Search Results

Search found 15035 results on 602 pages for 'request'.

Page 136/602 | < Previous Page | 132 133 134 135 136 137 138 139 140 141 142 143  | Next Page >

• Replay attacks for HTTPS requests

  - by MatthewMartin

  Let's say a security tester uses a proxy, say Fiddler, and records an HTTPS request using the administrator's credentials-- on replay of the entire request (including session and auth cookies) the security tester is able to succesfully (re)record transactions. The claim is that this is a sign of a CSRF vulnerability. What would a malicious user have to do to intercept the HTTPS request and replay it? It this a task for script kiddies, well funded military hacking teams or time-traveling-alien technology? Is it really so easy to record the SSL sessions of users and replay them before the tickets expire? No code in the application currently does anything interesting on HTTP GET, so AFAIK, tricking the admin into clicking a link or loading a image with a malicious URL isn't an issue.

  Read the article

• Reading data from a socket, considerations for robustness and security

  - by w.brian

  I am writing a socket server that will implement small portions of the HTTP and the WebSocket protocol, and I'm wondering what I need to take into consideration in order to make it robust/secure. This is my first time writing a socket-based application so please excuse me if any of my questions are particularly naive. Here goes: Is it wrong to assume that you've received an entire HTTP request (WebSocket request, etc) if you've read all data available from the socket? Likewise, is it wrong to assume you've only received one request? Is TCP responsible for making sure I'm getting the "message" all at once as sent by the client? Or do I have to manually detect the beginning and end of each "message" for whatever protocol I'm implementing? Regarding security: What, in general, should I be aware of? Are there any common pitfalls when implementing something like this? As always, any feedback is greatly appreciated.

  Read the article

• Why release the NSURLConnection instance in this statement?

  - by aquaibm

  I read this in a book. -(IBAction) updateTweets { tweetsView.text = @""; [tweetsData release]; tweetsData = [[NSMutableData alloc] init]; NSURL *url = [NSURL URLWithString:@"http://twitter.com/statuses/public_timeline.xml" ]; NSURLRequest *request = [[NSURLRequest alloc] initWithURL: url]; NSURLConnection *connection = [[NSURLConnection alloc] initWithRequest:request delegate:self]; [connection release]; [request release]; [activityIndicator startAnimating]; } In this statement,is that correct to release the "connection" instance at that time? After releasing it which means this NSURLConnection instance will be destroyed since it's reference count is 0 ,how are we going to make this connection operation work? THANKS.

  Read the article

• Error calling webservice from JQuery

  - by Robban

  I have a strange problem when I'm trying to call a simple webservice method from Jquery. Locally it works fine, but on my test-server it does not. The jquery request looks like this (only showing the actual request and not the rest of the method): $.ajax({ type: "POST", url: "/Service/Service.asmx/AddTab", data: "tab=" + element.innerHTML, success: function(msg) { alert('success'); } }); When I run this locally from the test-server it works fine, which has me wondering if it could be some setting that I've missed in the IIS. If I navigate to the .asmx file and click the AddTab method I get a list of SOAP 1.1 and SOAP 1.2 XML, but not the HTTP POST request. If I navigate to it locally I get all three (SOAP 1.1, SOAP 1.2 and HTTP Post) The service is set up as follows: [WebService(Namespace = "mynamespace")] [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] [System.ComponentModel.ToolboxItem(false)] [ScriptService()] public class Service : System.Web.Services.WebService { [WebMethod(EnableSession=true)] [ScriptMethod()] public void AddTab(string tab) { //Some code to add a tab which evidently works locally... } } Anyone have a clue what I'm missing here?

  Read the article

• Logic for controll concurrent in block or funciton

  - by Hlex

  1)My environment is web application, I accept large request from selvets. A) In some block/method i want to control concurrent to not greater than 5 B) if there are 5 request in that block , the new coming must wait up to 60 second then throws error C) if there are sleep/waiting request most then 30,throws error How I do this? 2)(Optional Question) from above I have to distribute control logic to all clustered host. I plan to use hazelcast to share the control logic (e.g. current counter) I see they provide BlockingQueue & ExectorService but I have no idea how to use in my case. Please recommend if you have idea.

