Search Results

Search found 20283 results on 812 pages for 'security context'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 126/812 | < Previous Page | 122 123 124 125 126 127 128 129 130 131 132 133  | Next Page >

  • Why does CGPDFPageGetDrawingTransform() crash with SIGABRT when specifying a rotation?

    - by David
    When I call CGPDFPageGetDrawingTransform() with a rotation argument, the application crashes. If I specify no rotation, there is no crash. Here is my drawLayer:inContext: method: - (void)drawLayer:(CALayer*)layer inContext:(CGContextRef)context { CGContextSetRGBFillColor(context, 1.0, 1.0, 1.0, 1.0); CGRect boundingBox = CGContextGetClipBoundingBox(context); CGContextFillRect(context, boundingBox); //convert to UIKit native coodinate system CGContextTranslateCTM(context, 0.0, self.bounds.size.height); CGContextScaleCTM(context, 1.0, -1.0); //Rotate the pdf_page CGAffineTransform pfd_transform = CGPDFPageGetDrawingTransform(self.page, kCGPDFCropBox, self.frame, 58.46f, true); CGContextSaveGState (context); CGContextConcatCTM (context, pfd_transform); CGContextClipToRect (context, self.frame); CGContextDrawPDFPage (context, self.page); CGContextRestoreGState (context); } In the long run, I would like to rotate the pdf dynamically to follow a users heading. Maybe I am going at this all wrong... Thank you for your time.

    Read the article

  • Best Pratice to Implement Secure Remember Me

    - by Yan Cheng CHEOK
    Sometimes, I came across certain web development framework which doesn't provide authentication feature as in Authenication ASP.NET I was wondering what is the security measure needs to be considered, when implementing "Remember Me" login feature, by hand coding? Here are the things I usually did. 1) Store the user name in cookie. The user name are not encrypted. 2) Store a secret key in cookie. The secret key is generated using one way function based on user name. The server will verify secret key against user name, to ensure this user name is not being changed. 3) Use HttpOnly in cookie. http://www.codinghorror.com/blog/2008/08/protecting-your-cookies-httponly.html Any things else I could miss out, which could possible lead a security hole.

    Read the article

  • How to implement a good system for login/out into a webapp

    - by Brandon Wang
    I am one of the developers at PassPad, a secure password generator and username storage system. We're still working on it, but I have a few questions on the best way to implement a secure login/out system. Right now, what we plan on doing is to have the login system save a cookie with the username and a session key, and that's all that serves as authentication. The server verifies the two to match. Upon login/out a new key is created. This is a security-related webapp and while we don't actually store any information that might make the user queasy, because it is security-oriented it makes it a necessity for us to at least appear secure in a way that the user would be happy with. Is there a better way to implement a login/out system in PHP? Preferably it won't take too much coding time or server resources. Is there anything else I need to implement, like brute-force protection, etc? How would I go about that?

    Read the article

  • remove schema from linq datacontexts

    - by Jeremy
    When I add stored procedures to a linq datacontext, by default visual studio prefixes the stored procedure with the sql schema that it is in. Is there any way to stop this? In our environment, the stored procedures may be moved to other schemas over time, and we will default the schema based on the sql user used to connect. Do I have to do this manually or can I somehow turn off the schema prefixes?

    Read the article

  • What are the weaknesses of this user authentication method?

    - by byronh
    I'm developing my own PHP framework. It seems all the security articles I have read use vastly different methods for user authentication than I do so I could use some help in finding security holes. Some information that might be useful before I start. I use mod_rewrite for my MVC url's. Passwords are sha1 and md5 encrypted with 24 character salt unique to each user. mysql_real_escape_string and/or variable typecasting on everything going in, and htmlspecialchars on everything coming out. Step-by step process: Top of every page: session_start(); session_regenerate_id(); If user logs in via login form, generate new random token to put in user's MySQL row. Hash is generated based on user's salt (from when they first registered) and the new token. Store the hash and plaintext username in session variables, and duplicate in cookies if 'Remember me' is checked. On every page, check for cookies. If cookies set, copy their values into session variables. Then compare $_SESSION['name'] and $_SESSION['hash'] against MySQL database. Destroy all cookies and session variables if they don't match so they have to log in again. If login is valid, some of the user's information from the MySQL database is stored in an array for easy access. So far, I've assumed that this array is clean so when limiting user access I refer to user.rank and deny access if it's below what's required for that page. I've tried to test all the common attacks like XSS and CSRF, but maybe I'm just not good enough at hacking my own site! My system seems way too simple for it to actually be secure (the security code is only 100 lines long). What am I missing? I've also spent alot of time searching for the vulnerabilities with mysql_real_escape string but I haven't found any information that is up-to-date (everything is from several years ago at least and has apparently been fixed). All I know is that the problem was something to do with encoding. If that problem still exists today, how can I avoid it? Any help will be much appreciated.

