Search Results

Search found 13853 results on 555 pages for 'soa security'.

Page 122/555 | < Previous Page | 118 119 120 121 122 123 124 125 126 127 128 129  | Next Page >

  • Stream post URL security and wall post links

    - by Jeff Lee
    Our app's mobile client can create wall post links to our app's web-facing pages. Since this happens in the context of a mobile app, we do this on behalf of our user using the Graph API's feed/message endpoint. I noticed that the links showing up in the wall posts are being routed through our app's auth dialog, which is NOT what we want. We just want transparent links, without forcing the client to auth our app, similar to what happens when you share to FB in Path. I went ahead and disabled the "Stream post URL option" several hours ago, but we still seem to be getting the re-routed links for wall posts. The target URLs for these links are within the domain we've registered for our Facebook app. Is there anything else I need to do fix this?

    Read the article

  • IE6 https security message appearing after closing jQuery colorbox overlay

    - by RyanP13
    I am working on a secure site, https. I am using the colorbox jquery plugin to iframe another page from the same site over the current content. In IE6 when i close the colorbox overlay i get the following message: "This page contains both secure and nonsecure items. Do you want to display the nonsecure items?" Any ideas why this is happening? Can it be prevented? Assume i would have to make the whole site http rather than https but this is not possible as we have online payments.

    Read the article

  • code access security

    - by rkrauter
    Why do I need to Demand permission? Why can't it simply fail (commenting out the .Demand() call)? ref: http://support.microsoft.com/kb/315529 Thanks! try { // Demand the permission to access the C:\Temp folder. permFileIO.Demand(); resultText.Append("The demand for permission to access the C:\\Temp folder succeeded.\n\n"); }

    Read the article

  • Security & Authentication: SSL vs SASL

    - by 4herpsand7derpsago
    My understanding is that SSL combines an encryption algorithm (like AES, DES, etc.) with akey exchange method (like Diffier-Hellman) to provide secure encryption and identification services between two endpoints on an un-secure network (like the Internet). My understanding is that SASL is an MD5/Kerberos protocol that pretty much does the same thing. So my question: what are the pros/cons to choosing both and what scenarios make both more preferable? Basically, I'm looking for a guidelines to follow when choosing SSL or to go with SASL instead. Thanks in advance!

    Read the article

  • WCF cross-domain policy security error

    - by George2
    Hello everyone, I am using VSTS 2008 + C# + WCF + .Net 3.5 + Silverlight 3.0. I host Silverlight control in an html page and debug it from VSTS 2008 (press F5, then run in VSTS 2008 built-in ASP.Net development web server), then call another WCF service (hosted in another machine running IIS 7.0 + Vista). The WCF service is very simple, just return a constant string to client. When invoking the WCF service from Silverlight, I got the following error message, An error occurred while trying to make a request to URI 'https://LabTest/Test.svc'. This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for SOAP services. You may need to contact the owner of the service to publish a cross-domain policy file and to ensure it allows SOAP-related HTTP headers to be sent. This error may also be caused by using internal types in the web service proxy without using the InternalsVisibleToAttribute attribute. Please see the inner exception for more details. Here is the clientaccesspolicy.xml file, anything wrong? <?xml version="1.0" encoding="utf-8" ?> <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*"> <domain uri="*"> </domain> </allow-from> <grant-to> <resource path="/" include-subpaths="true"></resource> </grant-to> </policy> </cross-domain-access> </access-policy> thanks in advance, George

    Read the article

  • No Microsoft Security Essentials for Windows 8. So, how to access similar Defender features/settings?

    - by Chris W. Rea
    I just installed Windows 8 Pro. One of the first things I went to do is install Microsoft Security Essentials, thinking I still needed add-on security software, but I've learned here that it isn't required for Windows 8. Witness: Got Windows 8 or Windows RT? Windows Defender for Windows 8 and Windows RT provides the same level of protection against malware as Microsoft Security Essentials. You can't use Microsoft Security Essentials with Windows 8, but you don't need to — Windows Defender is already included and ready to go. [...] All well and good. However, on Windows 7, once you installed Microsoft Security Essentials, you got a tray icon, and from there you could access the features of MSE, such as perform custom scans, turn off real-time protection (temporarily, of course), check for updates, etc. However, Defender on Windows 8 doesn't display a tray icon – and yes, I've already made sure I'm displaying all icons in the notification area. So, how to access the similar specific features of Windows Defender on Windows 8?

