Search Results

Search found 6870 results on 275 pages for 'admin privileges'.

Page 110/275 | < Previous Page | 106 107 108 109 110 111 112 113 114 115 116 117  | Next Page >

  • Cannot login to Activeadmin after gem update

    - by user1883793
    After bundle update I cannot login to my Activeadmin, here is the log. Is it because the unpermitted params? do I need to config strong parameter to make admin login work? I already have this code for devise: def configure_permitted_parameters devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:email, :password, :remember_me) } devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password) } end Started POST "/admin/login" for 127.0.0.1 at 2013-10-30 22:33:25 +1300 Processing by ActiveAdmin::Devise::SessionsController#create as HTML Parameters: {"utf8"=>"?", "authenticity_token"=>"MhoM/R/oVfad/iiov2zpqfoJ5XOSLda6rTl/V2cMIZE=", "admin_user"=>{"email"=>"[email protected]", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Login"} Completed 401 Unauthorized in 0.6ms Processing by ActiveAdmin::Devise::SessionsController#new as HTML Parameters: {"utf8"=>"?", "authenticity_token"=>"MhoM/R/oVfad/iiov2zpqfoJ5XOSLda6rTl/V2cMIZE=", "admin_user"=>{"email"=>"[email protected]", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Login"} Unpermitted parameters: email, password, remember_me Rendered /home/jcui/.rvm/gems/ruby-1.9.3-p194/gems/activeadmin-0.6.2/app/views/active_admin/devise/shared/_links.erb (0.6ms) Rendered /home/jcui/.rvm/gems/ruby-1.9.3-p194/gems/activeadmin-0.6.2/app/views/active_admin/devise/sessions/new.html.erb within layouts/active_admin_logged_out (118.2ms) Completed 200 OK in 130.7ms (Views: 129.9ms | ActiveRecord: 0.0ms | Solr: 0.0ms)

    Read the article

  • [iPhone] dyld: Library not loaded - When app run from the command line

    - by user142764
    Hi, I face some difficulties when adding a framework to my project when i run an iPhone app from the command line. My final goal is to run applications tests from an automated build process. When i run my app from xCode : I add a "Copy File" build phase to my target and everything goes fine. The copy is set to $(BUILT_PRODUCTS_DIR) as "Absolute path" When i run my app from the terminal (using iphonesim project) i get this error : dyld: Library not loaded: @rpath/OCMock.framework/Versions/A/OCMock UIKitApplication:indemnisation[0xb894][26380] Referenced from: /Users/Admin/Library/Application Support/iPhone Simulator/User/Applications/CD5729B5-A674-49B2-91F6-AD398094B6F8/indemINT.app/indemINT What i dont understand is that the copy build phase just copies the framework files in the same directory that the app. When i run the app from the command line the framework files are already in the same directory. Does anyone knows why it doesn't work ? I've also tried to add the OCMock.framework in the following directories (without success) : /Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator3.0.sdk/System/Library /Library/Frameworks /Users/Admin/Library/Application Support/iPhone Simulator/User/Applications/CD5729B5-A674-49B2-91F6-AD398094B6F8 Thanks in advance, Vincent.

    Read the article

  • ACL architechture for a Software As a service in Spring 3.0

    - by geoaxis
    I am making a software as a service using Spring 3.0 (Spring MVC, Spring Security, Spring Roo, Hibernate) I have to come up with a flexible access control list mechanism.I have three different kinds of users System (who can do any thing to the system, includes admin and internal daemons) Operations (who can add and delete users, organizations, and do maintenance work on behalf of users and organizations) End Users (they belong to one or more organization, for each organization, the user can have one or more roles, like being organization admin, or organization read-only member) (role like orgadmin can also add users for that organization) Now my question is, how should i model the entity of User? If I just take the End User, it can belong to one or more organizations, so each user can contain a set of references to its organizations. But how do we model the users role for each organization, So for example User UX belongs to organizations og1, og2 and og3, and for og1 he is both orgadmin, and org-read-only-user, where as for og2 he is only orgadmin and for og3 he is only org-read-only-user I have the possibility of making each user belong to one organization alone, but that's making the system bounded and I don't like that idea (although i would still satisfy the requirement) If you have a better extensible ACL architecture, please suggest it. Since its a software as a service, one would expect that alot of different organizations would be part if the same system. I had one concern that it is not a good idea to keep og1 and og2 data on the same DB (if og1 decides to spawn a 100 reports on the system, og2 should not suffer) But that is some thing advanced for now and is not directly related to ACL but to the physical distribution of data and setup of services based on those ACLs This is a community Wiki question, please correct any thing which you wish to do so. Thanks