    Read the article

  • Java: InitialContext.lookup(String) - what should the value o the parametr be?

    - by bguiz
    To instantiate a Stateful Session Bean inside of a JSP/ servlet, I am using: InitialContext ic = new InitialContext(); SomeStateful state = (SomeStateful) ic.lookup("java:comp/env/SomeStatefulBean"); Trial and error had me prefix the name of my EJB with java:comp/env/, so the above works (on Glassfish 2.1). However I want to know what the proper way to obtain this prefix is. Is there a CLI tool or function somewhere in the admin panel that will allow we to examine/ alter this? Is this platform/ application server dependant? Is there a setting within my ear, EJB-jar or war which I can examine or alter for this? (Forgive the beginner question) Thanks!

    Read the article

  • code throws std::bad_alloc, not enough memory or can it be a bug?

    - by Andreas
    I am parsing using a pretty large grammar (1.1 GB, it's data-oriented parsing). The parser I use (bitpar) is said to be optimized for highly ambiguous grammars. I'm getting this error: 1terminate called after throwing an instance of 'std::bad_alloc' what(): St9bad_alloc dotest.sh: line 11: 16686 Aborted bitpar -p -b 1 -s top -u unknownwordsm -w pos.dfsa /tmp/gsyntax.pcfg /tmp/gsyntax.lex arbobanko.test arbobanko.results Is there hope? Does it mean that it has ran out of memory? It uses about 15 GB before it crashes. The machine I'm using has 32 GB of RAM, plus swap as well. It crashes before outputting a single parse tree. The parser is an efficient CYK chart parser using bit vector representations; I presume it is already near the limit of memory efficiency. If it really requires too much memory I could sample from the grammar rules, but this will decrease parse accuracy of course.

    Read the article

  • How to secure authiorization of methods

    - by Kurresmack
    I am building a web site in C# using MVC.Net How can I secure that no unauthorized persons can access my methods? What I mean is that I want to make sure that only admins can create articles on my page. If I put this logic in the method actually adding this to the database, wouldn't I have business logic in my data layer? Is it a good practise to have a seperate security layer that is always in between of the data layer and the business layer to make? The problem is that if I protect at a higher level I will have to have checks on many places and it is more likely that I miss one place and users can bypass security. Thanks!

    Read the article

  • Using WCF HttpBindings on a LAN

    - by dcw
    We have a WCF-based client server that operates over a LAN. We've been getting along ok by using the NetTcpBinding, chosen because we couldn't get either HttpBinding to work between hosts. (Within a single host works fine, but is not useful for the production environment.) We're now back at the point where we want to explore using either BasicHttpBinding or WsHttpBinding, but we simply can't see the server from the client: even putting in the path to the endpoint into IE fails to see the server. Is there something simple we've overlooked? We're not specifying any security settings (or anything else, for that matter). Should we be doing so (e.g. explicitly setting security settings to None)?

    Read the article

  • Dealing with passwords securely

    - by Krt_Malta
    Hi I have a Java web service and a Java web client making use of this service. One of the functions is to create a new user account. My two concerns are: How will I send the user's password securely from the client. How will I store the user's password securely on the server. How can I achieve these? I know the theory basically behind security, security algorithms etc but can anyone give me some advice on how I should go about in coding? Could anyone point me to some good (and if possible not complicated) examples to follow since I found some examples on the Internet very contorted? Thanks a lot and regards, Krt_Malta

    Read the article

  • Strange error with CreateCompatibleDC

    - by sevaxx
    Maybe this is a foolish question, I can't see why I can not get a DC created in the following code : HBITMAP COcrDlg::LoadClippedBitmap(LPCTSTR pathName,UINT maxWidth,UINT maxHeight) { HBITMAP hBmp = (HBITMAP)::LoadImage(NULL, pathName, IMAGE_BITMAP, 0, 0, LR_LOADFROMFILE | LR_CREATEDIBSECTION); if (!hBmp) return NULL; HDC hdc = (HDC)GetDC(); HDC hdcMem = CreateCompatibleDC(hdc); if (!hdcMem) { DWORD err = GetLastError(); } ... ... ... The bitmap hBmp is loaded fine and hdc has a valid value. But the call to CreateCompatibleDC() returns a NULL pointer. Then, GetLastError() returns 0 ! Anybody can guess what's going on here , please ? PS : There are no memory allocations or GDI routines called before this one...so I think memory leaks should be ruled out.

