Search Results

Search found 3588 results on 144 pages for 'digital certificate'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 128/144 | < Previous Page | 124 125 126 127 128 129 130 131 132 133 134 135  | Next Page >

  • Connecting to a Websphere MQ in Java with SSL/Keystore

    - by javaExpert
    I'd like to connect to a Websphere 6.0 MQ via Java. I have already working code for a "normal" queue, but now I need to access a new queue which is SSL encrypted (keystore). I have been sent a file called something.jks, which I assume is a certificate I need to store somewhere. I have been searching the net, but I can't find the right information. This is the code I use for the "normal" queue. I assume I need to set some property, but not sure which one. MQQueueConnectionFactory connectionFactory = new MQQueueConnectionFactory(); connectionFactory.setChannel(channel_); connectionFactory.setHostName(hostname_); connectionFactory.setPort(port_); connectionFactory.setQueueManager(queueManager_); connectionFactory.setTransportType(1); connectionFactory.setSSsetSSLCertStores(arg0) Connection connection = connectionFactory.createConnection(); connection.setExceptionListener(this); session_ = connection.createSession(DEFAULT_TRANSACTED, DEFAULT_ACKMODE); connection.start(); javax.jms.Queue fQueue = session_.createQueue(queue_); consumer = session_.createConsumer(fQueue);

    Read the article

  • WCF net.tcp bindings, message formats and security questions

    - by RemotecUk
    Hi, sorry for the stupid questions but there are just some things about WCF I cant get my head around. Would be greatful for some advice on the following.... At a very basic level is it correct that WCF uses either Binary (Net.Tcp), HTTP or MSMQ to transfer my message on the wire? However is it true that in all cases, regardless of how the data is transferred the message itself in in the SOAP format with headers and a body? So its a sort of XML message that is transmitted in either HTTP/S or in a binary format. Is Net.Tcp a good choice for my client server app - its similar to a messenger app in that the clients are all remote users on the other side of the firewall to my server. Most things I am reading are telling to use WS* and HTTP. Is Net.Tcp secured by standard and without certificates? - that is - people cannot listen on the wire and decode the data thats going to and from. Is it possible to send a username and password using net.tcp and without an installed certificate? If so I presume I can hook this up to my membership provider and authenticate access to each method on my service contract implementation. I presume that with username and password security, the proxy is initialised with the username and password and that this information is is sent with every request. Then my membership provider will be invoked for each method call and do whatever it needs to do to get the authorisation for the method. Sorry for the dump of questions but would be great to know if Im thinking the right way about how WCF works. Thanks.

    Read the article

  • iPhone Developer Program registration for UK trading partnership

    - by CMLloyd
    I have been looking into this for a long time and have found no definitive answer. I can't be the only person to have faced this problem and am wondering how you guys proceeded in similar cases. I'm part of a partnership, based in the UK, trading as, lets say, "ABCD iPhone Apps" (legally, a perfectly legitimate way of doing business). I've now developed an iPhone App and I want our company name ("ABCD iPhone Apps") to appear as the seller in the App Store. This way, any future Apps that we develop can all get released under the "ABCD iPhone Apps" aegis too. Given that we aren't an incorporated company (and probably never will be), is it possible for us to enroll in the iPhone Developer Program as a company? Or is there another solution? (Note: I do also have an Individual account but that is for personal projects and is in no way connected to the partnership, and shall remain that way) EDIT: I've just spoken to a guy at ADC UK and he tells me there is no other solution. For a company to be approved on the Developer Program, Apple needs to see a copy of the company's Certificate of Incorporation during the registration process, otherwise no approval.