  Read the article

• How can I set controls for a web page ??

  - by Rami Jarrar

  I have this login page with https, and i reach to this approach:: import ClientForm import urllib2 request = urllib2.Request("http://ritaj.birzeit.edu") response = urllib2.urlopen(request) forms = ClientForms.ParseResponseEx(response) response.close() f = forms[0] username = str(raw_input("Username: ")) password = str(raw_input("Password: ")) ## Here What To Do request2 = form.click() i get the controls of that page >>> f = forms[0] >>> [c.name for c in f.controls] ['q', 'sitesearch', 'sa', 'domains', 'form:mode', 'form:id', '__confirmed_p', '__refreshing_p', 'return_url', 'time', 'token_id', 'hash', 'username', 'password', 'persistent_p', 'formbutton:ok'] so how can i set the username and password controls of the "non-form form" f ??? and i have another problem,, how to know if its the right username and password ??

  Read the article

• RESTFul, statelesness and sessions

  - by Per Arneng

  RESTFul service has a rule that it should be stateless. By beeing that it does not allow a session to be created and maintained by sending a session key between the client and the server and then holding a session state on the server. If i look at the definition in wikipedia of stateless server http://en.wikipedia.org/wiki/Stateless_server "A stateless server is a server that treats each request as an independent transaction that is unrelated to any previous request" It states that it should be unrelated to any previous request. In practice this means that any type of authentication will be comparing the credentials of a user to a state on the server that was created by a previous operation. So a service called login is related to and dependent on the state that has been created by previous requests (ex: create_user and/or change_password). In my view you are breaking statelessnes by doing authentication. My point is that people are complaining about having sessions in RESTFul is breaking statelesness but doing authentication is also breaking the same rule. What do you think?

  Read the article

• Not Seeing Ajax Requests In Firebug If Header Has Been Modified

  - by FluidFoundation

  Hey braintrust, I'm making an ajax call using jQuery's library to an api, which requires a username and password encoded to base64 be added to the header. here's a basic example: $.ajax({ type: "GET", contentType: 'application/json', beforeSend:function(xhr){ xhr.setRequestHeader("Authentication", "Basic " + base64EncodedValue); } url: 'https://api.company.com/uri/', complete: function(result) { alert(result); } }); But when this fires off, I get a black alert box, so it doesn't appear as if something is coming back. There is no log in the Firebug console that a get ajax request was done. However, if I remove the beforeSend option, I do see the ajax request get logged, but the request gets back a 'not authorized', so it definitely hit the right place. Any ideas on why it's not showing up in Firebug so I can verify the headers are being sent out correctly?

  Read the article

• http_post_data basic authentication?

  - by kristian nissen

  I have a remote service that I need to access, according to the documentation it's restricted using basic authentication and all requests have to be posted (HTTP POST). The documentation contains this code example - VB script: Private Function SendRequest(ByVal Url, ByVal Username, ByVal Password, ByVal Request) Dim XmlHttp Set XmlHttp = CreateObject("MSXML2.XmlHttp") XmlHttp.Open "POST", Url, False, Username, Password XmlHttp.SetRequestHeader "Content-Type", "text/xml" XmlHttp.Send Request Set SendRequest = XmlHttp End Function how can I accomplish this in PHP? When I post data to the remote server it replies: 401 Unauthorized Access which is fine because I'm not posting my user/pass just the data. Bu when I add my user/pass as it's describe here: http://dk.php.net/manual/en/http.request.options.php like this: $res = http_post_data('https://example.com', $data, array( 'Content-Type: "text/xml"', 'httpauth' => base64_encode('user:pass'), 'httpauthtype' => HTTP_AUTH_BASIC ) ); the protocol is https - I get a runtime error in return (it's a .Net service). I have tried it without the base64_encode but with the same result.

  Read the article

• Restfull authentication between two GAE apps.

