Search Results

Search found 4062 results on 163 pages for 'secure government ficam sicam'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 141/163 | < Previous Page | 137 138 139 140 141 142 143 144 145 146 147 148  | Next Page >

  • Password Cracking Windows Accounts

    - by Kevin
    At work we have laptops with encrypted harddrives. Most developers here (on occasion I have been guilty of it too) leave their laptops in hibernate mode when they take them home at night. Obviously, Windows (i.e. there is a program running in the background which does it for windows) must have a method to unencrypt the data on the drive, or it wouldn't be able to access it. That being said, I always thought that leaving a windows machine on in hibernate mode in a non-secure place (not at work on a lock) is a security threat, because someone could take the machine, leave it running, hack the windows accounts and use it to encrypt the data and steal the information. When I got to thinking about how I would go about breaking into the windows system without restarting it, I couldn't figure out if it was possible. I know it is possible to write a program to crack windows passwords once you have access to the appropriate file(s). But is it possible to execute a program from a locked Windows system that would do this? I don't know of a way to do it, but I am not a Windows expert. If so, is there a way to prevent it? I don't want to expose security vulnerabilities about how to do it, so I would ask that someone wouldn't post the necessary steps in details, but if someone could say something like "Yes, it's possible the USB drive allows arbitrary execution," that would be great! EDIT: The idea being with the encryption is that you can't reboot the system, because once you do, the disk encryption on the system requires a login before being able to start windows. With the machine being in hibernate, the system owner has already bypassed the encryption for the attacker, leaving windows as the only line of defense to protect the data.

    Read the article

  • Oracle data warehouse design - fact table acting as a dimension?

    - by Elizabeth
    THANKS: Both answers here are very helpful, but I could only pick one. I really appreciate the advice! our datawarehouse will be used more for workflow reports than traditional analytical reports. Our users care about "current picture" far more than history. (though history matters, too.) We are a government entity that does not have costs or related calculations. Mostly just counts of people within given locations and with related history. We are using Oracle, and I have found distinct advantage in using the star join whenever possible and would like to rearchitect everything to as closely resemble the star schema as is reasonable for our business uses. Speed in this DW is vital, and a number of tests have already proven the star schema approach to me. Our "person" table is key - it contains over 4 million records and will be the most frequently used source in queries. It can be seen at the center of a star with multiple dimensions (like age, gender, affiliation, location, etc.). It is a very LONG table, particularly when I join it to the address and contact information. However, it is more like a dimension table when we start looking at history. For example, there are two different history tables that have a person key pointing to the person table. One has over 20 million records and the other has almost 50 million and grows daily. Is this table a fact table or a dimension table? Can one work as both? If so, is that going to be a big performance problem? Is it common to query more off of a dimension than a fact? What happens if a DIFFERENT fact table that uses the person table as a dimension is actually only 60,000 records (much smaller.). I think my problem is that our data and use of it does not fit with the commonly use examples of star schemas. CLARIFICATION: Some good thoughts have been added below, but perhaps I left too much out to really explain well. Here's some more info: We handle a voter database. We don't have any measures except voter counts by various groups: voter counts by party, by age, by location; voter counts by ballot type and election, by ballot status and election, etc. We do have a "voting history" log as well as an activity audit log (change of address, party, etc.). We have information on which voters are election workers and all that related information. I figure I'll get to the peripheral stuff later. For now I'm focusing on our two major "business processes": voter registration(which IS a voter.) and election turnout. In the first, voter is a fact. In the second, voter is a dimension, along with party, election, and type of ballot. (and in case anyone is worried - no we don't know HOW people vote. Just that they do. LOL ) I hope that clarifies things a bit.

    Read the article

  • What precautions should you take when a senior employee leaves?