    Read the article

  • Castle windsor security exception

    - by Sunil
    I developed a small WCF service that uses Castle Windsor IoC container and it works fine on my PC. When I deploy it onto a Win 2008 R2 server and host the WCF service in IIS 7 it fails with the following error. I checked the server level web.config and the trust level is set to "Full". What do I need to do to get this to work. As a test I deployed the same service as it is onto a Windows 2003 server with the trust level set to "Full" and it works fine. I am unable to figure out what setting/configuration I am missing on the 2008 server that is making the service fail. Stack Trace: [SecurityException: That assembly does not allow partially trusted callers.] Castle.Windsor.WindsorContainer..ctor() +0 WMS.ServiceContractImplementation.IoC.IoCInstanceProvider..ctor(Type serviceType) in D:\WCF\WCFProofOfConcept\WMSServices \WMS.ServiceContractImplementation\IoC\IoCInstanceProvider.cs:19 WMS.ServiceContractImplementation.IoC.IoCServiceBehavior.ApplyDispatchBehav­ior(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase) in D:\WCF \WCFProofOfConcept\WMSServices\WMS.ServiceContractImplementation\IoC \IoCServiceBehavior.cs:24 System.ServiceModel.Description.DispatcherBuilder.InitializeServiceHost(Ser­viceDescription description, ServiceHostBase serviceHost) +377 System.ServiceModel.ServiceHostBase.InitializeRuntime() +37 System.ServiceModel.ServiceHostBase.OnBeginOpen() +27 System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout) +49 System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +261 System.ServiceModel.HostingManager.ActivateService(String normalizedVirtualPath) +121 System.ServiceModel.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath) +479

    Read the article

  • read java.security.key stored as object inside a file which is in jar

    - by Tal
    I saved a PublicKey instance in a file using ObjectOutputStream. This file is then stored inside a jar file which is then loaded by JBoss. I'm trying to read this file but it throws me an exception telling that it's not serializable. Here is the code : InputStream input = KeyLoader.class.getClassLoader().getResourceAsStream(resource); ObjectInputStream objectInputStream = new ObjectInputStream(input); Object obj = objectInputStream.readObject(); Key output = (Key) obj; objectInputStream.close(); return output; which throws me this exception An exception occurred: java.io.NotSerializableException

    Read the article

  • Servlet Security question about j_security_check, j_username and j_password

    - by Nitesh Panchal
    Hello, I used jdbcRealm in my web application and it's working fine. I defined all constraints also in my web.xml. Like all pages of url pattern /Admin/* should be accessed by only admin. I have a login form with uses standard j_security_check, j_username and j_password. Now, when i type Admin/home.jsf it rightly redirects me login.jsf and there when i type the password i am redirected to home.jsf. This works alright but problem comes i directly go to login.jsf and then type password and username. This time it again redirects me to login.jsf. Is there any way through which i can specify which page to go when successful login is there? I need to specify different different pages for different roles. For Admin, it is /Admin/home.jsf for general users it is /General/home.jsf because login form is shared between different type of users. Where do i specify all these things? Secondly, i want to have a remember me checkbox at the end of login form. How do i do this? By default, it is submitted to j_security_check servlet and i have no control over its execution. Please help. This doesn't seem so hard but looks like i am missing something.

    Read the article

  • Security / Protecting code in JavaScript

    - by Evans
    With all the recent hype about JavaScript and HTML5 replacing Flash, I wanted to know - How would it be possible to protect client-side js code? Of course, it is possible to obfuscate it, but that would only make it a little harder. Also, for games which submit high scores to the server, wouldn't it be incredibly easy to modify those scores before they are sent to the server? I know even Flash files can be decompiled, but they can be obfuscated and flash decompilation is not as easy as modifying data in JS - could be done easily using a plugin such as Firebug. I'd like to know everyone's views on this.