    Read the article

  • DataGrid: How to style or disable the default ContextMenu of a Cell

    - by Nike
    I use DataGrid with DataGridTextColumns. How can I style or disable the default ContextMenu of a Cell? I tried to add a style for DataGridCell: <DataGrid.CellStyle> <Style TargetType="{x:Type DataGridCell}"> <Setter Property="ContextMenu" Value="{x:Null}"/> </Style> </DataGrid.CellStyle> but it doesn't work. As I understand, it is a TextBox inside a Cell when the Cell in edit mode. I tried also to add a style for TextBox, but it have an effect only on TextBoxes in XAML, but not on the DataGrid cells.

    Read the article

  • Android: Having trouble creating a subclass of application to share data with multiple Activities

    - by Mike
    Hello, I just finished a couple of activities in my game and now I was going to start to wire them both up to use real game data, instead of the test data I was using just to make sure each piece worked. Since multiple Activities will need access to this game data, I started researching the best way to pass this data to my Activities. I know about using putExtra with intents, but my GameData class has quite a bit of data and not just simple key value pairs. Besides quite a few basic data types, it also has large arrays. I didn't really want to try and pass all that, unless I can pass the entire object, instead of just key/data pairs. I read the following post and thought it would be the way to go, but so far, I haven't got it to work. Android: How to declare global variables? I created a simple test app to try this method out, but it keeps crashing and my code seems to look the same as in the post above - except I changed the names. Here is the error I am getting. Can someone help me understand what I am doing wrong? 12-23 00:50:49.762: ERROR/AndroidRuntime(608): Caused by: java.lang.ClassCastException: android.app.Application It crashes on the following statement: GameData newGameData = ((GameData)getApplicationContext()); Here is my code: package mrk.examples.StaticGameData; import android.app.Application; public class GameData extends Application { private int intTest; GameData () { intTest = 0; } public int getIntTest(){ return intTest; } public void setIntTest(int value){ intTest = value; } } // My main activity package mrk.examples.StaticGameData; import android.app.Activity; import android.content.Intent; import android.os.Bundle; import android.util.Log; public class StaticGameData extends Activity { int intStaticTest; /** Called when the activity is first created. */ @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.main); GameData newGameData = ((GameData)getApplicationContext()); newGameData.setIntTest(0); intStaticTest = newGameData.getIntTest(); Log.d("StaticGameData", "Well: IntStaticTest = " + intStaticTest); newGameData.setIntTest(1); Log.d("StaticGameData", "Well: IntStaticTest = " + intStaticTest + " newGameData: " + newGameData.getIntTest()); Intent intentNew = new Intent(this, PassData2Activity.class); startActivity (intentNew); } } // My test Activity to see if it can access the data and its previous state from the last activity package mrk.examples.StaticGameData; import android.app.Activity; import android.os.Bundle; import android.util.Log; public class PassData2Activity extends Activity { @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.main); GameData gamedataPass = ((GameData)getApplicationContext()); Log.d("PassData2Activity", "IntTest = " + gamedataPass.getIntTest()); } } Below is the relevant portion of my manifest: <application android:icon="@drawable/icon" android:label="@string/app_name"> <activity android:name=".StaticGameData" android:label="@string/app_name"> <intent-filter> <action android:name="android.intent.action.MAIN" /> <category android:name="android.intent.category.LAUNCHER" /> </intent-filter> </activity> <activity android:name=".PassData2Activity"></activity> </application> <application android:name=".GameData" android:icon="@drawable/icon" android:label="@string/app_name"> </application> Thanks in advance for helping me understand why this code is crashing. Also, if you think this is just the wrong approach to let multiple activities have access to the same data, please give your suggestion. Please keep in mind that I am talking about quite a few variables and some large arrays.

    Read the article

  • Is it possible for a XSS attack to obtain HttpOnly cookies?

    - by Dan Herbert
    Reading this blog post about HttpOnly cookies made me start thinking, is it possible for an HttpOnly cookie to be obtained through any form of XSS? Jeff mentions that it "raises the bar considerably" but makes it sound like it doesn't completely protect against XSS. Aside from the fact that not all browser support this feature properly, how could a hacker obtain a user's cookies if they are HttpOnly? I can't think of any way to make an HttpOnly cookie send itself to another site or be read by script, so it seems like this is a safe security feature, but I'm always amazed at how easily some people can work around many security layers. In the environment I work in, we use IE exclusively so other browsers aren't a concern. I'm looking specifically for other ways that this could become an issue that don't rely on browser specific flaws.