    Read the article

  • Python PyQt Timer Firmata

    - by George Cullins
    Hello. I am pretty new to python and working with firmata I am trying to play around with an arduino . Here is what I want to happen: Set arduino up with an LED as a digital out Set potentiometer to analog 0 Set PyQt timer up to update potentiometer position in application Set a threshold in PyQt to turn LED on (Analog in has 1024bit resolution, so say 800 as the threshold) I am using this firmata library : Link Here is the code that I am having trouble with: import sys from PyQt4 import QtCore, QtGui from firmata import * # Arduino setup self.a = Arduino('COM3') self.a.pin_mode(13, firmata.OUTPUT) # Create timer self.appTimer = QtCore.QTimer(self) self.appTimer.start(100) self.appTimer.event(self.updateAppTimer()) def updateAppTimer(self): self.analogPosition = self.a.analog_read(self, 0) self.ui.lblPositionValue.setNum() I am getting the error message: Traceback (most recent call last): File "D:\Programming\Eclipse\IO Demo\src\control.py", line 138, in myapp = MainWindow() File "D:\Programming\Eclipse\IO Demo\src\control.py", line 56, in init self.appTimer.event(self.updateAppTimer()) File "D:\Programming\Eclipse\IO Demo\src\control.py", line 60, in updateAppTimer self.analogPosition = self.a.analog_read(self, 0) TypeError: analog_read() takes exactly 2 arguments (3 given) If I take 'self' out I get the same error message but that only 1 argument is given What is python doing implicitly that I am not aware of? Blockquote

    Read the article

  • Open source Java CMS for Google App Engine?

    - by markvgti
    I am looking for an open source Java CMS (Web CMS, actually) to run on Google App Engine. I have looked at related older questions on this topic (What CMS runs on Google AppEngine?, CMS over Google App Engine, with SEO etc.) but the problem is that they all largely list Python-based CMSes. Plus these questions are pretty old, and since GAE is a fast-moving target, I thought it might be worthwhile to ask again. I want a CMS for creating some websites (for myself and for others), but would rather not start writing one from scratch. A "good" (very subjective, I know) open source WCMS allows me to start using a product, while still being able to add to/extend the product/project. On the one hand I am looking for a somewhat mature product/project, on the other hand it's easier to start contributing to the development cycle of a young product/project (conflicting, I know :-). Here are some features that would be preferable: [X]HTML/XML/CSS based templating Ability to create multiple blogs Galleries Ability to create a "Downloads" section (is this pretty much standard?) Separate management for digital assets (images, PDFs, binary files etc.) Roles like "Administrator", "Editor", "Contributor" etc. (or their equivalents) Ability to move/reorganize pages Export to PDF Reformat content for printing Is the CMS you are about to suggest especially well-suited to publishing an online book? My idea is that while the book may be offered as a downloadable eBook, the latest, most current version will be the one available on the website.

    Read the article

  • Are there code signing certificates cheaper than US$99 per year? [closed]

    - by gerryLowry
    K Software discounts Comodo code signing certificates to US$99 per year. In the past, I've seen Commodo code signing certificates for US$80. I'm excluding CAcert which AFAIK are FREE but are not covered by browsers like Internet Explorer AFAIK. QUESTION: What is the best price per year for a code signing certificate? Thank you ~~ gerry (lowry) Edit: **THIS SHOULD NOT HAVE BEEN CLOSED** from the FAQ: http://stackoverflow.com/faq ---------------------------- What kind of questions can I ask here? Programming questions, of course! As long as your question is: * detailed and specific <====== YES! * written clearly and simply <====== YES! * of interest to other programmers <====== YES! I've been programming for over 40 years. http://gerrylowryprogrammer.com/ I've taught computer programming at the community college level. I'm a Star level contributer to forums.asp.net. http://forums.asp.net/members/gerrylowry.aspx IMO, I've a very good idea what is of interest to other programmers. MORE INFORMATION http://en.wikipedia.org/wiki/Code_signing http://msdn.microsoft.com/en-us/library/ms537361%28VS.85%29.aspx also: via Google: code signing Ensuring the integrity of code and executables that one distributes is just as much about programming as is knowing how to flip bits in assembler, use delegates in C#, and use the BDD context/specification still of "test first testing".

    Read the article

  • How do I use WS-Security with WCF?

    - by Jonathan Allen
    Below is the style of header I need to create. I am expected to use either a public/private key or a SSL style certificate. I don't know for certain, but I think my counter-party is using some form of Java. <soap-env:Header> <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext"> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#secinfo"> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>xxxxxxxxxxxxx</ds:DigestValue> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> <ds:XPath>//*[@id='secinfo']/child::*/text()</ds:XPath> </ds:Transform> </ds:Transforms> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>xxxxxxxxxxds:SignatureValue> <ds:KeyInfo> <ds:KeyName>xxxxxxx</ds:KeyName> </ds:KeyInfo> </ds:Signature> <t:UsernameToken xmlns:t="http://schemas.xmlsoap.org/ws/2002/04/secext" id="secinfo"> <t:UserInfo>USER=xxxx;CORR=xxxx;TIMESTAMP=201003161916</t:UserInfo> </t:UsernameToken> </wsse:Security> </soap-env:Header>