    Read the article

  • Security Exception while implementing global search for Messaging

    - by Sunil
    I am trying to enable global search for messaging application (i.e., messages can be searched from home screen search box). I have followed all the steps given in http://developer.android.com/reference/android/app/SearchManager.html I am getting the following exception 04-16 12:49:26.917: ERROR/DatabaseUtils(102): java.lang.SecurityException: Permission Denial: reading com.android.providers.telephony.MmsSmsProvider uri content://mms-sms/search_suggest_query/m?limit=58 from pid=106, uid=10000 requires android.permission.READ_SMS I have set permission in MmsSmsProvider.java file for read, write sms and global search, but still I get this error. Can anyone help. Regards, Sunil.

    Read the article

  • how to connect to MSSQL using activerecord, JDBC, JTDS and Integrated Security

    - by Rob
    As per the above, I've tried: establish_connection(:adapter => "jdbcmssql", :url => "jdbc:jtds:sqlserver://myserver:1433/mydatabase;domain='mynetwork';", :username => 'user', :password=>'pass' ) establish_connection(:adapter => "jdbcmssql", :url => 'jdbc:jtds:sqlserver://myserver:1433/mydatabase;domain="mynetwork";user="mynetwork\user"' ) establish_connection(:adapter => "jdbcmssql", :url => "jdbc:jtds:sqlserver://myserver:1433/mydatabase;domain='mynetwork';", :username=>'user' ) establish_connection(:adapter => "jdbcmssql", :url => "jdbc:jtds:sqlserver://myserver:1433/mydatabase;domain='mynetwork';integratedSecurity='true'", :username=>'user' ) .. and various other combinations. Each time I get: net/sourceforge/jtds/jdbc/SQLDiagnostic.java:368:in `addDiagnostic': java.sql.SQLException: Login failed for user ''. The user is not associated with a trusted SQL Server connection. (NativeException) Any tips? Thanks, activerecord (2.3.5) activerecord-jdbc-adapter (0.9.6) activerecord-jdbcmssql-adapter (0.9.6) jdbc-jtds (1.2.5) jruby 1.4.0 (ruby 1.8.7 patchlevel 174) (2009-11-02 69fbfa3) (Java HotSpot(TM) Client VM 1.6.0_18) [x86-java]

    Read the article

  • Java reflection framework and security

    - by Jijoy
    Hi , Assume I have a singleton class in an external lib to my application. But still I can create instances of that particular class using reflection. Like this Class clas = Class.forName(Private.class.getName()); for(Constructor c : clas.getDeclaredConstructors()){ c.setAccessible(true); Private p = (Private) c.newInstance(); System.out.println(p); } How can I restrict this ? . Thanks J

    Read the article

  • security issue on web application using firebug

    - by Suresh S
    Guys i have developed a web application in jsp . I have many javscript validation for text validation in the jsp page.while during the testing , i enabled firebug in firefox and cleared a function that validates and submits to a servlet.The web application allows to submit garbage value of the textfiedl . how to overcome this ? any solutions?

    Read the article

  • Understanding Security Certificates (and thier pricing)

    - by John Robertson
    I work at a very small company so certificate costs need to be absolutely minimal. However for some applications we do Need to have our customers get that warm fuzzy not-using-a-self-signed certificate feeling. Since creating a "certificate authority" with makecert really just means creating a public/private key pair, it seems pretty clear that creating a public/private key pair FROM such a "certificate authority" really just means generating a second public/private key pair and signing both with the private key that belongs to the "certificate authority". Since the keys are signed anyone can verify they came from the certificate authority I created, or if verisign gave me the pair they sign it with one of their own private keys, and anyone can use verisigns corresponding public key to confirm verisign as the source of the keys. Given this I don't understand when I go to verisign or godaddy why they have rates only for yearly plans, when all I really want from them is a single public/private key pair signed with one of their private keys (so that anyone else can use their public keys to confirm that, yes, they gave me that public/private key pair and they confirmed I was who I said I was so you can trust my public/private key pair as belonging to a legitimate third party). Clearly I am misunderstanding something, what is it? Does verisign retire their public/private key pairs periodically so that my verisign signed key pair "expires" and I need new ones?