    Read the article

  • Login URL using authentication information in Django

    - by fuSi0N
    I'm working on a platform for online labs registration for my university. Login View [project views.py] from django.http import HttpResponse, HttpResponseRedirect, Http404 from django.shortcuts import render_to_response from django.template import RequestContext from django.contrib import auth def index(request): return render_to_response('index.html', {}, context_instance = RequestContext(request)) def login(request): if request.method == "POST": post = request.POST.copy() if post.has_key('username') and post.has_key('password'): usr = post['username'] pwd = post['password'] user = auth.authenticate(username=usr, password=pwd) if user is not None and user.is_active: auth.login(request, user) if user.get_profile().is_teacher: return HttpResponseRedirect('/teachers/'+user.username+'/') else: return HttpResponseRedirect('/students/'+user.username+'/') else: return render_to_response('index.html', {'msg': 'You don\'t belong here.'}, context_instance = RequestContext(request) return render_to_response('login.html', {}, context_instance = RequestContext(request)) def logout(request): auth.logout(request) return render_to_response('index.html', {}, context_instance = RequestContext(request)) URLS #========== PROJECT URLS ==========# urlpatterns = patterns('', (r'^media/(?P<path>.*)$', 'django.views.static.serve', {'document_root': settings.MEDIA_ROOT }), (r'^admin/', include(admin.site.urls)), (r'^teachers/', include('diogenis.teachers.urls')), (r'^students/', include('diogenis.students.urls')), (r'^login/', login), (r'^logout/', logout), (r'^$', index), ) #========== TEACHERS APP URLS ==========# urlpatterns = patterns('', (r'^(?P<username>\w{0,50})/', labs), ) The login view basically checks whether the logged in user is_teacher [UserProfile attribute via get_profile()] and redirects the user to his profile. Labs View [teachers app views.py] from django.http import HttpResponse, HttpResponseRedirect, Http404 from django.shortcuts import render_to_response from django.template import RequestContext from django.contrib.auth.decorators import user_passes_test from django.contrib.auth.models import User from accounts.models import * from labs.models import * def user_is_teacher(user): return user.is_authenticated() and user.get_profile().is_teacher @user_passes_test(user_is_teacher, login_url="/login/") def labs(request, username): q1 = User.objects.get(username=username) q2 = u'%s %s' % (q1.last_name, q1.first_name) q2 = Teacher.objects.get(name=q2) results = TeacherToLab.objects.filter(teacher=q2) return render_to_response('teachers/labs.html', {'results': results}, context_instance = RequestContext(request)) I'm using @user_passes_test decorator for checking whether the authenticated user has the permission to use this view [labs view]. The problem I'm having with the current logic is that once Django authenticates a teacher user he has access to all teachers profiles basically by typing the teachers username in the url. Once a teacher finds a co-worker's username he has direct access to his data. Any suggestions would be much appreciated.

    Read the article

  • Error Ant Build/deploy to websphere 7.0

    - by adisembiring
    Hi I'm trying to build/deploy war to websphere process server 7.0. and I run on windows environment. I use http://illegalargumentexception.blogspot.com/2008/08/ant-automated-deployment-to-websphere.html as my reference. and http://illegalargumentexception.googlecode.com/svn/trunk/code/java/WebSphereAntFiles/ as my sample code to deployed. this is my buil.properies is ? #build properties mywebappear=D:/data/code/WebSphereAntFiles/scripts/test/mywebappEAR.ear #WAS6 install directory was_home=C:/IBM/WID7_WTE/runtimes/bi_v7 #server name (see cell/node/server; e.g. "server1") was_server=server1 #user + password; for use when security is enabled was_user=admin was_password=admin #stops scripts on problem was_failonerror=true #virtual host was_virtualhost=default_host #Absolute path to EAR file #was_ear=fooEAR.ear #Name of the enterprise application #was_appname=fooEAR this is my console while I trying to build with ws_ant.bat [wsDefaultBindings] mywebapp.war [wsDefaultBindings] <virtual-host> --> default_host [wsDefaultBindings] [wsDefaultBindings] ------------------------ [wsDefaultBindings] Saving EAR File to directory [wsDefaultBindings] Saved EAR File to directory Successfully test_wsStartServer: WAS_wsStartServer: depCheck: depCheck: [startServer] ADMU0116I: Tool information is being logged in file [startServer] C:\IBM\WID7_WTE\runtimes\bi_v7\profiles\qwps\logs\server1\startServer.log [startServer] ADMU0128I: Starting tool with the qwps profile [startServer] ADMU3100I: Reading configuration for server: server1 [startServer] ADMU3028I: Conflict detected on port 8880. Likely causes: a) An instance of [startServer] the server server1 is already running b) some other process is [startServer] using port 8880 [startServer] ADMU3027E: An instance of the server may already be running: server1 [startServer] ADMU0111E: Program exiting with error: [startServer] com.ibm.websphere.management.exception.AdminException: ADMU3027E: An [startServer] instance of the server may already be running: server1 [startServer] ADMU1211I: To obtain a full trace of the failure, use the -trace option. [startServer] ADMU0211I: Error details may be seen in the file: [startServer] C:/IBM/WID7_WTE/runtimes/bi_v7/profiles/qwps\logs\server1\startServer.log BUILD FAILED D:\data\code\WebSphereAntFiles\scripts\test\build.xml:68: The following error occurred while executing this line: D:\data\code\WebSphereAntFiles\scripts\was\wsStartServer.xml:49: Java returned: -1