    - by Mahin
    EDIT : I agree one should check the reasons, why a senior level employee is leaving. But I am interested in knowing the official/management/technical/legal steps one should take after its decided that he is leaving, so that the life after him is smooth. What are the steps management should take when a senior programmer/team lead leaves your company. Some of them which I have thought about are : 1) If He used to manage hosting and domains stuff, change passwords of domain control panels and hosting panels. 2) If your published web sites have maintenance account and he is aware of credentials of that account then change this details also. 3) Suspend mail account for some time and forward all eMails of that account to some ex-employee account. After some time close that account. What are the other things one should check. I am expecting the answer to be a general check list one should follow. It should include both technical scenarios and management scenarios. Notable Suggestions so far : Effectively transfer the responsibilities of that employee to another one without causing any potential delay in your work. Protect your source code. If possible Make them to sign something to say that they don't have copies of source code.. You can also consider NDA here. Use the Notice Period to train his replacement. Now any new code to the project will be done by replacement with the help of Guy who is leaving. Ask him to create a document of things he thinks you should know. Make sure he checks everything in now and then any checkout will only be done by the replacement. Emails, copy off his email account to a pst.file (this assumes Outlook), Make this file available to his replacement. the employee should probably be given a chance to scrub the email. if you are going to keep his account open for whatever reason, check that no rules are created that forward incoming emails to an alternate address. Copy the hard drive of his computer to a network location and have someone senior go through and see if there are any files (drafts of performance reviews or other sensitive issues ) on it that someone else might need. Clearance from Accounts,Finance,Security,Library etc departments.Obtain all company property, laptops, keys, etc. If there is no reason not to, you should reward a departing person for their many years of service. Write them letters of recommendation (even if they already have a new job lined up).Say goodbye, and keep the door open. Make sure any outside clients know that the departing employee is not their main contact anymore. Never neglect the exit interview/debriefing. Confirm the last day of employment so that there is no misunderstanding Inform H/R if the employee is on H1B status, there is paperwork required to notify the government when an H1B employee leaves. Depending on how senior / what position, you might spend some time convincing him not to take the rest of the engineering staff with him. Make sure he spends his last days on a good note, because if he is not leaving on a good note, he can easily pollute the mind of his colleagues. Best Regards, Mahin Gupta EDIT : Now offered a bounty on it to get more detailed responses and practical suggestions.

    Read the article

  • Diffie-Hellman in Silverlight

    - by cmaduro
    I am trying to devise a security scheme for encrypting the application level data between a silverlight client, and a php webservice that I created. Since I am dealing with a public website the information I am pulling from the service is public, but the information I'm submitting to the webservice is not public. There is also a back end to the website for administration, so naturally all application data being pushed and pulled from the webservice to the silverlight administration back end must also be encrypted. Silverlight does not support asymmetric encryption, which would work for the public website. Symmetric encryption would only work on the back end because users do not log in to the public website, so no password based keys could be derived. Still symmetric encryption would be great, but I cannot securely save the private key in the silverlight client. Because it would either have to be hardcoded or read from some kind of config file. None of that is considered secure. So... plan B. My final alternative would be then to implement the Diffie-Hellman algorithm, which supports symmetric encryption by means of key agreement. However Diffie-Hellman is vulnerable to man-in-the-middle attacks. In other words, there is no guarantee that either side is sure of each others identity, making it possible for communication to be intercepted and altered without the receiving party knowing about it. It is thus recommended to use a private shared key to encrypt the key agreement handshaking, so that the identity of either party is confirmed. This brings me back to my initial problem that resulted in me needing to use Diffie-Hellman, how can I use a private key in a silverlight client without hardcoding it either in the code or an xml file. I'm all out of love on this one... is there any answer to this?

    Read the article

  • ASP.NET MVC - Entending the Authorize Attribute

    - by Mad Halfling
    Hi folks, currently I use [Authorize(Roles = ".....")] to secure my controller actions on my ASP.NET MVC 1 app, and this works fine. However, certain search views need to have buttons that route to these actions that need to be enabled/disabled based on the record selected on the search list, and also the security privs of the user logged in. Therefore I think I need to have a class accessing a DB table which cross-references these target controller/actions with application roles to determine the state of these buttons. This will, obviously, make things messy as privs will need to be maintained in 2 places - in that class/DB table and also on the controller actions (plus, if I want to change the access to the action I will have to change the code and compile rather than just change a DB table entry). Ideally I would like to extend the [Authorize] functionality so that instead of having to specify the roles in the [Authorize] code, it will query the security class based on the user, controller and action and that will then return a boolean allowing or denying access. Are there any good articles on this - I can't imagine it's an unusual thing to want to do, but I seem to be struggling to find anything on how to do it (could be Monday-morning brain). I've started some code doing this, looking at article http://schotime.net/blog/index.php/2009/02/17/custom-authorization-with-aspnet-mvc/ , and it seems to be starting off ok but I can't find the "correct" way to get the calling controller and action values from the httpContext - I could possibly fudge a bit of code to extract them from the request url, but that doesn't seem right to me and I'd rather do it properly. Cheers MH

    Read the article

  • How to switch users in a smooth way in a Point-Of-Sale system?

    - by Sanoj
    I am designing a Point-Of-Sale system for a small shop. The shop just have one Point-Of-Sale but often they are one to three users (sellers) in the shop. Each user have their own user account in the system so they login and logout very often. How should I design the login/logout system in a good way? For the moment the users don't use passwords, because it takes so long time to type the password each time they login. The Platform is Windows Vista but I would like to support Windows 7 too. We use Active Directory on the Network. The system is developed in Java/Swing for the moment, but I'm thinking about to change to C#.NET/WPF. I am thinking about an SmartCard solution, but I don't know if that fits my situation. It would be more secure (which I like) but I don't know if it will be easy to implement and smooth to use, i.e. can I have the POS-system running in the background or started very quickly when the users switch? Are SmartCard solutions very expensive? (My customers are small shops) Is it preferred to use .NET or Java in a SmartCard solution? What other solutions do I have other than passwords/no passwords/smartcards? How should I design the login/logout system in a good way? Is there any good solution using SmartCards for this purpose? I would like suggested solutions both for C#.NET/WPF and Java/Swing platforms. I would like suggested solutions both for Active Directory solutions and solutions that only use one user profile in Windows. How is this problem solved in similar products? I have only seen password-solutions, but they are clumsy.

