Search Results

Search found 25872 results on 1035 pages for 'document security'.

Page 117/1035 | < Previous Page | 113 114 115 116 117 118 119 120 121 122 123 124 | Next Page >

How do IPC generate security holes

- by Walidix

Please some explanations and examples on how Inter-process communications can generate security holes Thank you in advance

Read the article
Spring validation has error in XML document from ServletContext resource

- by user1441404

I applied spring validation in my registration page .but the follwing error are shown in my server log of my app engine server. javax.servlet.UnavailableException: org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 22 in XML document from ServletContext resource [/WEB-INF/spring/appServlet/servlet-context.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 22; columnNumber: 30; cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'property'. My code is given below : <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-3.0.xsd > <beans:bean name="/register" class="com.my.registration.NewUserRegistration"> <property name="validator"> <bean class="com.my.validation.UserValidator" /> </property> <beans:property name="formView" value="newuser"></beans:property> <beans:property name="successView" value="home"></beans:property> </beans:bean> <beans:bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <beans:property name="prefix" value="/WEB-INF/views/" /> <beans:property name="suffix" value=".jsp" /> </beans:bean> </beans:beans>

Read the article
implementing security with session variables, how it is insecure

- by haansi

I am doing web based projects in dotnet. Currently I am implementing security using session variables. I keep current user id and user type in session and authenticate user from these session variables (say Session["UserId"],Session["UserName"] and Session["UserType"]). Please help me understand how this could be insecure. I've heard that such security can be broken and applications can be hacked very easily, like it is possible to get session id and directly connect to that session id etc. Please guide me on this.

Read the article
pyPDF - Retrieve page numbers from document

- by SquidneyPoitier

At the moment I'm looking into doing some PDF merging with pyPdf, but sometimes the inputs are not in the right order, so I'm looking into scraping each page for its page number to determine the order it should go in (e.g. if someone split up a book into 20 10-page PDFs and I want to put them back together). I have two questions - 1.) I know that sometimes the page number is stored in the document data somewhere, as I've seen PDFs that render on Adobe as something like [1243] (10 of 150), but I've read documents of this sort into pyPDF and I can't find any information indicating the page number - where is this stored? 2.) If avenue #1 isn't available, I think I could iterate through the objects on a given page to try to find a page number - likely it would be its own object that has a single number in it. However, I can't seem to find any clear way to determine the contents of objects. If I run: pdf.getPage(0).getContents() This usually either returns: {'/Filter': '/FlateDecode'} or it returns a list of IndirectObject(num, num) objects. I don't really know what to do with either of these and there's no real documentation on it as far as I can tell. Is anyone familiar with this kind of thing that could point me in the right direction?

Read the article
Restructure an xml document

- by krishna

here is my structure of xml document, <worldpatentdata> <patent-family> <exchange-documents>......</exchange-documents> <exchange-documents>......</exchange-documents> <exchange-documents>......</exchange-documents> <familymember>.....</familymember> <exchange-documents>......</exchange-documents> <exchange-documents>......</exchange-documents> <familymember>.....</familymember> <exchange-documents>......</exchange-documents> <exchange-documents>......</exchange-documents> <familymember>.....</familymember> </patent-family> </worldpatentdata> In the above xml structure,all the element is found to be child node of element. I want these elements as childnode of element,so that the xml have the following structure, <worldpatentdata> <patent-family> <familymember>..... <exchange-documents>......</exchange-documents> <exchange-documents>......</exchange-documents> <exchange-documents>......</exchange-documents> </familymember> <familymember>..... <exchange-documents>......</exchange-documents> <exchange-documents>......</exchange-documents> </familymember> <familymember>..... <exchange-documents>......</exchange-documents> <exchange-documents>......</exchange-documents> </familymember> </patent-family> </worldpatentdata> can anybody help me on this? thanks

Read the article
Secure WS client with UsernameToken(SOAP security header)