    Read the article

  • java RMI newbie-- some basic questions about SSL and auth/.rate limiting an RMI service

    - by Arvind
    I am trying to work to secure a java based RMI service using SSL. I have some basic questions about the capabilities of using SSL. Specifically, from what I understand, the client and server connecting via SSL will need to have appropriate credential certificates in both client and server, for a client to be granted access to the server. Am I correct in my understanding? Also, what I want to know is, can a person who is already using my RMI service and has access to a client machine , make a copy of the certificate in the client machine to other client machines-- and then invoke my RMI service from those other machines as well? How do I prevent such a situation from occurring? I mean, in a REST API you can use OAuth authentication, can we have some kind of authentication in an RMI Service? Also, can I possibly limit usage of the RMI service? For eg, a specific client may be allowed to make only 5000 calls per day to my RMI service, and if he makes more calls the calls occurring after the 5000 calls limit are all denied? How do I do such rate limiting and/or authentication for my RMI Service?

    Read the article

  • sproutcore vs javascriptMVC for web app development

    - by swami
    Hi, I want to use a javascript framework with MVC for a complex web application (which will be one of a set of related apps and pages) for an intranet in a digital archives. I have been looking at SproutCore and JavascriptMVC. I want to choose one framework and stick with it. Does anybody know what the distinguishing features are when comparing these two? I want something that is simple, straightforward that I can customize/hack easily, and that doesn't get in my way too much, but that at the same time gives me a basis for keeping my code nicely organized, and event-driven. I also plan on using jquery substantially. I know sproutcore is backed by Apple, and looks like it is getting more popular by the day, and it has a nice green website :), whereas JavascriptMVC looks less professional, with less of a following and less momentum behind it. I've done the tutorials for both and I was impressed by SproutCore more (in the JMVC tutorial you don't really do anything substantial) - but somewhere in the back of my mind I feel that JMVC might just be better because it doesn't try and do too much - it just gives you MVC functionality based on a couple of jquery plugins, and you can use jquery for everything else, so its flexible. Whereas SproutCore seems to have more of its own API etc... which is also nice in a way... but then you're kind of stuck within that.... hmmm I'm confused :). Any thoughts would be much appreciated.

    Read the article

  • 3x3 Sobel operator and gradient features

    - by pithyless
    Reading a paper, I'm having difficulty understanding the algorithm described: Given a black and white digital image of a handwriting sample, cut out a single character to analyze. Since this can be any size, the algorithm needs to take this into account (if it will be easier, we can assume the size is 2^n x 2^m). Now, the description states given this image we will convert it to a 512-bit feature (a 512-bit hash) as follows: (192 bits) computes the gradient of the image by convolving it with a 3x3 Sobel operator. The direction of the gradient at every edge is quantized to 12 directions. (192 bits) The structural feature generator takes the gradient map and looks in a neighborhood for certain combinations of gradient values. (used to compute 8 distinct features that represent lines and corners in the image) (128 bits) Concavity generator uses an 8-point star operator to find coarse concavities in 4 directions, holes, and lagrge-scale strokes. The image feature maps are normalized with a 4x4 grid. I'm for now struggling with how to take an arbitrary image, split into 16 sections, and using a 3x3 Sobel operator to come up with 12 bits for each section. (But if you have some insight into the other parts, feel free to comment :)

    Read the article

  • How would the conversion of a custom CMS using a text-file-based database to Drupal be tackled?