    Read the article

  • Post a form from asp to asp.Net

    - by Atomiton
    I have a classic asp application. I want to post a contest form from that page to an Asp.Net form. The reason is that I want to use a lot of logic i have built into an Asp.Net page for validation before entering into the database and I don't know asp very well. Not to mention asp.Net being more secure. What's the best way to accomplish this goal? My thoughts are as follows: My asp Page: <html> <body> <form action="/Contests/entry.aspx" method="post"> Name: <input type="text" name="fname" size="20" /> Last Name: <input type="text" name="lname" size="20" /> <input type="submit" value="Submit" /> </form> </body> </html> aspx page is running in a Virtual Directory and would handle anything posted to it. Is this possible, or does aspx prevent this kind of thing? I ( preferably ) don't want to create the form in aspx as my colleague wants to have control of the page and build the html himself and I don't want the hassle of constantly changing it. Are there caveats I need to consider? What roadblocks will I run into? How do I access the Posted Form Values? Request.Form?

    Read the article

  • iPhone SQLite Password Field Encryption

    - by Louis Russell
    Good Afternoon Guys and Girls, Hopefully this will be a quick and easy question. I am building an App that requires the user to input their login details for an online service that it links to. Multiple login details can be added and saved as the user may have several accounts that they would like to switch between. These details will be stored in an SQLite database and will contain their passwords. Now the questions are: 1: Should these passwords be encrypted in the database? My instinct would say yes but then I do not know how secure the device and system is and if this is necessary. 2: If they should be encrypted what should I use? I think encrypting the whole database file sounds a bit over-kill so should I just encrypt the password before saving it to the database? If this is case what could I use to achieve this? I have found reference to a "crypt(3)" but am having trouble finding much about it or how to implement it. I eagerly await your replies!

    Read the article

  • SSL with private key on an HSM

    - by Jason
    I have a client-server architecture in my application that uses SSL. Currently, the private key is stored in CAPI's key store location. For security reasons, I'd like to store the key in a safer place, ideally a hardware signing module (HSM) that is built for this purpose. Unfortunately, with the private key stored on such a device, I can't figure out how to use it in my application. On the server, I am simply using the SslStream class and the AuthenticateAsServer(...) call. This method takes an X509Certificate object that has its private key loaded, but since the private key is stored in a secure (e.g. non exportable) location on the HSM, I don't know how to do this. On the client, I am using an HttpWebRequest object and then using the ClientCertificates property to add my client authentication certificate, but I have the same problem here: how do I get the private key? I know there are some HSMs that act as SSL accelerators but I don't really need an accelerator. Also, these products tend to have special integration with web servers such as IIS and Apache which I'm not using. Any ideas? The only thing I can think of would be to write my own SSL library that would allow me to hand off the signing portion of the transaction to the HSM, but this seems like a huge amount of work.

    Read the article

  • Securely store a password in program code?

    - by Nick
    My application makes use of the RijndaelManaged class to encrypt data. As a part of this encryption, I use a SecureString object loaded with a password which get's get converted to a byte array and loaded into the RajindaelManaged object's Key at runtime. The question I have is the storage of this SecureString. A user entered password can be entered at run-time, and that can be "securely" loaded into a SecureString object, but if no user entered password is given, then I need to default to something. So ultimately the quesiton comes down to: If I have to have some known string or byte array to load into a SecureString object each time my application runs, how do I do that? The "encrypted" data ultimately gets decrypted by another application, so even if no user entered password is specified, I still need the data to be encrypted while it goes from one app to another. This means I can't have the default password be random, because the other app wouldn't be able to properly decrypt it. One possible solution I'm thinking is to create a dll which only spits out a single passphrase, then I use that passphrase and run it through a couple of different hashing/reorganizing functions at runtime before I ultimately feed it into the secureString object. Would this be secure enough?