  - by user259349

  Hello everyone, i am trying to write a restful google app engine application (python) that accepts requests only from another GAE that i wrote. I dont like any of the ways that i thought of to get this done, please advice if you know of something better than: Get SSL setup, and simply add the credentials on the request that my consuming app will send. I dont like it cause SSL will slow things down. Security by obsecurity. Pass a long number by my consuming app that is in Xmod0, where X is a secret number that both applications know. I just,,,, dont like this. Check the HTTP header to see where is the request coming from. This option is the one that i hate the least, not alot of processing, and spoofing an HTTP request is not really worth it, for my application's data. Is there any other clean solution for this?

  Read the article

• Passing parameters thru Ruby's OAuth

  - by JP

  I'm using Mirven's Twitter OAuth Sinatra example and trying to figure out how I can send a 'next page' parameter with the Oauth request: ie. The user attempts to visit /edit/profile which requires a login so I redirect to /request which deals with login via twitter - I now want to be able to redirect the user to the address they were originally looking for if they log in successfully. I thought I could do this in the .get_request_token line with this code: @request_token = @consumer.get_request_token({:oauth_callback => "http://#{request.host}/auth"},{:next => params['next'] || '/'}) But params has no additional items in the /auth handler. I'm new to OAuth, how would I go about doing this?

  Read the article

• ajax call returns null in my facebook iframe !!!

  - by uhsp

  Hi, I am using jquery to send an ajax request from my facebook app which is in iframe to my server. The ajax request works fine when the web app is running stand alone and out of facebook platform, but within facebook, the result that I get from my ajax request is blank !!! Here is the code I use: $.ajax({ url: 'http://mydomain.com/search', data: params, cache: false, dataType: 'json', success: function(posts) { // post is null !!!!! } error: function(json) { alert('error'); } }); I appreciate if anybody can help me with it. Thanks. uhsp

  Read the article

• How do I verify the URL that ActiveResource intends to use on a call?

  - by btelles

  Hi there, I'm trying to request data from another Rails app, but I keep getting a "URL not found" error. Is it possible to use the debugger to figure out the intended URL and parameters for an intended ActiveResource call? For example, I'd like to make a GET request with the following parameters: https://some_server.com/employees/search.xml?last_name=smith And I have the following ActiveResource model class Employee < ActiveResource::Base self.site = "https://.some_server.com" end And the some_server.com app has a search action that maps this way: map.connect "/employees/search.:format", :controller => 'employees', :action => 'search' But when I try this: Employee.new(:last_name => 'smith).get(:search) I get a 404 "Service not found" error. To me, that sounds like the URL that ACtiveResource is requesting is incorrect, 'cause when I make the above request via a browser, I get the xml. Any idea what I'm doing wrong? Cheerio, Berns

  Read the article

• django blog - post- reply system display replies

  - by dana

  I have a mini blog app, and a reply system. I want to list all mini blog entries, and their replies, if there are any. i have in views.py def profile_view(request, id): u = UserProfile.objects.get(pk=id) paginator = New.objects.filter(created_by = request.user) replies = Reply.objects.filter(reply_to = paginator) return render_to_response('profile/publicProfile.html', { 'object_list': u, 'list':paginator, 'replies':replies }, context_instance=RequestContext(request)) and in the template: <h3>Recent Entries:</h3> {% for object in list %} <li>{{ object.post }} <br /> {% for object in replies %} {{ object.reply }} <br /> {% endfor %} mention : reply_to is a ForeignKey to New, and New is the name of the 'mini blog' table But it only shows all the replies for each blog entry, not the reply for every entry, if there is one thanks

  Read the article

• cleaned_data() doesn't have some of the entered data

  - by SC Ghost

  I have a simple form for a user to enter in Name (CharField), Age(IntegerField), and Sex(ChoiceField). However the data that is taken from the Sex choice field is not showing up in my cleaned_data(). Using a debugger, I can clearly see that the data is being received in the correct format but as soon as I do form.cleaned_data() all sign of my choice field data is gone. Any help would be greatly appreciated. Here is the relative code: class InformationForm(forms.Form): Name = forms.CharField() Age = forms.IntegerField() Sex = forms.ChoiceField(SEX_CHOICES, required=True) def get_information(request, username): if request.method == 'GET': form = InformationForm() else: form = RelativeForm(request.POST) if form.is_valid(): relative_data = form.cleaned_data