    Read the article

  • Service not able to access a mapped drive.

    - by Rohit
    Hi All, I have read in many forums that mapped drives are not accessible from a service as no user is logged on. Question 1) I tried making my service as a log on - as some account and i had my network drive mapped in that very account. The service still cannot access it. Why? Question 2) From the same sevice, i invoke another process. Under what user account will the process run? Thanks

    Read the article

  • standard C++ grammar

    - by eSKay
    Does the standard specify the official C++ grammar? I searched, but did not find it anywhere. Also, I wish to read a bit about C++ grammar in detail, like which category of grammars it falls in, etc. Any links pointing me in the right direction would be helpful. By category, I meant

    Read the article

  • Web.xml: Are url-pattern tags relative to each other?

    - by sixtyfootersdude
    <servlet-mapping> <servlet-name>myName</servlet-name> <url-pattern>/aName</url-pattern> </servlet-mapping> <security-constraint> <web-resource-collection> ... <url-pattern> /* </url-pattern> </web-resource-collection> ... </security-constraint> This is an excerpt from web.xml (using it to configure a jboss/tomcat webservice). Just wondering if the url-pattern in web-resource-collection is relative to the url-pattern in servlet-mapping.

    Read the article

  • How do LL(*) parsers work?

    - by freezer878
    I cannot find any complete description about LL(*) parser, such as ANTLR, on Internet. I'm wondering what is the difference between an LL(k) parser and an LL(*) one and why they can't support left-recusrive grammars despite their flexibility.

    Read the article

  • What are the alternatives for Java authentication?

    - by Crusader
    Preferably something that integrates well with a Flex front end. Yes the Spring Security guys say this is possible, but all examples seem to use legacy jsp tag libraries making them half useless as examples. I don't want to spend a month setting up and learning how to use a security tool. I would like a tool which supports using annotations (@RolesAllowed etc), MINIMAL XML, and 'remember-me' features (not cookie based). Apache Shiro seems to support Flex/Silverlight/Swing as well but I'd like to know if there are any other alternatives that are NOT container specific.

    Read the article

  • Web.xml: Are url-pattern tags relitive to each other?

    - by sixtyfootersdude
    <servlet-mapping> <servlet-name>myName</servlet-name> <url-pattern>/aName</url-pattern> </servlet-mapping> <security-constraint> <web-resource-collection> ... <url-pattern> /* </url-pattern> </web-resource-collection> ... </security-constraint> This is an excerpt from web.xml (using it to configure a jboss/tomcat webservice). Just wondering if the url-pattern in web-resource-collection is relative to the url-pattern in servlet-mapping.

    Read the article

  • cannot convert ‘mcontext_t*’ to ‘sigcontext*’ in assignment

    - by user353573
    i have checked asm/ucontext.h it should be sigcontext, but why pop up the error message cannot convert ‘mcontext_t*’ to ‘sigcontext*’ in assignment #include <stdio.h> #include <signal.h> #include <asm/ucontext.h> static unsigned long target; void handler(int signum, siginfo_t *siginfo, void *uc0){ struct ucontext *uc; struct sigcontext *sc; uc = (struct ucontext *)uc0; sc = &uc->uc_mcontext; sc->eip = target; } struct ucontext { unsigned long uc_flags; struct ucontext *uc_link; stack_t uc_stack; struct sigcontext uc_mcontext; sigset_t uc_sigmask; /* mask last for extensibility */ };

    Read the article

  • @Secured not working

    - by user3640507
    I am new to spring and trying to implement Role based authorization with the help of @Secured annotation. I have a method which is specifically for ADMIN and I have written @Secured ("ROLE_ADMIN") to secure it. @Secured ("ROLE_ADMIN") public void HelloUser(String name) { System.out.println("Hello ADMIN"); } Now when I call this method by creating a class object it gets called eventhough user dont have ADMIN authority But when I dont create an object and use @autowired annotation instead then it works i.e User is not allowed to access this method. In my security.xml as well as servlet.xml I have added <global-method-security secured-annotations="enabled" /> Can some one please tell me where I am going wrong or is this the natural behaviour in spring ?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 122 123 124 125 126 127 128 129 130 131 132 133  | Next Page >