    Read the article

  • Cross-platform game development: ease of development vs security

    - by alcuadrado
    Hi, I'm a member and contributor of the Argentum Online (AO) community, the first MMORPG from Argentina, which is Free Software; which, although it's not 3D, it's really addictive and has some dozens of thousands of users. Really unluckily AO was developed in Visual Basic (yes, you can laugh) but the former community, so imagine, the code not only sucks, it has zero portability. I'm planning, with some friends to rewrite the client, and as a GNU/Linux frantic, want to do it cross-platform. Some other people is doing the same with the server in Java. So my biggest problem is that we would like to use a rapid development language (like Java, Ruby or Python) but the client would be pretty insecure. Ruby/Python version would have all it's code available, and the Java one would be easily decompilable (yes, we have some crackers in the community) We have consider the option to implement the security module in C/C++ as a dynamic library, but it can be replaced with a custom one, so it's not really secure. We are also considering the option of doing the core application in C++ and the GUI in Ruby/Python. But haven't analysed all it's implications yet. But we really don't want to code the entire game in C/C++ as it doesn't need that much performance (the game is played at 18fps on average) and we want to develop it as fast as possible. So what would you choose in my case? Thank you!

    Read the article

  • perl issuing os command with defined variables

    - by Vinnie Biros
    I am adding functionality into my scripts so that they can use kerberos authentication to run automatically and use secure protocols when executing. I have my functionality working for shell scripts that do exactly what i want, however i am having issues porting it to perl to work within my perl scripts as i am new to perl. Here is my working shell code and trying to get the same functionality in perl: #!/bin/sh ticketFileName=`basename $0-$$` #set filename variable to name of script plus the PID krb5CacheLocation=/tmp/$ticketFileName #set ticket cache location to /tmp + script name /usr/share/centrifydc/kerberos/bin/kinit -c $krb5CacheLocation -kt /root/.ssh/someaccount.keytab someaccount #get TGT and specifiy ticket cache location on kinit export KRB5CCNAME=$krb5CacheLocation #set the KRB5CCNAME variable to tell ssh where to look What i have attempted in perl: #!/usr/bin/perl my $ticketFileName = `basename $0-$$`; my $krb5CacheLocation = '/tmp/'.$ticketFileName; `export KRB5CCNAME=$krb5CacheLocation`; `/usr/share/centrifydc/kerberos/bin/kinit -c $krb5CacheLocation -kt /root/.ssh/unixmap0000.keytab unixmap0000`; Seems it is not liking the passed variable that i am referencing in the OS command. Anyone have any ideas or suggestions?

    Read the article

  • Problem with authentication from different domains using Django sessions.

    - by Greg
    Hi all, I am developing a bookmarklet which essentially adds a toolbar to a web page user is currently looking at. To use it, user needs to be logged in. To login user clicks on 'Singin' which displays a standard form containing Username, Password etc fields. When user successfully logs in they may chose to navigate to a different web-site. When on another page, they (a) re-load the bookmarklet (b) their session is retrieved from the server (c) user doesn't need to login again. Pretty standard I've would have thought. Using Django sessions and JQuery. I'm having troubles implementing the above usecase. Here are some problems I've encountered: Cross domain POST AJAX requests are disallowed. That was solved with JSONp. I doubt it is a very secure approach but for now it works. My server returns the session id in a cookie, however when the user navigates to a different page I don't really know how to retrieve that session id to send back to my server. Can I even read third party cookies from my JavaScript? I'm looking for some guidelines on implementing the above usecase. Ideally I don't want to redirect user to another page for them to sign in. Any suggestion would be greatly appreciated. Thanks.

    Read the article

  • Overriding windows authentication for a .NET application

    - by JoshReedSchramm
    I have a .NET application where the homepage (default.aspx) should be accessible by anyone. There is also a reporting page (reporting.aspx) that I want to secure via windows authentication and only allow access to a particular set of AD groups. Right now the way my web.config is setup it is securing the reporting page but on the home page it prompts the user for login credentials. If they hit esc they can continue to the page though so it isnt actually securing it. I need to prevent it from prompting the user. How do i need to setup my config. Here is what i have now - <system.web> <authentication mode="Windows" /> <identity impersonate="true" /> <authorization> <allow roles="BUILTIN\Administrators, DomainName\Manager" /> <deny users="?" /> </authorization> ...MORE STUFF... </system.web> <location path="default.aspx"> <system.web> <identity impersonate="false" /> <authorization> <allow users="*"/> </authorization> </system.web> </location>