    - by James Morris
    Just today I've started using Drupal for a site I'm designing/developing. For my own site http://jwm-art.net I wrote a user-unfriendly CMS in PHP. My brief experience with Drupal is making me want to convert from the CMS I wrote. A CMS whose sole method (other than comments) of automatically publishing content is by logging in via SSH and using NANO to create a plain text file in a format like so*: head<<END_HEAD title = Audio keywords= open,source,audio,sequencing,sampling,synthesis descr = Music, noise, and audio, created by James W. Morris. parent = home END_HEAD main<<END_MAIN text<<END_TEXT Digital music, noise, and audio made exclusively with @=xlink=http://www.linux-sound.org@:Linux Audio Software@_=@. END_TEXT image=gfb@--@;Accompanying image for penonpaper-c@right ilink=audio_2008 br= ilink=audio_2007 br= ilink=audio_2006 END_MAIN info=text<<END_TEXT I've been making PC based music since the early nineties - fortunately most of it only exists as tape recordings. END_TEXT ( http://jwm-art.net/dark.php?p=audio - There's just over 400 pages on there. ) *The jounal-entry form which takes some of the work out of it, has mysteriously broken. And it still required SSH access to copy the file to the main dat dir and to check I had actually remembered the format correctly and the code hadn't mis-formatted anything (which it always does). I don't want to drop all the old content (just some), but how much work would be involved in converting it, factoring into account I've been using Drupal for a day, have not written any PHP for a couple of years, and have zero knowledge of SQL? How might a team of developers tackle this? How do-able is it for one guy in his spare time?

    Read the article

  • Custom SSL handling stopped working on Android 2.2 FroYo

    - by Eric
    For my app, Transdroid, I am connecting to remote servers via HTTP and optionally securely via HTTPS. For these HTTPS connections with the HttpClient I am using a custom SSL socket factory implementation to make sure self-signed certificates are working. Basically, I accept everything and ignore every checking of any certificate. This has been working fine for some time now, but it no longer work for Android 2.2 FroYo. When trying to connect, it will return an exception: java.io.IOException: SSL handshake failure: I/O error during system call, Broken pipe Here is how I initialize the HttpClient: SchemeRegistry registry = new SchemeRegistry(); registry.register(new Scheme("http", new PlainSocketFactory(), 80)); registry.register(new Scheme("https", (trustAll ? new FakeSocketFactory() : SSLSocketFactory.getSocketFactory()), 443)); client = new DefaultHttpClient(new ThreadSafeClientConnManager(httpParams, registry), httpParams); I make use of a FakeSocketFactory and FakeTrustManager, of which the source can be found here: http://code.google.com/p/transdroid/source/browse/#svn/trunk/src/org/transdroid/util Again, I don't understand why it suddenly stopped work, or even what the error 'Broken pipe' means. I have seen messages on Twitter that Seesmic and Twidroid fail with SSL enabled on FroYo as well, but am unsure if it's related. Thanks for any directions/help!

    Read the article

  • Authenticating to Google Search Appliance using Basic HTTP auth and ASP.NET (VB)

    - by Chainlink
    I've run into a snag though which has to do with authentication between the Google Search Appliance and ASP. Normally, when asking for secure pages from the search appliance, the search appliance asks for credentials, then uses these credentials to try and access the secure results. If this attempt is successful, the page shows up in the results list. Since ASP is contacting the search appliance on the client's behalf, it will need to collect credentials and pass them along to the search appliance. I have tried a couple of different documented ways of accomplishing this, but they don't seem to work. Below is the code I have tried: 'Bypass SSL since discovery.gov.mb.ca does not have valid SSL cert (NOT PRODUCTION SAFE) ServerCertificateValidationCallback = New System.Net.Security.RemoteCertificateValidationCallback(AddressOf customXertificateValidation) googleUrl = "https://removed.com" Dim rdr As New XmlTextReader(googleUrl) Dim resolver As New XmlUrlResolver() Dim myCred As New System.Net.NetworkCredential("USERNAME", "PASSWORD", Nothing) Dim credCache As New CredentialCache() credCache.Add(New Uri(googleUrl), "Basic", myCred) resolver.Credentials = credCache rdr.XmlResolver = resolver doc = New System.Xml.XPath.XPathDocument(rdr) path = doc.CreateNavigator() Private Function customXertificateValidation(ByVal sender As Object, ByVal certificate As System.Security.Cryptography.X509Certificates.X509Certificate, ByVal chain As System.Security.Cryptography.X509Certificates.X509Chain, ByVal sslPolicyErrors As Net.Security.SslPolicyErrors) As Boolean Return True End Function

    Read the article

  • MessageSecurityException: The security header element 'Timestamp' with the '' id must be signed