    Read the article

  • Having Uploadify e-mail a link to download the file

    - by kwek-kwek
    Uploadify is a jQuery plugin that allows the easy integration of a multiple (or single) file uploads on your website. It requires Flash and any backend development language. An array of options allow for full customization for advanced users, but basic implementation is so easy that even coding novices can do it. I wanted to ask if It is possible to sends out a link of a file that has just been uploaded wioth the e-mail notification of Uploadify. Here is the code for uploadify.php : <?php if (!empty($_FILES)) { $tempFile = $_FILES['Filedata']['tmp_name']; $targetPath = $_SERVER['DOCUMENT_ROOT'] . $_REQUEST['folder'] . '/'; $targetFile = str_replace('//','/',$targetPath) . $_FILES['Filedata']['name']; // $fileTypes = str_replace('*.','',$_REQUEST['fileext']); // $fileTypes = str_replace(';','|',$fileTypes); // $typesArray = split('\|',$fileTypes); // $fileParts = pathinfo($_FILES['Filedata']['name']); // if (in_array($fileParts['extension'],$typesArray)) { // Uncomment the following line if you want to make the directory if it doesn't exist // mkdir(str_replace('//','/',$targetPath), 0755, true); move_uploaded_file($tempFile,$targetFile); echo "1"; // } else { // echo 'Invalid file type.'; // } } //define the receiver of the email $to = '[email protected]'; //define the subject of the email $subject = 'Test email'; //define the message to be sent. Each line should be separated with \n $message = "Hello World!\n\nThis is my first mail."; //define the headers we want passed. Note that they are separated with \r\n $headers = "From: [email protected]\r\nReply-To: [email protected]"; //send the email $mail_sent = @mail( $to, $subject, $message, $headers ); //if the message is sent successfully print "Mail sent". Otherwise print "Mail failed" echo $mail_sent ? "Mail sent" : "Mail failed"; ?>

    Read the article

  • Javassist failure in hibernate: invalid constant type: 60

    - by Kaleb Pederson
    I'm creating a cli tool to manage an existing application. Both the application and the tests build fine and run fine but despite that I receive a javassist failure when running my cli tool that exists within the jar: INFO: Bytecode provider name : javassist ... INFO: Hibernate EntityManager 3.5.1-Final Exception in thread "main" javax.persistence.PersistenceException: Unable to configure EntityManagerFactory at org.hibernate.ejb.Ejb3Configuration.configure(Ejb3Configuration.java:371) at org.hibernate.ejb.HibernatePersistence.createEntityManagerFactory(HibernatePersistence.java:55) at javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:48) at javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:32) ... at com.sophware.flexipol.admin.AdminTool.<init>(AdminTool.java:40) at com.sophware.flexipol.admin.AdminTool.main(AdminTool.java:69) Caused by: java.lang.RuntimeException: Error while reading file:flexipol-jar-with-dependencies.jar at org.hibernate.ejb.packaging.NativeScanner.getClassesInJar(NativeScanner.java:131) at org.hibernate.ejb.Ejb3Configuration.addScannedEntries(Ejb3Configuration.java:467) at org.hibernate.ejb.Ejb3Configuration.addMetadataFromScan(Ejb3Configuration.java:457) at org.hibernate.ejb.Ejb3Configuration.configure(Ejb3Configuration.java:347) ... 11 more Caused by: java.io.IOException: invalid constant type: 60 at javassist.bytecode.ConstPool.readOne(ConstPool.java:1027) at javassist.bytecode.ConstPool.read(ConstPool.java:970) at javassist.bytecode.ConstPool.<init>(ConstPool.java:127) at javassist.bytecode.ClassFile.read(ClassFile.java:693) at javassist.bytecode.ClassFile.<init>(ClassFile.java:85) at org.hibernate.ejb.packaging.AbstractJarVisitor.checkAnnotationMatching(AbstractJarVisitor.java:243) at org.hibernate.ejb.packaging.AbstractJarVisitor.executeJavaElementFilter(AbstractJarVisitor.java:209) at org.hibernate.ejb.packaging.AbstractJarVisitor.addElement(AbstractJarVisitor.java:170) at org.hibernate.ejb.packaging.FileZippedJarVisitor.doProcessElements(FileZippedJarVisitor.java:119) at org.hibernate.ejb.packaging.AbstractJarVisitor.getMatchingEntries(AbstractJarVisitor.java:146) at org.hibernate.ejb.packaging.NativeScanner.getClassesInJar(NativeScanner.java:128) ... 14 more Since I know the jar is fine as the unit and integration tests run against it, I thought it might be a problem with javassist, so I tried cglib. The bytecode provider then shows as cglib but I still get the exact same stack trace with javassist present in it. cglib is definitely in the classpath: $ unzip -l flexipol-jar-with-dependencies.jar | grep cglib | wc -l 383 I've tried with both hibernate 3.4 and 3.5 and get the exact same error. Is this a problem with javassist?