- by user79163

Hi, I'm trying to secure my WS client to be able to call the WS. My code looks like this: SendSmsService smsService = new SendSmsService(); SendSms sendSMS = smsService.getSendSms(); BindingProvider stub = (BindingProvider)sendSMS; //Override endpoint with local copy of wsdl. String URL ="";//here is the wsdl url Map<String,Object> requestContext = stub.getRequestContext(); requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, URL); //Set usernametoken URL fileURL = loader.getResource("client-config.xml"); File file = new File(fileURL.getFile()); FileInputStream clientConfig = null; try { clientConfig = new FileInputStream(file); } catch (FileNotFoundException e) { e.printStackTrace(); } XWSSecurityConfiguration config = null; try { config = SecurityConfigurationFactory.newXWSSecurityConfiguration(clientConfig); } catch (Exception e) { e.printStackTrace(); log.warn("Exception: "+e.getMessage()); } requestContext.put(XWSSecurityConfiguration.MESSAGE_SECURITY_CONFIGURATION, config); //Invoke the web service String requestId = null; try { requestId = sendSMS.sendSms(addresses, senderName, charging, message, receiptRequest); } catch (PolicyException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (ServiceException e) { // TODO Auto-generated catch block e.printStackTrace(); } and the config file looks like this: <xwss:JAXRPCSecurity xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" optimize="true"> <xwss:Service> <xwss:SecurityConfiguration dumpMessages="true" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config"> <xwss:UsernameToken name="username" password="password> </xwss:SecurityConfiguration> </xwss:Service> <xwss:SecurityEnvironmentHandler> util.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler> </xwss:JAXRPCSecurity> The SecurityEnviromentHandler is a dummy class that implements javax.security.auth.callback.CallbackHandler. Authentication must be in compliance with Oasis Web Services Security Username Token Profile 1.0. But I'm constantly getting "Security header not valid" error. Where am I going wrong, can anyone tell me. I used wsimport(JAX_WS 2.1 to generate classes for my client) Note:Only thing I know about this WS is WSDL URL and user&pass for authentication

Read the article
Best suited tool to document message processing done in C written program

- by user3494614

I am relatively new to UML and it's seems to be very vast I have a small program which basically receives messages on socket and then depending upon message ID embedded as first byte of message it processes the buffer. There are around 5 different message ID which it processes and communicates on another socket and has around 8 major functions. So program in short is like this. I am not pasting entire .c file or main function but just giving some bits and pieces of it so that to get idea of program flow. int main(int argc, char** argv) { register_shared_mem(); listen(); while(get_next_message(buffer)) { switch((msg)(buffer)->id) { case TYPE1: process1(); answer(); ..... } } } I want to document this is pictorial way like for Message type 1 it calls this function which calls another and which calls another. Please let me know any open source tool which will allow me to quickly draw such kind of UML or sequence diagram and will also allow me to write brief description of what each function does? Thanks In Advance

Read the article
Converting a soap message to a document using wssj

- by ellander

I have been supplied with a jar file that should enable me to connect to a 3rd party system. When I run the necessary class I get an error which states that the namespace for the prefix "SOAPENV" has not been declared. Using jad I have decompiled the class files to try suss out what is going on and the error seems to occur when a soap message is being converted to a document. Unfortunately I don't know much about wssj. Can anyone suggest what the problem might be? I'm wondering if it's an incompatibility issue as it's not a recently created jar file and the decompiled code looks different to all the examples I can find. For example, in this section the examples have addNamesSpaceDeclaration rather than addAttribute... MessageFactory factory = MessageFactory.newInstance(); SOAPFactory sf = SOAPFactory.newInstance(); SOAPMessage msg = factory.createMessage(); MimeHeaders headers = msg.getMimeHeaders(); headers.addHeader("Content-Type", "text/xml"); SOAPEnvelope env = msg.getSOAPPart().getEnvelope(); env.addAttribute(sf.createName("xmlns:xsi"), "http://www.w3.org/2001/XMLSchema-instance");

Read the article
Getting document.getElementsByName from another page PHP/javascript

- by DarkN3ss

so i have been looking around on how to do this but with no success. Im trying to get the value of the name test from an external website <input type="hidden" name="test" value="ThisIsAValue" /> But so far i have only found how to get the value of that with an ID <input type="hidden" id="test" name="test" value="ThisIsAValue" autocomplete="off" /> but I need to try find it without a ID is my problem. And this is an example on how to get it from the ID <?php $doc = new DomDocument; $doc->validateOnParse = true; $doc->loadHtml(file_get_contents('http://example.com/bla.php')); var_dump($doc->getElementById('test')); ?> And i have found how to get it from name and NOT ID on the same page <script> function getElements() { var test = document.getElementsByName("test")[0].value; alert(test); } </script> But again I dont know how to get the value of it by name from an external page eg "http://example.com/bla.php", any help? Thanks

Read the article
The elements do not fall into document('').

