Data Source = orcl; User ID = myUsername; Password = myPassword; - Using integrated security Data Source = orcl; Integrated Security = SSPI; - Using the Easy Connect Naming Method Data Source = username/password@//myserver:1521/my.server.com - Specifying Pooling parameters Data Source=myOracleDB; User Id=myUsername; Password=myPassword; Min Pool Size=10; Connection Lifetime=120; Connection Timeout=60; Incr Pool Size=5; Decr Pool Size=2; There are many variations of the connection strings, but the majority of connection strings are key value pairs delimited by semicolons. Attacks on connection strings are not new (see for example, this SANS White Paper on Securing SQL Connection String). Connection strings are vulnerable to injection attacks when dynamic string concatenation is used to build connection strings based on user input. When the user input is not validated or filtered, and malicious text or characters are not properly escaped, an attacker can potentially access sensitive data or resources. For a number of years now, vendors, including Oracle, have created connection string builder class tools to help developers generate valid connection strings and potentially prevent this kind of vulnerability. Unfortunately, not all application developers use these utilities because they are not aware of the danger posed by this kind of attacks. So how are Connection String parameter Pollution (CSPP) attacks different from traditional Connection String Injection attacks? First, let's look at what parameter pollution attacks are. Parameter pollution is a technique, which typically involves appending repeating parameters to the request strings to attack the receiving end. Much of the public attention around parameter pollution was initiated as a result of a presentation on HTTP Parameter Pollution attacks by Stefano Di Paola and Luca Carettoni delivered at the 2009 Appsec OWASP Conference in Poland. In HTTP Parameter Pollution attacks, an attacker submits additional parameters in HTTP GET/POST to a web application, and if these parameters have the same name as an existing parameter, the web application may react in different ways depends on how the web application and web server deal with multiple parameters with the same name. When applied to connections strings, the rule for the majority of database providers is the "last one wins" algorithm. If a KEYWORD=VALUE pair occurs more than once in the connection string, the value associated with the LAST occurrence is used. This opens the door to some serious attacks. By way of example, in a web application, a user enters username and password; a subsequent connection string is generated to connect to the back end database. Data Source = myDataSource; Initial Catalog = db; Integrated Security = no; User ID = myUsername; Password = XXX; In the password field, if the attacker enters "xxx; Integrated Security = true", the connection string becomes, Data Source = myDataSource; Initial Catalog = db; Integrated Security = no; User ID = myUsername; Password = XXX; Intergrated Security = true; Under the "last one wins" principle, the web application will then try to connect to the database using the operating system account under which the application is running to bypass normal authentication. CSPP poses serious risks for unprepared organizations. It can be particularly dangerous if an Enterprise Systems Management web front-end is compromised, because attackers can then gain access to control panels to configure databases, systems accounts, etc. Fortunately, organizations can take steps to prevent this kind of attacks. CSPP falls into the Injection category of attacks like Cross Site Scripting or SQL Injection, which are made possible when inputs from users are not properly escaped or sanitized. Escaping is a technique used to ensure that characters (mostly from user inputs) are treated as data, not as characters, that is relevant to the interpreter's parser. Software developers need to become aware of the danger of these attacks and learn about the defenses mechanism they need to introduce in their code. As well, software vendors need to provide templates or classes to facilitate coding and eliminate developers' guesswork for protecting against such vulnerabilities. Oracle has introduced the OracleConnectionStringBuilder class in Oracle Data Provider for .NET. Using this class, developers can employ a configuration file to provide the connection string and/or dynamically set the values through key/value pairs. It makes creating connection strings less error-prone and easier to manager, and ultimately using the OracleConnectionStringBuilder class provides better security against injection into connection strings. For More Information: - The OracleConnectionStringBuilder is located at http://download.oracle.com/docs/cd/B28359_01/win.111/b28375/OracleConnectionStringBuilderClass.htm - Oracle has developed a publicly available course on preventing SQL Injections. The Server Technologies Curriculum course "Defending Against SQL Injection Attacks!" is located at http://st-curriculum.oracle.com/tutorial/SQLInjection/index.htm - The OWASP web site also provides a number of useful resources. It is located at http://www.owasp.org/index.php/Main_Page

    Read the article

  • Mobile websites, where is it going to?

    - by Fadi Tiwari
    As building websites for mobile devices is becoming an important area I have a question that has some sub questions regarding this new field and the main question is: Will web development for mobile devices grow in the next few years? The sub questions are: Will there be standalone mobile web applications? meaning that a web application that is designed and developed to browse from mobile only? What about the advertisements and how can companies and freelancers get money from their mobile web applications? Cheers.

    Read the article

  • Hire Web Professionals To Get The Desired Results

    If you are looking for quality web design services, web development services, open source customization, Internet marketing and Ecommerce solutions, look no further than the World Wide Web. You will ... [Author: Asif Ahmed - Web Design and Development - April 06, 2010]

    Read the article

  • Customized Web Development Services

    Choosing between a web development company and a professional web development company is like choosing a rose from a bunch of thorns. In generic sense, every web development company offers elementary... [Author: Adam Mills - Web Design and Development - April 02, 2010]

    Read the article

  • Great Web Apps With New HTML5 APIs

    Great Web Apps With New HTML5 APIs This talk is in hebrew. It cover new techniques for building modern web apps and how to utilize the latest HTML5 APIs to create a new class of web apps that will delight and amaze your users. In this talk, Ido Green, developer advocate in Google and the author of Web Workers, will cover the following: - HTML5 APIs - New and useful. - Some tips on Chrome DevTools - ChromeOS update. From: GoogleDevelopers Views: 301 35 ratings Time: 01:08:05 More in Science & Technology

    Read the article

  • Web Based Project Management System

    We are very well aware about the software development life cycle and project management system. But many of the developers assume that it is available only as desktop application. But now a days there are many online web based project management tools are available in market. In this article I am providing information about what is web based project management system, the available open source web based PMS and the benefits of using web based project management system for business owners.

    Read the article

< Previous Page | 105 106 107 108 109 110 111 112 113 114 115 116  | Next Page >