    Read the article

  • WinForms Load Event / Static Initialization Strangeness

    - by Eric J.
    Background I'm troubleshooting an WinForms 2.0 program that's already been burned to CD for distribution to an internet-challenged target audience. Some users are experiencing a fatal error that I can reproduce locally. Reproducing the Error I get the fatal error when I log into my Vista box using a standard user that I just created, even if I run the program as administrator. I do not get the fatal error when I log in as local administrator. I'm not sure that being administrator is necessarily the trigger (since runas did not help). I have reproduced this half a dozen times under each account with consistent results. The faulty code Base.cs (base class for several user controls, only one of which is shown on first screen) private void BaseWindow_Load(object sender, EventArgs e) { // This message shown once in both cases MessageBox.Show("BaseWindow_Load for " + this.GetType().FullName); SkinManager.ApplySkin(this); } SkinManager.cs private static Skin skin = null; public static void ApplySkin(UserControl applyTo) { if (skin == null) { skin = new Skin(SkinsDirectory, "Default"); } } Skin.cs internal Skin(string skinPath, string skinName) { config = SkinConfig.Load(path); } SkinConfig.cs public static SkinConfig Load(string path) { // This message shown only once running as Admin but twice running as standard user System.Windows.Forms.MessageBox.Show("@1"); // !!! LOCK path HERE !!! } A user control loads on the first form, which triggers a call to SkinManager.ApplySkin, which checks if skin is null and, if so assigns it (without thread synchronization or recursion protection), which ultimately causes a file to be opened. When logged in as local admin, that sequence completes just fine. When logged in as my test standard user, ApplySkin is always called a second time while skin is still null, causing a second attempt to load, causing the file to be locked on the second attempt. The error handling is draconian at this point and the program terminates. The Question While this code can be easily fixed, I would like to understand why the error is happening only in some cases.

    Read the article

  • This property cannot be set after writing has started! on a C# WebRequest Object

    - by EBAGHAKI
    I want to reuse a WebRequest object so that cookies and session would be saved for later request to the server. Below is my code. If i use Post function twice on the second time at request.ContentLength = byteArray.Length; it will throw an exception This property cannot be set after writing has started! But as you can see dataStream.Close(); Should close the writing process! Anybody knows what's going on? static WebRequest request; public MainForm() { request = WebRequest.Create("http://localhost/admin/admin.php"); } static string Post(string url, string data) { request.Method = "POST"; byte[] byteArray = Encoding.UTF8.GetBytes(data); request.ContentType = "application/x-www-form-urlencoded"; request.ContentLength = byteArray.Length; Stream dataStream = request.GetRequestStream(); dataStream.Write(byteArray, 0, byteArray.Length); dataStream.Close(); WebResponse response = request.GetResponse(); Console.WriteLine(((HttpWebResponse)response).StatusDescription); dataStream = response.GetResponseStream(); StreamReader reader = new StreamReader(dataStream); string responseFromServer = reader.ReadToEnd(); Console.WriteLine(responseFromServer); reader.Close(); dataStream.Close(); response.Close(); request.Abort(); return responseFromServer; }

    Read the article

  • XMLBeans - xsi:type stripped using Axis2 and Tomcat?

    - by Matthew Gamble
    I’m new to XMLBeans and have been trying to use it to create an XML document as part of an axis2 web service. When I run my code as a standard Java application or as a standard servlet, the XML is correctly generated: <?xml version="1.0" encoding="UTF-8"?> <c:BroadsoftDocument protocol="OCI" xmlns:c="C"> <sessionId>000000001</sessionId> <command xsi:type="AuthenticationRequest" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <userId>admin</userId></command> </c:BroadsoftDocument> However, when the exact same code is run under Axis2 & Tomcat in a servlet I get: <?xml version="1.0" encoding="UTF-8"?> <c:BroadsoftDocument protocol="OCI" xmlns:c="C"> <sessionId>000000001</sessionId> <command> <userId>admin</userId></command> </c:BroadsoftDocument> This of course isn’t valid – the xsi:type of the “command” element is stripped when the code is run under Tomcat. Does anyone have any suggestions of what I could be doing wrong that would cause this type of issue only when running under Axis2? At first I thought it was a Tomcat issue, but after creating a generic servlet and running the exact same code I don't have any issues. I've tried playing with the XMLOptions for XMLBeans, but couldn't seem to resolve the problem. The options I'm currently using are: xmlOptions = new XmlOptions(); xmlOptions.setCharacterEncoding("UTF-8"); xmlOptions.setUseDefaultNamespace(); xmlOptions.setSaveAggressiveNamespaces(); xmlOptions.setSavePrettyPrint();