  Read the article

• ASP.NET OutPutCache VaryByParam and VaryByHeader with AJAX

  - by DennyDotNet

  I'm trying to do some caching using VaryByParam AND VaryByHeader. When an AJAX request comes in I return a partial XHTML. When a regular request comes in I send the partial XHTML page with header / footer. I tried to cache the page by doing: [OutputCache( Duration = 5, VaryByParam = "nickname,page", VaryByHeader = "X-Requested-With" )] However this doesn't work... if I do a regular request first then run the AJAX call I get the full cached page instead of the partial and vice-versa. Seems like VaryByHeader is being ignored. Is it because X-Requested-With is omitted on normal requests? Or perhaps it's doing VaryByParam OR VaryByHeader? My obvious way around this is for AJAX requests to call a different method which only returns partial pages, however I'd like to avoid that if possible. I'm using ASP.NET MVC 1.0 with the OutputCacheAttribute.

  Read the article

• Using a Filter to serve a specific page?

  - by user246114

  Hi, I am using a class which implements Filter for my jsp stuff. It looks like this: public class MyFilter implements Filter { public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { request.getRequestDispatcher("mypage.jsp").forward(request, response); } } So the target, "mypage.jsp", is just sitting in my top-level directory. The filter works fine if I'm entering urls like: http://www.mysite.com/foo http://www.mysite.com/boo but if I enter a trailing slash, I'll get a 404: http://www.mysite.com/foo/ http://www.mysite.com/boo/ HTTP ERROR: 404 /foo/mypage.jsp RequestURI=/foo/mypage.jsp it seems if I enter the trailing slash, then the filter thinks I want it to look for mypage.jsp in subfolder foo or boo, but I really always want it to just find it at: http://www.mysite.com/mypage.jsp how can I do that? Thank you

  Read the article

• Navigation Bar from database

  - by KareemSaad

  i had soulation .i want to make navigation bar with items i will select them as (category,Product,....) So i made stored to get them throught paramater will pass it,s value from query string as. ALTER Proc Navcategory ( @Category_Id Int ) As Select Distinct Categories.Category,Categories.Category_Id From Categories Where Category_Id=@Category_Id and i mentioned in cs as if (Request.QueryString["Category_Id"] != null) { Banar.ImageUrl = "Handlers/Banner.ashx?Category_Id=" + Request.QueryString["Category_Id"] + ""; using (SqlConnection conn = Connection.GetConnection()) { SqlCommand cmd = new SqlCommand(); cmd.Connection = conn; cmd.CommandType = CommandType.StoredProcedure; cmd.CommandText = "Navcategory"; cmd.Parameters.Add(Parameter.NewInt("@Category_Id", Request.QueryString["Category_Id"])); SqlDataReader dr = cmd.ExecuteReader(); if (dr.Read()) { LblNavigaton.Visible = true; LblNavigaton.Text = dr["Category"].ToString(); } } } so the result will be ex. Fridge (Category when querstring(category_Id)) 4Door (Product when querystring (Product_Id)) But I want the result fridge4Door.......

  Read the article

• Service design or access to another process

  - by hotyi

  I have a cache service,it's works as .net remoting, i want to create another windows service to clean up the that cache service by transfer the objects from cache to files. because they are in separate process, is their any way i could access that cache service or do i have to expose a method from the cache service to do that clean up work? the "clean up" means i want to serialize the object from Cache to file and these saved file will be used for further process. let me explain this application more detail. the application is mainly a log service to log all the coming request and these request will be saved to db for further data mining. we have 2 design for this log system 1) use MSMQ, but seems it's performance is not good enough, we don't use it. 2) we design a cache service, each request will be saved into the cache, and we need another function to clean up the cache by serialize the object to file.

  Read the article

• Active Directory public key use

  - by Chris Meadows

  I have a client who has a requirement to validate users logging into my web application against his active directory using LDAP. In trying to connect using the DirectoryEntry and DirectorySearcher .NET classes, I can connect to his AD Server but not access it. The client's AD server has an SSL Certificate for which he has given me a public key file but I don't know how to use this public key file in my C# code. When I issue the connect command through code, I see, via Wireshark, my application sending the connection request. I then see the server responding with "Server Hello, Certificate, Certificate Request, Server Hello Done". Then my application never responds after that. In using another application, written by somebody else for which I do not have code, I see the same request from the server and then see the application respond with "Certificate, Client Key Exchange" and then the application connects and runs. With that said, my question then becomes, how can I get my C# application to load and send the key file I got from the client?