    Read the article

  • android logging sdcard

    - by Abhi Rao
    Hello, With Android-Emulator I am not able to write/create a file on the SD Card (for logging). Here is what I have done so far - Run mksdcard 8192K C:\android-dev\emu_sdcard\emu_logFile - Create a new AVD, when assign emu_logFile to it so that when I view the AVD Details it says C:\android-dev\emu_sdcard\emu_logFile against the field "SD Card" - Here is the relevant code public class ZLogger { static PrintWriter zLogWriter = null; private static void Initialize() { try { File sdDir = Environment.getExternalStorageDirectory(); if (sdDir.canWrite()) { : File logFile = new File (sdDir, VERSION.RELEASE + "_" + ".log"); FileWriter logFileWriter = new FileWriter(logFile); zLogWriter = new PrintWriter(logFileWriter); zLogWriter.write("\n\n - " + date + " - \n"); } } catch (IOException e) { Log.e("ZLogger", "Count not write to file: " + e.getMessage()); } } sdDir.canWrite returns false - please note it not the exception from adb shell when I do ls I see sdcard as link to /mnt/sdcard. When I do ls -l /mnt here is what I see ls -l /mnt ls -l /mnt drwxr-xr-x root system 2010-12-24 03:41 asec drwx------ root root 2010-12-24 03:41 secure d--------- system system 2010-12-24 03:41 sdcard whereas if I go to the directory where I created emu_sdcard - I see a lock has been issued, as shown here C:dir android-dev\emu_sdcard Volume in drive C is Preload Volume Serial Number is A4F3-6C29 Directory of C:\android-dev\emu_sdcard 12/24/2010 03:41 AM . 12/24/2010 03:41 AM .. 12/24/2010 03:17 AM 8,388,608 emu_logFile 12/24/2010 03:41 AM emu_logFile.lock 1 File(s) 8,388,608 bytes 3 Dir(s) 50,347,704,320 bytes free I have looked at these and other SO questions Android Emulator sdcard push error: Read-only file system (2) Not able to view SDCard folder in the FileExplorer of Android Eclipse I have added the following to AndroidManifest.xml **uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" ** Please let me know your thoughts - what am I missing here? Why does canWrite return false? What should I do to add permissions to sdcard?

    Read the article

  • Multiple connections in a single SSH SOCKS 5 Proxy

    - by Elie Zedeck
    Hey guys, My fist question here on Stackoverflow: What should I need to do so that the SSH SOCKS 5 Proxy (SSH2) will allow multiple connections? What I have noticed, is that when I load a page in Firefox (already configured to use the SOCKS 5 proxy), it loads everything one by one. It can be perceived by bare eyes, and I also confirm that through the use of Firebug's NET tab, which logs the connections that have been made. I have already configure some of the directives in the about:config page, like pipeline, persistent proxy connections, and a few other things. But I still get this kind of sequential load of resources, which is noticeably very slow. network.http.pipelining;true network.http.pipelining.maxrequests;8 network.http.pipelining.ssl;true network.http.proxy.pipelining;true network.http.max-persistent-connections-per-proxy;100 network.proxy.socks_remote_dns;true My ISP sucks because during the day, it intentionally breaks connections on a random basis. And so, it is impossible to actually accomplish meaningful works without the need of a lot of browser refresh or hitting F5 key. So, that is why I started to find solutions to this. The SSH's dynamic port forwarding is the best solution I find to date, because it has some pretty good compression which saves a lot of useless traffic, and is also secure. The only thing remaining is to get it to have multiple connections running in it. Thanks for all the inputs.

    Read the article

  • Securely erasing a file using simple methods?

    - by Jason
    Hello, I am using C# .NET Framework 2.0. I have a question relating to file shredding. My target operating systems are Windows 7, Windows Vista, and Windows XP. Possibly Windows Server 2003 or 2008 but I'm guessing they should be the same as the first three. My goal is to securely erase a file. I don't believe using File.Delete is secure at all. I read somewhere that the operating system simply marks the raw hard-disk data for deletion when you delete a file - the data is not erased at all. That's why there exists so many working methods to recover supposedly "deleted" files. I also read, that's why it's much more useful to overwrite the file, because then the data on disk actually has to be changed. Is this true? Is this generally what's needed? If so, I believe I can simply write the file full of 1's and 0's a few times. I've read: http://www.codeproject.com/KB/files/NShred.aspx http://blogs.computerworld.com/node/5756 http://blogs.computerworld.com/node/5687 http://stackoverflow.com/questions/4147775/securely-deleting-a-file-in-c-net