    - by NiklasN
    I'm asking the same question here that I've already asked on msdn forums http://social.msdn.microsoft.com/Forums/en-US/netfxnetcom/thread/70f40a4c-8399-4629-9bfc-146524334daf I'm consuming a (most likely Java based) Web Service with I have absolutely no access to modify. It won't be modified even though I would ask them (it's a nation wide system). I've written the client with WCF. Here's some code: CustomBinding binding = new CustomBinding(); AsymmetricSecurityBindingElement element = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10); element.AllowSerializedSigningTokenOnReply = true; element.SetKeyDerivation(false); element.IncludeTimestamp = true; element.KeyEntropyMode = SecurityKeyEntropyMode.ClientEntropy; element.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.SignBeforeEncrypt; element.LocalClientSettings.IdentityVerifier = new CustomIdentityVerifier(); element.SecurityHeaderLayout = SecurityHeaderLayout.Lax; element.IncludeTimestamp = false; binding.Elements.Add(element); binding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8)); binding.Elements.Add(new HttpsTransportBindingElement()); EndpointAddress address = new EndpointAddress(new Uri("url")); ChannelFactory<MyPortTypeChannel> factory = new ChannelFactory<MyPortTypeChannel>(binding, address); ClientCredentials credentials = factory.Endpoint.Behaviors.Find<ClientCredentials>(); credentials.ClientCertificate.Certificate = myClientCert; credentials.ServiceCertificate.DefaultCertificate = myServiceCert; credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; service = factory.CreateChannel(); After this every request done to the service fails in client side (I can confirm my request is accepted by the service and a sane response is being returned) I always get the following exception MessageSecurityException: The security header element 'Timestamp' with the '' id must be signed. By looking at trace I can see that in the response there really is a timestamp element, but in the security section there is only a signature for body. Can I somehow make WCF to ingore the fact Timestamp isn't signed?

    Read the article

  • Mathematical annotations in a PDF file

    - by kvaruni
    I like to annotate papers I read in a digital way. Numerous programs exist to help in this process. For example, on OS X one can use programs such as Skim or even Preview. However, making annotations is dreadful when one wishes to add mathematical annotations, such as formulas or greek letters. A cumbersome "solution" is to select the desired symbol one by one using the Special Characters palette, though this considerably slows down the annotation process. Is there any way to add mathematical annotations to a PDF? The only two limitations that I would impose on a solution is that 1) the mathematical text needs to be selectable, i.e. it must be text and 2) I want to limit the number of programs I need to make the process as painless as possible. Some of the more promising solutions I have tried include generating LaTeX with LaTeXiT, but it seems to be impossible to add a PDF on top of another PDF. Another attempt was to use jsMath to generate the symbols and copy-paste these as annotation using one of the jsMath fonts. This results in unreadable, incorrect characters.

    Read the article

  • WCF Service in Azure with ClaimsIdentity over SSL

    - by Sunil Ramu
    Hello , Created a WCF service as a WebRole using Azure and a client windows application which refers to this service. The Cloud Service is refered to a certificate which is created using the "Hands On Lab" given in windows identity foundation. The Web Service is hosted in IIS and it works perfect when executed. I've created a client windows app which refers to this web service. Since WIF Claims identity is used, I have a claimsAuthorizationManager Class, and also a Policy class with set of defilned policies. The Claims is set in the web.config file. When I execute the windows app as the start up project, the app prompts for authentication, and when the account credentials are given as in the config file, it opens a new "Windows Card Space" Window and Says "Incoming Policy Failed". When I close the window the System throws and Exception The incoming policy could not be validated. For more information, please see the event log. Event Log Details Incoming policy failed validation. No valid claim elements were found in the policy XML. Additional Information: at System.Environment.get_StackTrace() at Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException ie) at Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception e) at Microsoft.InfoCards.Diagnostics.InfoCardTrace.ThrowHelperError(Exception e) at Microsoft.InfoCards.InfoCardPolicy.Validate() at Microsoft.InfoCards.Request.PreProcessRequest() at Microsoft.InfoCards.ClientUIRequest.PreProcessRequest() at Microsoft.InfoCards.Request.DoProcessRequest(String& extendedMessage) at Microsoft.InfoCards.RequestFactory.ProcessNewRequest(Int32 parentRequestHandle, IntPtr rpcHandle, IntPtr inArgs, IntPtr& outArgs) Details: System Provider [ Name] CardSpace 3.0.0.0 EventID 267 [ Qualifiers] 49157 Level 2 Task 1 Keywords 0x80000000000000 EventRecordID 6996 Channel Application EventData No valid claim elements were found in the policy XML. Additional Information: at System.Environment.get_StackTrace() at Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException ie) at Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception e) at Microsoft.InfoCards.Diagnostics.InfoCardTrace.ThrowHelperError(Exception e) at Microsoft.InfoCards.InfoCardPolicy.Validate() at Microsoft.InfoCards.Request.PreProcessRequest() at Microsoft.InfoCards.ClientUIRequest.PreProcessRequest() at Microsoft.InfoCards.Request.DoProcessRequest(String& extendedMessage) at Microsoft.InfoCards.RequestFactory.ProcessNewRequest(Int32 parentRequestHandle, IntPtr rpcHandle, IntPtr inArgs, IntPtr& outArgs)