- by Kalinin

xslt: <my:translations xmlns:my="my:my"> <w e="name" r="????????"/> <w e="model" r="??????"/> <w e="year" r="???"/> <w e="glass_type" r="???"/> <w e="scancode" r="???????"/> <w e="eurocode" r="???????"/> <w e="comment" r="???????????"/> <w e="glass_size" r="??????"/> <w e="vendor" r="?????????????"/> <w e="trademark" r="???????? ?????"/> <w e="fprice" r="????"/> </my:translations> <xsl:value-of select="count(document('')//w)"/> returns 0. In what may be the problem?

Read the article
DynamicContent.html: Write a JavaScript in an HTML document that can change the content of an HTML e

- by A sw A

ShowHide.html: Write a JavaScript in an HTML document that displays an image and allows the user to toggle the image between appearing and not appearing in the document. Place your image in a (division) tag that has a style attribute. “style.visibility” can take two values: “visible” and “hidden”. The document has a button called “Toggle Image”, which calls the toggle function upon the event “onclick”. DynamicColors.html: Write a JavaScript in an HTML document that changes the background and foreground colors of the body of a document according to the user input. The document has two input texts: background color and foreground color. The colors change when the event “onchange” occurs as you type in the text input and the event handler is called. Your event handler takes two parameters: “where”, and “newColor”. To change the document color and background color you need to change the elements document.body.style.color and document.body.style.backgroundColor. Available colors are: black, silver, gray, white, maroon, red, purple, fuchsia, green, lime, olive, yellow, navy, blue, teal, and aqua. DynamicContent.html: Write a JavaScript in an HTML document that can change the content of an HTML element (a help box). The content of an element is accessed through its “value” property. The content of a help box can change depending on the placement of the mouse cursor. When the cursor is placed over a particular input field (“onmouseover” event), the help box can display advice on how the field is to be filled. When the cursor is moved away from the input field (“onmouseout” event), the help box content changes to simply indicate that assistance is available. Your messages are stored in an array of strings.

Read the article
how can i read the integer value from xml document in objective-c

- by uttam

this is my xml document, i want to use the value of id and mlsid in in my viewcontroller. how can i read it. <Table> <ID>1</ID> <MLSID>70980420</MLSID> <STREET_NO>776</STREET_NO> <STREET_NAME>Boylston</STREET_NAME> <AreaName>Back Bay</AreaName <Table> i have created one object file book which store the all value of xml data and then i put that objects in the array . now i am able to retrive the string value but not getting the integer value. this is my object class. @interface Book : NSObject { NSInteger ID; NSInteger MLSID //Same name as the Entity Name. } how to trieve the value of MLSID in the viewcontroller. or how to print it.

Read the article
how to remove security settings from a connection string in vb.net

- by teju

hi i am trying to add data to the database that was created by some one but when am trying to insert or delete or update the exception is raising and entire project is not working properly and the error i am facing is "A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)" so now what should i do to resolve this error and my connection string is written as Dim CON As New SqlConnection("Integrated Security=SSPI; Persist Security Info=False;Initial Catalog=DIGITALGAMES; Data Source=TEJUS-PC\SQLEXPRESS") is there any problem with my connection string ??

Read the article
PHP security scanner

- by phpExe

Is there any easy to use PHP Security Scanner? Thanks alote

Read the article
How to create a Global Rule that stores a document’s folder path in a custom metadata field

- by Nicolas Montoya

Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} How to create a Global Rule that stores a document’s folder path in a custom metadata field Efficiency purists would argue that redundancy is not necessary. In real life, we are willing to pay a price for performance –i.e. to have information at our fingertips. We have run into customers opting to store a document folder path as a document metadata field. They have their reasons, half of the ECM community will agree with them, and the other half would raise an eye brow. In the end, they are getting creative to achieve their document management goals. The below steps outlines how to create a Global Rule that would store a document’s folder path in a custom metadata field: Create a Global Rule via Configuration Manager > Rules Tab > Add Then check “Is global rule with priority”. Then check “Use rule activation condition”. The go to “Edit” and check the actions for this Script Properties: Then click OK, and the following rule activation condition will appear: Then Goto to the Fields Tab and add a Rule Field: Select the target Custom Metadata Field and click Ok, then check the “Is derived field”, then “Edit”, then go to the Custom Tab in the Script Properties window and enter the below custom script: <$if #active.dCollectionPath$> <$dprDerivedValue=#active.dCollectionPath$> <$else$> <$dprDerivedValue=#active.xCollectionIDPath$> <$endif$> For more information on the dCollectionPath property, check Section 8.2 Folder Services from the Oracle® Fusion Middleware Services Reference Guide for Oracle Universal Content Management 11g Release 1 (11.1.1) http://docs.oracle.com/cd/E21043_01/doc.1111/e11011/c08_folders002.htm The above rule will keep the Custom Metadata Field updated with the Folder Path information when a document is checked in via the Content Server (CS) Web Interface or the Desktop Integration Suite (DIS).