    Read the article

  • Asp.net PopupControlExtender inside UpdatePabel

    - by user296422
    Hi, So i use PopupControlExtender (to edit some of the fields) inside ListViewControl which itself is embeded inside an UpdatePanel. The problem is as follows whenever you cause partail postback the popup panels are created client side outside the updatepanel. And you get more clientside controls with the same clientside ID. When you postback with popup panel the server side control eg. Texbox has Text = clientsidecontrol1.text, clientsidecontrol2.text, clientsidecontrol.text3 Is there a way to prevent this. <%@ Page Language="C#" AutoEventWireup="true" CodeFile="Test.aspx.cs" Inherits="Secure_Test" %> <%@ Register assembly="AjaxControlToolkit" namespace="AjaxControlToolkit" tagprefix="cc1" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title></title> </head> <body> <form id="form1" runat="server"> <cc1:ToolkitScriptManager ID="ToolkitScriptManager1" runat="server"> </cc1:ToolkitScriptManager> <div> <asp:UpdatePanel ID="UpdatePanel1" runat="server"> <ContentTemplate> <asp:Label ID="InputLabel" runat="server" Text="Whatever you put in the textbox"></asp:Label> <br /> <asp:Label runat="server"> <%= DateTime.Now.ToString() %></asp:Label> <br /> <asp:Button ID="Button1" runat="server" Text="Refresh" /> <br /> <asp:LinkButton ID="PopupLB" runat="server">Popup</asp:LinkButton> <br /> <cc1:PopupControlExtender ID="PopupControlExtender1" runat="server" PopupControlID="Panel1" TargetControlID="PopupLB" CommitProperty="Value"> </cc1:PopupControlExtender> <asp:Panel ID="Panel1" runat="server"> <asp:UpdatePanel ID="UpdatePanel2" runat="server"> <ContentTemplate> <asp:TextBox ID="InputTB" runat="server"></asp:TextBox> <asp:Button ID="SubmitBTN" runat="server" Text="Submit" onclick="SubmitBTN_Click" UseSubmitBehavior="false" /> </ContentTemplate> </asp:UpdatePanel> </asp:Panel> </ContentTemplate> </asp:UpdatePanel> </div> </form> </body> </html> using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; using AjaxControlToolkit; public partial class Secure_Test : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { } protected void SubmitBTN_Click(object sender, EventArgs e) { PopupControlExtender pce = AjaxControlToolkit.PopupControlExtender.GetProxyForCurrentPopup(Page); pce.Commit("Popup"); InputLabel.Text = InputTB.Text; } } To make it easier to test i post the code of an example page i used for testing. To make myself clear here is an example: i click Popup. Type "asdf" in the textbox and click Submit. InputPanel dispalys "asdf" i click Popup again. Type "qwerty" in the textbox and click Submit. InputPanel now displays "qwerty,asdf" When you check it the firebug you get this: <form id="form1" action="Test.aspx" method="post" name="form1"> <div> <input type="hidden" value=";;AjaxControlToolkit, Version=3.0.30930.21526, Culture=neutral, PublicKeyToken=28f01b0e84b6d53e:pl-PL:c83bc095-c5d9-40da-b175-dc46338fcc3a:865923e8:91bd373d:596d588c:411fea1c:e7c87f07:bbfda34c:30a78ec5:42b7c466;" id="ToolkitScriptManager1_HiddenField" name="ToolkitScriptManager1_HiddenField"> </div> <script type="text/javascript"> //&lt;![CDATA[ var theForm = document.forms['form1']; if (!theForm) { theForm = document.form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]&gt; </script> <script type="text/javascript" src="/WebResource.axd?d=B2RAZw_YugtketKJqWIbXA2&amp;t=634051184591131846"></script> <script type="text/javascript" src="/ScriptResource.axd?d=zifZiisoqXYJSwLXuAZ4DmtrWVvn9x0W1r7qfDo40UU7q9QYoa5ChdBZD6dDL66f0flKVDmPL2woIPesut_FUpsFZUN2A5sDN7IOqPUOZO41&amp;t=1a45d080"></script> <script type="text/javascript"> //&lt;![CDATA[ if (typeof(Sys) === 'undefined') throw new Error('Ladowanie struktury strony klienta ASP.NET Ajax nie powiodlo sie.'); //]]&gt; </script> <script type="text/javascript" src="/ScriptResource.axd?d=zifZiisoqXYJSwLXuAZ4DmtrWVvn9x0W1r7qfDo40UU7q9QYoa5ChdBZD6dDL66fyxEJaYB3uJEQ0r_TmOPczeBZ1gpFH5a6x4ug130lptsKAcGA3S1vt08sHQo5sFtH0&amp;t=1a45d080"></script> <script type="text/javascript" src="/Secure/Test.aspx?_TSM_HiddenField_=ToolkitScriptManager1_HiddenField&amp;_TSM_CombinedScripts_=%3b%3bAjaxControlToolkit%2c+Version%3d3.0.30930.21526%2c+Culture%3dneutral%2c+PublicKeyToken%3d28f01b0e84b6d53e%3apl-PL%3ac83bc095-c5d9-40da-b175-dc46338fcc3a%3a865923e8%3a91bd373d%3a596d588c%3a411fea1c%3ae7c87f07%3abbfda34c%3a30a78ec5%3a42b7c466"></script> <div> </div> <script type="text/javascript"> //&lt;![CDATA[ Sys.WebForms.PageRequestManager._initialize('ToolkitScriptManager1', document.getElementById('form1')); Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tUpdatePanel1','tUpdatePanel2'], [], [], 90); //]]&gt; </script> <div> <div id="UpdatePanel1"> <span id="InputLabel">qwerty,asdf</span> <br> <span>2010-06-15 18:26:50</span> <br> <input type="submit" id="Button1" value="Refresh" name="Button1"> <br> <a href="javascript:__doPostBack('PopupLB','')" id="PopupLB">Popup</a> <br> </div> </div> <script type="text/javascript"> //&lt;![CDATA[ (function() {var fn = function() {$get('ToolkitScriptManager1_HiddenField').value = '';Sys.Application.remove_init(fn);};Sys.Application.add_init(fn);})();Sys.Application.initialize(); Sys.Application.add_init(function() { $create(AjaxControlToolkit.PopupControlBehavior, {"CommitProperty":"Value","PopupControlID":"Panel1","dynamicServicePath":"/Secure/Test.aspx","id":"PopupControlExtender1"}, null, null, $get("PopupLB")); }); //]]&gt; </script> <div id="Panel1" style="position: absolute; left: 8px; top: 73px; z-index: 1000; display: none; visibility: hidden;"> <div id="UpdatePanel2"> <input type="text" id="InputTB" name="InputTB"> <input type="button" id="SubmitBTN" onclick="javascript:__doPostBack('SubmitBTN','')" value="Submit" name="SubmitBTN"> </div> </div><span style="display: none ! important;"><input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value=""></span><span style="display: none ! important;"><input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value=""></span><span style="display: none ! important;"><input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJMTkwNzc2NzAzD2QWAgIDD2QWAgIDD2QWAmYPZBYCAgEPDxYCHgRUZXh0BQtxd2VydHksYXNkZmRkZApLPc2nZUC+UkZsCrByuofHMah5"></span><span style="display: none ! important;"><input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWBQLi2qWdAwKM54rGBgKIkJujDQKbjp+pDQKc7v+tArliNtJzeG8HrfsGBBXIViJAUGMz"></span><div id="Panel1" style="visibility: hidden; position: absolute; left: 8px; top: 73px; z-index: 1000; display: none;"> <div id="UpdatePanel2"> <input type="text" id="InputTB" value="asdf" name="InputTB"> <input type="button" id="SubmitBTN" onclick="javascript:__doPostBack('SubmitBTN','')" value="Submit" name="SubmitBTN"> </div> </div><div id="Panel1" style="display: none; visibility: hidden; position: absolute;"> <div id="UpdatePanel2"> <input type="text" id="InputTB" value="qwerty,asdf" name="InputTB"> <input type="button" id="SubmitBTN" onclick="javascript:__doPostBack('SubmitBTN','')" value="Submit" name="SubmitBTN"> </div> </div></form> InputTB and Panel1 where generated 3 time.