    Read the article

  • Anyone got a nifty credit expiry algorithm?

    - by garethkeenan
    Our website uses a credit system to allow users to purchase inexpensive digital goods (eg. photos). We use credits, rather than asking the user to pay for items individually, because the items are cheap and we are trying to keep our credit-card/PayPal overhead low. Because we aren't a bank, we have to expire credits after a certain amount of time. We expire deposit credits after a year, but other types of credits (bonuses, prizes, refunds) may have a different shelf-life. When a buyer buys an item, we spend the credit that is going to expire first. Our current system keeps track of every deposit by storing the original value and the remainder to be spent. We keep a list of all purchases as well, of course. I am currently moving to a system which is much more like a traditional double-entry accounting system. A deposit will create a ledger item, increasing the user's 'spending' account balance. Every purchase will also create a ledger item, decreasing the user's 'spending' account balance. The new system has running balances, while the old system does not, which greatly improves our ability to find problems and do reconciliations. We do not want to use the old system of keeping a 'remainder' value attached to each deposit record because it is inefficient to replay a user's activities to calculate what the remainder of each deposit is over time (for the user's statement). So, after all of this verbose introduction, my question is "Does anyone else out there have a similar system of expiring credits?" If you could describe how you calculate expired credits it would be a great help. If all expired credits had the exact same shelf life, we would be able to calculate the expired amount using: Total Deposits - Total Spending - Deposits Not Due To Expire = Amount to Expire However, because deposits can have different shelf lives, this formula does not work because more than one deposit can be partially spent at any given time.

    Read the article

  • SSL with private key on an HSM

    - by Jason
    I have a client-server architecture in my application that uses SSL. Currently, the private key is stored in CAPI's key store location. For security reasons, I'd like to store the key in a safer place, ideally a hardware signing module (HSM) that is built for this purpose. Unfortunately, with the private key stored on such a device, I can't figure out how to use it in my application. On the server, I am simply using the SslStream class and the AuthenticateAsServer(...) call. This method takes an X509Certificate object that has its private key loaded, but since the private key is stored in a secure (e.g. non exportable) location on the HSM, I don't know how to do this. On the client, I am using an HttpWebRequest object and then using the ClientCertificates property to add my client authentication certificate, but I have the same problem here: how do I get the private key? I know there are some HSMs that act as SSL accelerators but I don't really need an accelerator. Also, these products tend to have special integration with web servers such as IIS and Apache which I'm not using. Any ideas? The only thing I can think of would be to write my own SSL library that would allow me to hand off the signing portion of the transaction to the HSM, but this seems like a huge amount of work.

    Read the article

  • Check for modification failure in content Integration using VisualSVN Server and Cruisecontrol.net