    Read the article

  • Getting back from security & location to my application

    - by sandman42
    Hi, I have an application that allows the user to enable GPS. In order to do it, first in the main activity I do: lm = (LocationManager) getSystemService(Context.LOCATION_SERVICE); if (!lm.isProviderEnabled(LocationManager.GPS_PROVIDER)){ showGpsOptions(); } showGpsOptions() is: private void showGpsOptions() { Intent gpsOptionsIntent = new Intent(android.provider.Settings.ACTION_LOCATION_SOURCE_SETTINGS); startActivityForResult(gpsOptionsIntent, BACK_FROM_GPS_ACT); } and finally I override main activity onActivityResult in this way: protected void onActivityResult(int requestCode, int resultCode, Intent data) { if (requestCode == BACK_FROM_GPS_ACT){ ; } super.onActivityResult(requestCode, resultCode, data); } Problem: the page show up and works, but when I press back I get back to home screen. Question: how can I get back to my application? Thanks a lot

    Read the article

  • ajax security ?

    - by Tony
    When I look back my codes that written earlier time, I found something terribly bad. Whenever I want to delete a record in the database, I did like this : $.post("deleteAction.do",{recordId:10}); I cannot prevent a malicious user visit my database operation url directly : deleteAction.do?recordId=10 What's the solution for this kind of problem ?

    Read the article

  • Rails multi level model security

    - by rballz
    I have the need to do the following in Rails to mirror a desktop application: a User and an Office 'owns' a record, if you don't own the record on a user or office level you're kicked into the public realm. user gets read,write,delete to the model record office gets read/write/delete to the model record other or public gets read/write/delete to the model record e.g. UserA owns a model record with read/write/delete OfficeA owns a model with read/write other/public gets read I was wondering if a plugin/gem existed to grant this functionality?

    Read the article

  • Flash Security help needed

    - by Ela
    Hi, I am developing a player and i want to make it for only one domain usage for one download. If user needs again then again hew needs to download another version from my site. How can i make it. Please some one tell me

    Read the article

  • Will these security functions be enough? (PHP)

    - by ggfan
    I am trying to secure my site so I don't have sql injections and xss scripting. Here's my code. //here's the from, for brevity, i just show a field for users to put firstname <form> <label for="first_name" class="styled">First Name:</label> <input type="text" id="first_name" name="first_name" value="<?php if (!empty($first_name)) echo $first_name; ?>" /><br /> //submit button etc </form> if (isset($_POST['submit'])) { //gets rid of extra whitesapce and escapes $first_name = mysqli_real_escape_string($dbc, trim($_POST['first_name'])); //check if $first_name is a string if(!is_string($first_name) { echo "not string"; } //then insert into the database. ....... } mysqli_real_espace_string: I know that this func escapes certain letters like \n \r, so when the data gets inputted into the dbc, it would have '\' next to all the escaped letters? --Will this script be enough to prevent most sql injections? just escaping and checking if the data is a string. For integers values(like users putting in prices), i just: is_numeric(). --How should I use htmlspecialchars? Should I use it only when echoing and displaying user data? Or should I also use this too when inputting data to a dbc? --When should I use strip_tags() or htmlspecialchars? SOO with all these function... if (isset($_POST['submit'])) { //gets rid of extra whitesapce and escapes $first_name = mysqli_real_escape_string($dbc, trim($_POST['first_name'])); //check if $first_name is a string if(!is_string($first_name) { echo "not string"; } //gets rid of any <,>,& htmlspecialchars($first_name); //strips any tags with the first name strip_tags($first_name) //then insert into the database. ....... } Which funcs should I use for sql injections and which ones should I use for xss?

    Read the article

< Previous Page | 118 119 120 121 122 123 124 125 126 127 128 129  | Next Page >