    Read the article

  • Headless, scriptable Firefox/Webkit on linux?

    - by Parand
    I'm looking to automate some web interactions, namely periodic download of files from a secure website. This basically involves entering my username/password and navigating to the appropriate URL. I tried simple scripting in Python, followed by more sophisticated scripting, only to discover this particular website is using some obnoxious javascript and flash based mechanism for login, rendering my methods useless. I then tried HTMLUnit, but that doesn't seem to want to work either. I suspect use of Flash is the issue. I don't really want to think about it any more, so I'm leaning towards scripting an actual browser to log in and grab the file I need. Requirements are: Run on linux server (ie. no X running). If I really need to have X I can make that happen, but I won't be happy. Be reliable. I want to start this thing and never think about it again. Be scriptable. Nothing too sophisticated, but I should be able to tell the browser the various steps to take and pages to visit. Are there any good toolkits for a headless, X-less scriptable browser? Have you tried something like this and if so do you have any words of wisdom?

    Read the article

  • Internet Explorer Warning when embedding Youtube on HTTPS site?

    - by pellepim
    Our application is run over HTTPS which rarely presents any problems for us. When it comes to youtube however, the fact that they do not present any content over SSL connections is giving us some head ache when trying to embed clips. Mostly because of Internet Explorers famous little warning message: "Do you want to view only the webpage content that was delivered securely? This page contains content that will not be delivered using a secure HTTPS ... etc" I've tried to solve this in several ways. The most promising one was to use the ProxyPass functionality in Apache to map to YouTube. Like this: ProxyPass: /youtube/ http://www.youtube.com ProxyPassReverse: /youtube/ http://www.youtube.com This gets rid of the annoying warning. However, the youtube SWF fails to start streaming The SWF i manage to load into the browser simply states : "An error occurred, please try again later". Potential solutions are perhaps: Download youtube FLV:s and serve them out of own domain (gah) Use custom FLV-player and stream only FLV:s from youtube over a https proxy? Update 10 March: I've tried to use Googles Youtube API for ActionScript to load a player. It looked promising at first and I was able to load a player through my https:// proxy. However, the SWF that is loaded contains loads of explicit calls to different non-ssl urls to create authentication links for the FLV-stream and for loading different crossdomain policies. It really seems like we're not supposed to access flv-streams directly. This makes it very hard to bypass the Internet Explorer warning, short of ripping out the FLV:s from youtube and serving them out of your own domain. There are solutions out there for downloading youtubes FLV:s. But that is not compliant with the Youtube terms of use and is really not an option for us.