    - by harun123
    I am using CruiseControl.net for continous integration. I've created a repository for my project using VisualSvn server (uses Windows Authentication). Both the servers are hosted in the same system (Os-Microsoft Windows Server 2003 sp2). When i force build the project using CruiseControl.net "Failed task(s): Svn: CheckForModifications" is shown as the message. When i checked the build report, it says as follows: BUILD EXCEPTION Error Message: ThoughtWorks.CruiseControl.Core.CruiseControlException: Source control operation failed: svn: OPTIONS of 'https://sp-ci.sbsnetwork.local:8443/svn/IntranetPortal/Source': **Server certificate verification failed: issuer is not trusted** (https://sp-ci.sbsnetwork.local:8443). Process command: C:\Program Files\VisualSVN Server\bin\svn.exe log **sameUrlAbove** -r "{2010-04-29T08:35:26Z}:{2010-04-29T09:04:02Z}" --verbose --xml --username ccnetadmin --password cruise --non-interactive --no-auth-cache at ThoughtWorks.CruiseControl.Core.Sourcecontrol.ProcessSourceControl.Execute(ProcessInfo processInfo) at ThoughtWorks.CruiseControl.Core.Sourcecontrol.Svn.GetModifications (IIntegrationResult from, IIntegrationResult to) at ThoughtWorks.CruiseControl.Core.Sourcecontrol.QuietPeriod.GetModifications(ISourceControl sourceControl, IIntegrationResult lastBuild, IIntegrationResult thisBuild) at ThoughtWorks.CruiseControl.Core.IntegrationRunner.GetModifications(IIntegrationResult from, IIntegrationResult to) at ThoughtWorks.CruiseControl.Core.IntegrationRunner.Integrate(IntegrationRequest request) My SourceControl node in the ccnet.config is as shown below: <sourcecontrol type="svn"> <executable>C:\Program Files\VisualSVN Server\bin\svn.exe</executable> <trunkUrl> check out url </trunkUrl> <workingDirectory> C:\ProjectWorkingDirectories\IntranetPortal\Source </workingDirectory> <username> ccnetadmin </username> <password> cruise </password> </sourcecontrol> Can any one suggest how to avoid this error?

    Read the article

  • Invalid iPhone Application Binary

    - by Kristopher Johnson
    I'm trying to upload an application to the iPhone App Store, but I get this error message from iTunes Connect: The binary you uploaded was invalid. The signature was invalid, or it was not signed with an Apple submission certificate. My guess is that it is not properly signed. I have downloaded my App Store distribution certficate, but I can't figure out how to "sign" my application with it. The SDK's documentation about code signing is not very helpful. (FWIW, I can install the app on my iPhone just fine using the development provisioning profile.) However, it is possible that I screwed things up on a more basic level. Here's what I did to try to prepare it for upload: In Xcode, select the Device|Release target Select the target and click the Info button. Change "Code Signing Identity" to "iPhone Distribution", and change "Code Signing Provisioning Profile" to my App Store distribution profile. Build Go to the directory where the built MyApp.app bundle is, control-click and choose "Compress" to create MyApp.zip Upload MyApp.zip to the App Store via iTunes Connect (which resulted in the above error message). Can anybody give me any hints? Edit: Found someone with the same problem. Unfortunately, he won't tell us how he fixed it. http://www.rhonabwy.com/wp/2008/07/18/seattlebus-diary-ongoing-update-saga/#comments http://www.rhonabwy.com/wp/2008/07/22/seattlebus-diary-update-is-pending-review/ (Note: For general information on submitting iPhone applications to the App Store, see Steps to upload an iPhone application to the AppStore.)

    Read the article

  • Secure Webservice (WCF) without storing credentials on consumer application

    - by Pai Gaudêncio
    Howdy folks, I have a customer that sells a lottery analysis application. In this application, he consumes a webservice (my service, I mean, belongs to the company I work for now) to get statistical data about lottery results, bets made, amounts, etc., from all across the globe. The access to this webservice is paid, and each consult costs X credits. Some people have disassembled this lottery application and found the api key/auth key used to access the paid webservice, and started to use it. I would like to prevent this from happening again, but I can't find a way to authenticate on the webservice without storing the auth. keys on the application. Does anyone have any ideas on how to accomplish such task? ps1.Can't ask for the users to input any kind of credentials. Has to be transparent for them (they shouldn't know what is happening). ps2. Can't use digital certificates for the same reason above, not to mention it's easy to retrieve them and we would fall into the original problem. Thanks in advance.

    Read the article

  • Help securing files access with htaccess and php?

    - by bschaeffer
    I'm working on a site that allows users to purchase digital content and have implemented a method that attempts to serve secure downloads. I'm using CodeIgniter to force downloads like this: $file = file_get_contents($path); force_download("my_file_name.zip", $file); Of course, I make sure the user has access to the file using a database before serving the download, but I was wondering if there was a way to make these files more secure. I'm using a some 8-10 letter keys to create the file paths so urls to the files aren't exactly easy to figure out... something like http://mysite.com/as67Hgr/asdo0980/uth89.zip in lieu of http://mysite.com/downloads/my_file.zip. Also, I'm using .htaccess to deny directory browsing like so: Options All -Indexes. Other than that... I have no idea what steps to take. I've seen articles suggesting username and password methods using .htaccess, but I don't understand how to bypass the password prompt that would occur using that method. I was hoping there might be a method where I could send a username and password combination using headers and cUrl (or something similar), but I wouldn't know where to start. Any help would be hugely appreciated. Thanks in advance!