    Read the article

  • Authentication problem with Wufoo

    - by fudgey
    I set up a Wufoo form with admin only portions that will only show up if I am logged in. I read through the Wufoo API documentation and I can get the authenication to work, but when I try to access the form after I authenticate, it says I need to authenticate. This is what I have so far (subdomain, api key & form id changed) <?php error_reporting(E_ALL); ini_set('display_errors', 1); $curl1 = curl_init('http://fishbowl.wufoo.com/api/v3/users.xml'); curl_setopt($curl1, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl1, CURLOPT_USERPWD, 'AOI6-LFKL-VM1Q-IEX9:footastic'); curl_setopt($curl1, CURLOPT_HTTPAUTH, CURLAUTH_ANY); curl_setopt($curl1, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl1, CURLOPT_FOLLOWLOCATION, false); curl_setopt($curl1, CURLOPT_USERAGENT, 'Wufoo Sample Code'); $response = curl_exec($curl1); $resultStatus = curl_getinfo($curl1); if($resultStatus['http_code'] == 200) { echo 'success!<br>'; } else { echo 'Call Failed '.print_r($resultStatus); } $curl2 = curl_init("http://fishbowl.wufoo.com/api/v3/forms/w7x1p5/entries.json"); curl_setopt($curl2, CURLOPT_HEADER, 0); curl_setopt($curl2, CURLOPT_RETURNTRANSFER, 1); $response = curl_exec($curl2); curl_close ($curl2); echo $response; curl_close($curl1); ?> It doesn't matter if I close $curl1 before or after I call $curl2, I get the same message on my screen: success! You must authenticate to get at the goodies. and I know the api, subdomain and form id are all correct. And one last bonus question... can I do all of this using Ajax instead? - the page I will be displaying the form on will already be limited to admin access, so exposing the API shouldn't matter.

    Read the article

  • How to make a GRANT persist for a table that's being dropped and re-created?

    - by Eli Courtwright
    I'm on a fairly new project where we're still modifying the design of our Oracle 11g database tables. As such, we drop and re-create our tables fairly often to make sure that our table creation scripts work as expected whenever we make a change. Our database consists of 2 schemas. One schema has some tables with INSERT triggers which cause the data to sometimes be copied into tables in our second schema. This requires us to log into the database with an admin account such as sysdba and GRANT access to the first schema to the necessary tables on the second schema, e.g. GRANT ALL ON schema_two.SomeTable TO schema_one; Our problem is that every time we make a change to our database design and want to drop and re-create our database tables, the access we GRANT-ed to schema_one went away when the table was dropped. Thus, this creates another annoying step wherein we must log in with an admin account to re-GRANT the access every time one of these tables is dropped and re-created. This isn't a huge deal, but I'd love to eliminate as many steps as possible from our development and testing procedures. Is there any way to GRANT access to a table in such a way that the GRANT-ed permissions survive a table being dropped and then re-created? And if this isn't possible, then is there a better way to go about this?

    Read the article

  • htaccess Redirect 301 problem .. all redirects with one string fail to redirect and 404

    - by Marty
    So I have moved a website and am trying to 301 redirect everything, which I do quite often so this is a weird problem but probably something stupid I'm not seeing. ALL of my redirects are working fine, except any redirect that the first string starts with "/Dining" or "/dining" are failing. For example, this redirect works fine- Redirect 301 /healthfitness/teeth.cfm /healthcare/pretty-teeth ...as well as 100s of others. But all of these are failing (many more than I'm showing)- Redirect 301 /Dining/diningreviews/vawines.cfm /shopping/wines-2004 Redirect 301 /Dining/diningathome/carrotcake.cfm /home-garden/carrot-cake-2003 Redirect 301 /Dining/diningathome/oldvarolls.cfm /home-garden/virginia-rolls-2003 Redirect 301 /Dining/diningathome/pumpkincake.cfm /home-garden/pumpkin-cake-2003 The top of my .htaccess file looks like this- RewriteEngine On RewriteBase / #uploaded files RewriteRule ^(.*/)?files/$ index.php [L] RewriteCond %{REQUEST_URI} !.*wp-content/plugins.* RewriteRule ^(.*/)?files/(.*) wp-content/blogs.php?file=$2 [L] # add a trailing slash to /wp-admin RewriteCond %{REQUEST_URI} ^.*/wp-admin$ RewriteRule ^(.+)$ $1/ [R=301,L] RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule . - [L] RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-.*) $2 [L] RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L] RewriteRule . index.php [L] <IfModule mod_security.c> <Files async-upload.php> SecFilterEngine Off SecFilterScanPOST Off </Files> </IfModule> #Everything below here are Redirect 301s

    Read the article

  • Am I under risk of CSRF attacks in a POST form that doesn't require the user to be logged in?