  Read the article

• If you delete a DOM element, do any events that started with that element continue to bubble?

  - by Matt

  What behavior should I expect if I delete a DOM element that was used to start an event bubble, or whose child started the event bubble - will it continue to bubble if the element is removed? For example - lets say you have a table, and want to detect click events on the table cells. Another piece of JS has executed an AJAX request that will eventually replace the table, in full, once the request is complete. What happens if I click the table, and immediately after the table gets replaced by a successful completion of an AJAX request? I ask because I am seeing some behavior where the click events don't seem to be bubbling - but it is hard to duplicate. I am watching the event on a parent element of the table (instead of attaching the event to every TD), and it just doesn't seem to reach it sometimes.

  Read the article

• Is there a limit on the number of mutex objects that can be created in a Windows process?

  - by young-phillip

  I'm writing a c# application that can create a series of request messages. Each message could have a response, that needs to be waited on by a consumer. Where the number of outstanding request messages is constrained, I have used the windows EVENT to solve this problem. However, I know there is a limit on how many EVENT objects can be created in a single process, and in this instance, its possible I might exceed that limit. Does anyone know if there is a similar limit on creation of mutex objects or semaphores? I know this can be solved by some sort of pool of shared resources, that are grabbed by consumers when they need to wait, but it would be more convenient if each request message could have its own sync object.

  Read the article

• jquey ajax upload file in asp.net mvc

  - by CoffeeCode

  i have a file in my view <form id="upload" enctype="multipart/form-data"> <input type="file" name="fileUpload" id="fileUpload" size="23" /><br /> </form> and an ajax request $.ajax({ url: '<%=Url.Action("JsonSave","Survey") %>', dataType: 'json', processData: false, contentType: "multipart/mixed", data: { Id: selectedRow.Id, Value: 'some date was added by the user here :))' }, cache: false, success: function(data) { } }); but there is no file in the Request.Files. Whats wrong with the ajax request?

  Read the article

• HttpRequestValidationexception on Asp.Net MVC

  - by elranu

  I’m getting an HttpRequestValidationexception with this error message: “A potentially dangerous Request.Form value was detected from the client”. But I have AllowHtml on the property that I’m getting the error. The problem is that later in my code I’m getting the following property to know in witch format I will show my view ControllerContext.HttpContext.Request.Params.AllKeys.Contains("format"). And on this “Param Getter” I’m getting the error. Let’s say my code is similar to the following: public class House { [AllowHtml] public string Text { get; set; } public string Name { get; set; } } [HttpPost, ValidateAntiForgeryToken] public ActionResult CreateTopic(House h) { //business code if(ControllerContext.HttpContext.Request.Params.AllKeys.Contains("format")) { Return view; } } How can I solve this? I already try with the ValidateInput(false) attribute on the controller action method. Any idea?

  Read the article

• django m2m how can i get m2m table elements in a view

  - by dana

  i have a model using m2m feature: class Classroom(models.Model): user = models.ForeignKey(User, related_name = 'classroom_creator') classname = models.CharField(max_length=140, unique = True) date = models.DateTimeField(auto_now=True) open_class = models.BooleanField(default=True) members = models.ManyToManyField(User,related_name="list of invited members", through = 'Membership') and i want to take all members of one class in a view and display them using the template system. In the view, i'm trying to take all the members from a classroom like that: def inside_classroom(request,classname): try: theclass = Classroom.objects.get(classname = classname) members = Members.objects.all() etc but it doesn't work,(though the db_table is named Classroom_Members) i guess i have to use another query for getting all the members from the classroom classname. also, i want to verify if the request.user is a member using (if request.user in members) how can i het those members? Thanks in advance!

  Read the article

< Previous Page | 132 133 134 135 136 137 138 139 140 141 142 143  | Next Page >