    Read the article

  • as3crypto PEM.readRSAPublicKey returns null

    - by www.jefferyfernandez.id.au
    I am trying to implement a bit of encryption in my Air application while communication with a PHP backend server. For this purpose I am using as3crypto library and I can't read the public key to make the encryption possible. Here is my action script code: var rsa:RSAKey = PEM.readRSAPublicKey(this.readApplicationFileContents('server.crt')); if ( rsa ) { var encodeSource:ByteArray = Hex.toArray(Hex.fromString("Hello World")); var encodeDestination:ByteArray = new ByteArray; var encodeDestination2:ByteArray = new ByteArray; rsa.encrypt(encodeSource, encodeDestination, encodeSource.length) rsa.decrypt(encodeDestination, encodeDestination2, encodeDestination.length); trace(encodeDestination2.toString()); } private function readApplicationFileContents(filePath:String):String { var fileObject:File = File.applicationDirectory.resolvePath(filePath); var fileStream:FileStream = new FileStream(); fileStream.open(fileObject, FileMode.READ); var fileContents:String = fileStream.readUTFBytes(fileStream.bytesAvailable); return(fileContents); } readApplicationFileContents function returns the proper certificate contents as a string. But rsa variable always returns null. It would have been easier if I was able to compile the as3crypto library so I can debug through the source, but I can't get the library to compile and can't find any instructions to do the same. Anyone have a clue what's wrong? PS. Sorry first time poster and I can't seem to get the syntax highlighting right. Must be Chrome is not working well with the editor.

    Read the article

  • Help with php code - need to add condition to make one link https

    - by Kaskade
    Hi, I have a wordpress blog and I need to make one of the pages secure. I have been told to make the link to that page point to https://claimpage.html as opposed to http://claimpage.html. The problem is I don't actually create the menu that links the user to the individual pages. This is done automatically by the code in the background. I think I need to put in some sort of an IF statement, saying, if the title of the page is "claim now" then use https otherwise use http. I found this code in the header.php so I think my changes need to go in here but I'm not really sure what to do. <div id="navbar"> <ul class="menu"> <li class="<?php if ( is_home() ) { ?>current_page_item<?php } else { ?>page_item<?php } ?>"><a href="<?php echo get_settings('home'); ?>"><?php _e('Home'); ?></a></li> <?php wp_list_pages('sort_column=id&depth=1&title_li='); ?> <?php wp_register('<li>','</li>'); ?> </ul> </div> <!-- end of #navbar --> Any suggestions as to how I can make one page that I know the title and url or https while the others are kept using normal http? The site is hosted on a secure server so I do have an ssl certificate.

    Read the article

  • are there code signing certificates cheaper than US $99 per year? [closed]

    - by gerryLowry
    ksoftware discounts Commodo code signing certificates to US $99 per year. in the past, I've seen Commodo code signing certificates for US $80. I'm excluding CAcert which AFAIK are FREE but are not covered by browsers like IE AFAIK. QUESTION: What is the best price per year for a code signing certificate? Thank you ~~ gerry (lowry) Edit: **THIS SHOULD NOT HAVE BEEN CLOSED** from the FAQ: http://stackoverflow.com/faq ---------------------------- What kind of questions can I ask here? Programming questions, of course! As long as your question is: * detailed and specific <====== YES! * written clearly and simply <====== YES! * of interest to other programmers <====== YES! I've been programming for over 40 years. http://gerrylowryprogrammer.com/ I've taught computer programming at the community college level. I'm a Star level contributer to forums.asp.net. http://forums.asp.net/members/gerrylowry.aspx imo, I've a very good idea what is of interest to other programmers. MORE INFORMATION Ensuring the integrity of code and executables that one distributes is just as much about programming as is knowing how to flip bits in assembler, use delegates in c#, and use the BDD context/specification still of "test first testing".

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 124 125 126 127 128 129 130 131 132 133 134 135  | Next Page >