    - by Monika Sulik
    I'm probably being a total noob here, but I'm still uncertain about what a CSRF (Cross-Site Request Forgery) attack is exactly. So lets look at three situations... 1) I have a POST form that I use to edit data on my site. I want this data to be edited only by users that are logged in. 2) I have a site, which can be used by both users who are logged in as well as guests. Parts of the site are for logged in users only, but there are also POST forms that can be used by all users - anonymous and not (for example a standard contact form). Should the contact form be safeguarded against CSRF attacks? 3) I have a site which doesn't have an authentication system at all (well, perhaps that's unrealistic, so lets say it has an admin site which is separate from the rest of it and the admin part is properly safeguarded). The main part of the site is only used by anonymous users. Do the POST forms on it need to be safeguarded? In the case of 1) the answer is clearly yes. But in the case of 2 and 3 I don't know (and is the difference between 2 and 3 even significant?).

    Read the article

  • Smack API giving error while logging into Tigase Server setup locally

    - by Ameya Phadke
    Hi, I am currently developing android XMPP client to communicate with the Tigase server setup locally.Before starting development on Android I am writing a simple java code on PC to test connectivity with XMPP server.My XMPP domain is my pc name "mwbn43-1" and administrator username and passwords are admin and tigase respectively. Following is the snippet of the code I am using class Test { public static void main(String args[])throws Exception { System.setProperty("smack.debugEnabled", "true"); XMPPConnection.DEBUG_ENABLED = true; ConnectionConfiguration config = new ConnectionConfiguration("mwbn43-1", 5222); config.setCompressionEnabled(true); config.setSASLAuthenticationEnabled(true); XMPPConnection con = new XMPPConnection(config); // Connect to the server con.connect(); con.login("admin", "tigase"); Chat chat = con.getChatManager().createChat("aaphadke@mwbn43-1", new MessageListener() { public void processMessage(Chat chat, Message message) { // Print out any messages we get back to standard out. System.out.println("Received message: " + message); } }); try { chat.sendMessage("Hi!"); } catch (XMPPException e) { System.out.println("Error Delivering block"); } String host = con.getHost(); String user = con.getUser(); String id = con.getConnectionID(); int port = con.getPort(); boolean i = false; i = con.isConnected(); if (i) System.out.println("Connected to host " + host + " via port " + port + " connection id is " + id); System.out.println("User is " + user); con.disconnect(); } } When I run this code I get following error Exception in thread "main" Resource binding not offered by server: at org.jivesoftware.smack.SASLAuthentication.bindResourceAndEstablishSession(SASLAuthenticatio n.java:416) at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:331) at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:395) at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:349) at Test.main(Test.java:26) I found this articles on the same problem but no concrete solution here Could anyone please tell me the solution for this problem.I checked the XMPPConnection.java file in the Smack API and it looks the same as given in the link solution. Thanks, Ameya

    Read the article

  • Apache tomcat7 + couchdb in the same host

    - by demotics2002
    I couldn't find any guide on the internet about how to make them work together. I found some couchdb tutorials but they are mostly having the web pages hosted in couchdb's own webserver. My requirement: 1. Use tomcat 7 (or other versions) - i will be using jsp for the website. It has some features that require file upload and processing of files, file generation, and etc., that will require java. It also has admin console that will require the next item, 2. ExtJS (maybe V4) - I will be needing this in the admin console page for restful access to couchdb and other ui components (sorry but I am not considering jquery at the moment because I am already familiar with . 3. Couchdb - because the client needs a dynamic structure of data. Now my question is how to make tomcat and couchdb run on the same host (and port of course)? As much as possible I would like to avoid making my pages doing cross domain js calls. Worst case I may have to create a servlet that overrides put|get|post|delete that calls couchdb (either by using a driver or httpclient).

    Read the article

  • Which Django 1.2.x multilingual application to use?

    - by mawimawi
    There are a couple of different applications for internationalized content in Django. As of now I only have used http://code.google.com/p/django-multilingual/ in my production environments, but I wonder if there are "better" solutions for my wishes. What my staff users need is the following: An object is being created by a staff user in any language (e.g. "de") This object should be displayed in the german version of the website. When a staff user translates the object into a different language (e.g. "fr"), then the page must be visible in the french version as well. If an object is not translated in the visitor's currently selected language (e.g. "en"), then calling the objects url shall raise a 404 Error (or even better a notice that the object is only available in the languages "de" and "fr", and the visitor might be able to select one of the languages) My staff users are working in the admin interface, so the multilingual application must support this as well. I don't really care whether the multilingual app uses a single table with many fields (like title_en, title_de, title_fr) or a foreign key to a related table (as it is implemented in django-multlingual). I only want it to have a good admin interface and no "default" language, because some content might be available just in "de", and some other just in "fr" and "en". And the most important issue of course is compatibility with Django 1.2.x. What are your experiences and preferred apps, and why?