Read the article
Create files on C:\ root gives error 0x80070522

- by Bryan

One of our customers has just found a problem when trying to create a file on the root of the C:\ Drive, on a Windows 7 Professional PC. I know they shouln't be keeping files here, but there is a valid reason in this case, so I've relaxed the security on the root of C:\ by giving the group 'users' modify permission. Before I relaxed the security, the user was receiving 'access denied', but now they are receiving the message: An unexpected error is keeping you from creating the file. If you continue to recieve this error, you can use the error code to search for help with this problem. Error 0x80070522: A required priviledge is not held by the client. Googling for this suggests that it is caused by UAC, but how can I get round this when the user doesn't have admin rights on their PC?

Read the article
How to run Firefox in Protected Mode? (i.e. at low integrity level)

- by Ian Boyd

i noticed that Firefox, unlike Chrome and Internet Explorer, doesn't run in the Low Mandatory Level (aka Protected Mode, Low Integrity) Google Chrome: Microsoft Internet Explorer: Mozilla Firefox: Following Microsoft's instructions, i can manually force Firefox into Low Integrity Mode by using: icacls firefox.exe /setintegritylevel Low But Firefox doesn't react well to not running with enough rights: i like the security of knowing that my browser is running with less rights than i have. Is there a way to run Firefox into low rights mode? Is Mozilla planning on adding "protected mode" sometime? Has someone found a workaround to Firefox not handling low rights mode? Update From a July 2007 interview with Mike Schroepfer, VP of Engineering at the Mozilla Foundation: ...we also believe in defense in depth and are investigating protected mode along with many other techniques to improve security for future releases. After a year and a half it doesn't seem like it is a priority.

Read the article
Locking down a box on the web

- by glowcoder

I'm a Java developer who is looking to put a game on the web. I'm not much of a web or server guy, though, and frankly I seem a little lost at where I should start with putting something on the web. My application works fine on my machine, and I'm sure I can make it work fine on any box I put it on. But the security of that box is pretty important. If I sign up for a standard hosting package (let's say from GoDaddy or something) can I simply tell them "make port 12345 open for communication" and let them handle the rest of the security details? If I can't, what are the things I'm going to need to know to prevent my game server from getting hacked to shreds? (Links to solid resources fine by me!) Thanks!

Read the article
Recursive reset file permissions on Windows

- by Peter Horvath

There is a big, complex directory structure on a relative big NTFS partition. Somebody managed to put very bad security privileges onto it - there are directories with randomly given/denied permissions, etc. I already run into permission bugs multiple times, and I found insecure permission settings multiple times (for example, write permissions for "Everyone", or false owners). I don't have time to check everything by hand (it is big). But luckily, my wishes are very simple. The most common: read/write/execute on anything for me, and maybe read for Everyone. Is it possible to somehow remove all security data from a directory and giving my (simple) wishes to overwrite everything there? On Unix, I used a chown -R ..., chmod -R ... command sequence. What is its equivalent on Windows?

Read the article
Is dual-booting an OS more or less secure than running a virtual machine?

- by Mark

I run two operating systems on two separate disk partitions on the same physical machine (a modern MacBook Pro). In order to isolate them from each other, I've taken the following steps: Configured /etc/fstab with ro,noauto (read-only, no auto-mount) Fully encrypted each partition with a separate encryption key (committed to memory) Let's assume that a virus infects my first partition unbeknownst to me. I log out of the first partition (which encrypts the volume), and then turn off the machine to clear the RAM. I then un-encrypt and boot into the second partition. Can I be reasonably confident that the virus has not / cannot infect both partitions, or am I playing with fire here? I realize that MBPs don't ship with a TPM, so a boot-loader infection going unnoticed is still a theoretical possibility. However, this risk seems about equal to the risk of the VMWare/VirtualBox Hypervisor being exploited when running a guest OS, especially since the MBP line uses UEFI instead of BIOS. This leads to my question: is the dual-partitioning approach outlined above more or less secure than using a Virtual Machine for isolation of services? Would that change if my computer had a TPM installed? Background: Note that I am of course taking all the usual additional precautions, such as checking for OS software updates daily, not logging in as an Admin user unless absolutely necessary, running real-time antivirus programs on both partitions, running a host-based firewall, monitoring outgoing network connections, etc. My question is really a public check to see if I'm overlooking anything here and try to figure out if my dual-boot scheme actually is more secure than the Virtual Machine route. Most importantly, I'm just looking to learn more about security issues. EDIT #1: As pointed out in the comments, the scenario is a bit on the paranoid side for my particular use-case. But think about people who may be in corporate or government settings and are considering using a Virtual Machine to run services or applications that are considered "high risk". Are they better off using a VM or a dual-boot scenario as I outlined? An answer that effectively weighs any pros/cons to that trade-off is what I'm really looking for in an answer to this post. EDIT #2: This question was partially fueled by debate about whether a Virtual Machine actually protects a host OS at all. Personally, I think it does, but consider this quote from Theo de Raadt on the OpenBSD mailing list: x86 virtualization is about basically placing another nearly full kernel, full of new bugs, on top of a nasty x86 architecture which barely has correct page protection. Then running your operating system on the other side of this brand new pile of shit. You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes. -http://kerneltrap.org/OpenBSD/Virtualization_Security By quoting Theo's argument, I'm not endorsing it. I'm simply pointing out that there are multiple perspectives here, so I'm trying to find out more about the issue.