    Read the article

  • raw_id_fields for modelforms

    - by nbv4
    I have a modelform which has one field that is a ForeignKey value to a model which as 40,000 rows. The default modelform tries to create a select box with 40,000 options, which, to say the least is not ideal. Even more so when this modelform is used in a formset factory! In the admin, this is easiely avoidable by using "raw_id_fields", but there doesn't seem to be a modelform equivalent. How can I do this? Here is my modelform: class OpBaseForm(ModelForm): base = forms.CharField() class Meta: model = OpBase exclude = ['operation', 'routes'] extra = 0 raw_id_fields = ('base', ) #does nothing The first bolded line works by not creating the huge unwieldy selectbox, but when I try to save a fieldset of this form, I get the error: "OpBase.base" must be a "Base" instance. In order for the modelform to be saved, 'base' needs to be a Base instance. Apparently, a string representation of a Base primary key isn't enough (at least not automatically). I need some kind of mechanism to change the string that is given my the form, to a Base instance. And this mechanism has to work in a formset. Any ideas? If only raw_id_fields would work, this would be easy as cake. But as far as I can tell, it only is available in the admin.

    Read the article

  • Debugging Django project problem.

    - by Wasim
    Hi all, I asked this question before, but had no replies, maybe I wasn't so clear. I'm trying to debug a django project using MySQL database. If I run the admin or trying to use the shell to communicate to the data base every thing is well and I can do every thing. I installed MySQLdb for Python 2.6. I installed PyDev on my Apatana studio. Configured the Debugging with runserver 8001 --noreload. When I start debugging , When I arrive to the following code in C:\Python26\Lib\site-packages\django\db\backends\mysql\base.py try: import MySQLdb as Database except ImportError, e: from django.core.exceptions import ImproperlyConfigured raise ImproperlyConfigured("Error loading MySQLdb module: %s" % e) I get an import error : django.core.exceptions.ImproperlyConfigured: Error loading MySQLdb module: DLL load failed: The specified module could not be found. I trying to ge more deeply with the import MySQLdb as Database line , it goes to the C:\Python26\Lib\site-packages\MySQLdb__init__.py and fail in the line import _mysql. I can't understand the problem. When running the Django admin every thing is ok, but with debugging it fails to work. Any help please. Thanks in advance.

    Read the article

  • Set up Gitosis, but can't clone

    - by Tim Rupe
    I've set up Gitosis on a remote Ubuntu box which I will refer to as linuxserver as my host in the following commands. I'm also connecting from a Windows box using Cygwin. I followed the instructions according to: http://scie.nti.st/2007/11/14/hosting-git-repositories-the-easy-and-secure-way I had no problems up until I needed to clone the gitosis-admin repository to my local machine git clone git@linuxserver:gitosis-admin.git When I do this, the command executes, but hangs there displaying nothing until I ctrl-c to get back to a command prompt. No messages are displayed at all. I'm pretty sure I have my ssh keys set up properly, because logging in using "ssh linuxserver" into my regular account works perfectly without asking for a password. Edit: Over the weekend I set up a near identical Ubuntu box at home, and had no problem setting up Gitosis. The only difference was that I was connecting from OSX instead of Cygwin. Edit: I've also discovered that when using the Bash Shell provided with "Git Extensions", I have no problems, so the issue definitely seems to be some kind of Cygwin conflict. Edit: Just an update, but about a month after posting this question, I switched to Mercurial, and found that I prefer it much more than git. Thanks for the suggestions, but I don't plan on going back to git to try any of them out.

    Read the article

  • Using Mod-Rewrite in XAMPP

    - by rrrfusco
    I've followed some tutorials on how to use Mod_Rewrite, but it's not working out. I have a php index page that takes a page parameter like so: call: index?page=name1, name2, name3 etc. <?php if (isset($_GET['page'])) { switch($_GET['page']) { case 'front': include "front.php"; break; default: break; } } ? I'd like to run mod-rewrite so that the urls display as site.com/name1. Is this possible with the code i'm using above? Below is what I've been trying in the apache config files to no avail. apache/conf/http.conf line 122: LoadModule rewrite_module modules/mod_rewrite.so line 188: DocumentRoot "G:/xampp/htdocs" line 198: #default <Directory /> Options FollowSymLinks AllowOverride None Order deny,allow Deny from all </Directory> line 215: <Directory "G:/xampp/htdocs"> line 228: Options Indexes FollowSymLinks Includes ExecCGI line 235: AllowOverride All # cgi line 355: <Directory "G:/xampp/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory> G:\xampp\apache\conf\extra\http.v-hosts.conf <VirtualHost *:80> DocumentRoot G:/xampp/htdocs/ ServerName localhost ServerAdmin admin@localhost <Directory "G:/xampp/htdocs/localhost/"> Options Indexes FollowSymLinks AllowOverride FileInfo Order allow,deny Allow from all </Directory> </VirtualHost> <VirtualHost *:80> DocumentRoot G:/xampp/htdocs/site2/ ServerName site2.localhost ServerAdmin [email protected] <Directory "G:/xampp/htdocs/site2.localhost/"> Options Indexes FollowSymLinks AllowOverride FileInfo Order allow,deny Allow from all </Directory> </VirtualHost> .htaccess file IndexIgnore * RewriteEngine on RewriteRule ^([^/\.]+)/?$ /index.php?page=$1 [L]

    Read the article

  • Spring Security 3.0 - Intercept-URL - All pages require authentication but one

    - by gav
    Hi All, I want any user to be able to submit their name to a volunteer form but only administrators to be able to view any other URL. Unfortunately I don't seem to be able to get this correct. My resources.xml are as follows; <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <http realm = "BumBumTrain Personnel list requires you to login" auto-config="true" use-expressions="true"> <http-basic/> <intercept-url pattern="/person/volunteer*" access=""/> <intercept-url pattern="/**" access="isAuthenticated()" /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider> <user-service> <user name="admin" password="admin" authorities="ROLE_ADMIN"/> </user-service> </authentication-provider> </authentication-manager> </beans:beans> Specifically I am trying to achieve the access settings I described via; <intercept-url pattern="/person/volunteer*" access=""/> <intercept-url pattern="/**" access="isAuthenticated()" /> Could someone please describe how to use intercept-url to achieve the outcome I've described? Thanks Gav

    Read the article

  • jquery ajax form plugin submit multiple times to the server only when using IE6

    - by Dino
    I all. I have the following form used to temporarily upload a photo on a j2ee server and then crop it with imageAreaSelect plugin : <form name="formAvatarName" id="formAvatar" method="post" action="../admin/admin-avatar-upload" enctype="multipart/form-data"> <label>Upload a Picture of Yourself</label> <input type="file" name="upload" id="upload" size="20" /> <input type="button" id="formAvatarSubmit" value="formAvatar" onclick="invia()"/> </form> I am using jquery form plugin to do ajax submission, this is my last :) attempt : $('#formAvatar').unbind('submit').bind('submit', function() { alert('aho'); $(this).ajaxSubmit(options); return false; }); Only when tested with IE6 I can see that the sumbission to the server is done multiple times (first time I got the uploaded file, the other times the sumbmission seems empty and I got error). With IE7, IE8, FFOX, CHROME is working fine. Any Ideas? Many thank in advance!

    Read the article

  • PDF Form Field Manipulation

    - by 108039818756939362532
    I'm making a web interface to autofill pdf forms with user data from a database. The admin needs to be able to upload a pdf (right now targeted at IRS pdf forms) and then associate the fields in the pdf with data fields in the database. I need a way to help the admin associate the field names (stuff like "topmostSubform[0].Page2[0].p2-t66[0]") with the the data fields in the database. I'm looking for a way to modify the PDF programatically to in some way provide this information. Basically I'm open to suggestions on how I might make the field names appear in an obvious manner on a modified version of the original pdf. The closest I've gotten is being able to insert Tooltips into the fields in the pdf by just editting the raw pdf line by line. However when editting the pdf in this manner the field names are gibberish, and so I can't just use them. An optimal solution would be anything that could automatically parse a pdf and set each field's tooltip to be the fields name. Anything that can be run from the command line, or any python tool, or just a basic how to correctly parse a field's name from a raw pdf file would be amazing.

    Read the article

  • Differences in ansychronous VB.NET and C#???

    - by Jim Beam
    So I've been posting this week for help with an API that has asynchronous calls. You can view the CODE here: http://stackoverflow.com/questions/2638920/c-asynchronous-event-procedure-does-not-fire With a little more digging, I found out that the API is written in VB.NET and I created a VB.NET example and guess what . . . the asynchronous calls work like a charm. So, now I need to find out why the calls are not firing in the C# code I have. The API being written in VB really shouldn't matter, but again, the VB.NET code works and my C# does not. Is there a problem with the event handler and hows its being declared that causes it to not fire? UPDATE VB Code added Imports ClientSocketServices Imports DHS_Commands Imports DHS Imports Utility Imports SocketServices Class Window1 Public WithEvents AppServer As New ClientAppServer Public Token As LoginToken Private Sub login() Dim handler As New LoginHandler Token = handler.RequestLogin("admin", "admin", localPort:=12000, serverAddress:="127.0.0.1", serverLoginPort:=11000, clienttype:=LoginToken.eClientType.Client_Admin, timeoutInSeconds:=20) If Token.Authenticated Then AppServer = New ClientAppServer(Token, True) AppServer.RetrieveCollection(GetType(Gateways)) End If End Sub Private Sub ReceiveMessage(ByVal rr As RemoteRequest) Handles AppServer.ReceiveRequest If TypeOf (rr.TransferObject) Is Gateways Then MsgBox("dd") End If End Sub Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.Windows.RoutedEventArgs) Handles Button1.Click login() End Sub End Class

    Read the article

< Previous Page | 106 107 108 109 110 111 112 113 114 115 116 117  | Next Page >