Read the article
Unable to copy files previously extracted from archives created on a Mac, even after claiming ownership

- by Maxim Zaslavsky

I reinstalled Windows on my computer today, and backed up my music to a USB drive. Now, I'm trying to copy the files onto my fresh Windows partition, but I'm unable to copy files that I obtained within my previous Windows installation from zip archives created on Macs. When I try to copy those previously-extracted files, I get an error saying that I need permission from S-1-5-21-...-1000 (a bizarre long ID). The first thing I tried was to take ownership of the files by setting my new user account as the owner, but that resulted in errors saying that I need permission from myself! Some Googling suggested adding antivirus suggestions, so I excluded the relevant folders from Microsoft Security Essentials, but the issue persists. For what it's worth, it seems that some program (so far I've only installed Chrome, Microsoft Security Essentials, and the latest Windows updates) created an empty folder named 601c8c7f0e0c03f725 at the root of my external USB hard drive. What gives?

Read the article
WIndows 2008 intrusion detection

- by zsharp

Are there any recommendations for an IDS and other critical security services for a Windows 2008 webserver?

Read the article
VPN authentication and MAC addresses

- by zakk

I have to set up a VPN (various clients connecting to a web service on a server, which is also the VPN server) and I want to make sure that no user will share his/her credentials with third parties. I know that this problem is not solvable completely, but I'd want to set up some additional security checks... Some idea I have: 1) An additional check on MAC address, but... are MAC addresses preserved thru VPN? 2) Some kind of extra identification of the client (User Agent, open ports, I want to make sure that is the very same client I authorized). 3) I would like to avoid commercial solutions like a security token... I realize it would be the perfect solution, but it will be to expensive, I suppose... Do you feel that these options are viable? Do you have any other ideas? Thanks in advance for your replies!

Read the article
Recommended apps for securing/protecting a new desktop machine install?

- by Eddie Parker

I'm hoping to harness the collective tips of superuser to gather recommended apps/configurations to keep a new desktop clean, virus free, and hopefully lower software rot. I ask because I've recently come across tools like dropbox, deepfreeze, returnil, etc, and I'm curious what other ones are out there to protect a new box. I personally am interested in Windows, but feel free to comment on whatever OS you'd like, freeware or otherwise. Ideally specify the OS in your answer(s). One answer per program please. Then, rather than duplicate posts, vote for the program if it is already listed. UPDATE: It's been noted that there are other questions similar to this one [1], so I'd ask that these answers focus on security and protection. [1] Related questions: http://superuser.com/questions/1241/what-are-some-must-have-windows-programs http://superuser.com/questions/1191/what-are-some-must-have-mac-os-x-programs http://superuser.com/questions/1430/must-have-linux-software http://superuser.com/questions/3855/must-have-networking-security-tools

Read the article
cannot add a user to sysadmin role in SQL Server

- by George2

I am using SQL Server 2008 Management Studio. The current logon account belongs to machine local administrator group. I am using Windows Integrated Security mode in SQL Server 2008. My issue is, after log into SQL Server Management Studio, I select my login name under Security/Logins, then select Server Roles Tab, then select the last item -- sysadmin to make myself belong to this group/role, but it says I do not have enough permission. Any ideas what is wrong? I think local administrator should be able to do anything. :-)

Read the article

< Previous Page | 113 114 115 116 117 118 119 120 121 122 123 124 | Next Page >