    Read the article

  • My service does not start on Windows 2008 (it works on Windows 2003)

    - by akirekadu
    When we install our product on Windows 2008 SP2, couple of services fail to start. After trying different things, we figured out that these service were able to start when "Log on as" is set to "Local system account". This service does need to run as a specific user because it requires access to secure resources. The service did run just fine under this special user account under Windows 2003. I am thinking the problem is related to UAC (user access control). Under interactive mode one can elevate permission by answering the security dialog box. How to do the same for a service? How to configure the service so it runs with necessary permissions? Thanks! Couple of notes I would like to add. One solution I tried is to execute the installer as administrator. The service does get installed. However, it creates another problem. An embedded 3rd party product and its files get installed with admin only rights. So we do need to run the installer as logged in user.

    Read the article

  • Google's Oauth for Installed apps vs. Oauth for Web Apps

    - by burgerguy
    So I'm having trouble understanding something... If you do Oauth for Web Apps, you register your site with a callback URL and get a unique consumer secret key. But once you've obtained an Oauth for Web Apps token, you don't have to generate Oauth calls to the google server from your registered domain. I regularly use my key and token from scripts running via an apache server at localhost on my laptop and Google never says "you're not sending this request from the registered domain." It just sends me the data. Now, as I understand it, if you do Oauth for Installed Apps, you use "anonymous" instead of a secret key you got from Google. I've been thinking of just using the OAuth for Web Apps auth method, then passing that token to an installed app that has my secret code embedded in its innards. The worry is that the code could be discovered by bad people. But what's more secure... making them work for the secret code or letting them default to anonymous? What really goes bad if the "secret" is discovered when the alternative is using "anonymous" as the secret?

    Read the article

  • Unknown error when submit a REST request to Liferay json API

    - by r.rodriguez
    I'm writing an script in Python to automatically update the structures in my Liferay portal and I want to do it via the json REST API. I make a request to get an structure (method getStructure), and it worked. But when I try to do an structure update in the portal it shows me the following error: ValueError: Content-Length should be specified for iterable data of type class 'dict' {'serviceContext': "{'prueba'}", 'serviceClassName': 'com.liferay.portlet.journal.service.JournalStructureServiceUtil', 'name': 'FOO', 'xsd': '... THE XSD OBTAINED VIA JSON ...', 'serviceParameters': '[groupId,structureId,parentStructureId,name,description,xsd,serviceContext]', 'description': 'FOO Structure', 'serviceMethodName': 'updateStructure', 'groupId': '10133'} What I'm doing is the next: urllib.request.Request(url = URL, data = data_update, headers = headers) URL is http://localhost:8080/tunnel-web/secure/json The headers are configured with basic authentication (it works, it is tested with the getStructure method). Data is: data_update = { "serviceClassName" : "com.liferay.portlet.journal.service.JournalStructureServiceUtil", "serviceMethodName" : "updateStructure", "serviceParameters" : "[groupId,structureId,parentStructureId,name,description,xsd,serviceContext]", "groupId" : 10133, "name" : FOO, "description" : FOO Structure, "xsd" : ... THE XSD OBTAINED VIA JSON ..., "serviceContext" : "{}" } Does anybody know the solution? Have I to specify the length for the dictionary and how? Or this is a bug?

    Read the article

  • TFS and Forms Authentication

    - by George
    I don't know squat about TFS, other than as a user who has performed simple check in/outs. I just installed it locally and would like to do joint development with a friend. I was having trouble making my TFS web site on port 8080 visible (the whole scoop is here if your interested) and I wonder if it could be related to the fact that TFS is probably using Windows Authentication to identify the user. Can TFS be set up to use forms authentication? We probably need to set up a VPN, though that's a learning curve too. To use TFS, do our machines have to belong to a domain? We're not admin types, though he is better than me, though I would be interested in any feedback or advice on which path is likely to pan out the best. I already got AxoSoft OneTime working in this type of an environment and it suits us well, but I am tempted at all the bells & whistles with TFS and the ability to tie tracked bug items to code changes. As far as finding a good way to share code, do sites like SourceForge allow one to keep code secure among members only?

    Read the article

  • Redirection fails in IE but is fine with Firefox

    - by Bob
    I use an <Authorize> attribute in ASP.NET MVC to secure a controller. My page loads portions of its content via AJAX. Here's a problem I have with IE8, but not Firefox 3.6: Sign in as user JohnDoe and navigate to http://www.example.com/AjaxPage. Everything works fine. AjaxPage is protected with the <Authorize> attribute. Sign out, which redirects me to http://www.example.com. That page doesn't use <Authorize>. Navigate to http://www.example.com/AjaxPage without signing in again. I should be redirected to the Sign In page since that controller has the <Authorize> attribute. Step 3 works with Firefox, but IE8 displays the non-Ajax portion of http://www.example.com/AjaxPage and then never loads the Ajax content. I'm surprised any content is displayed at all since I should be redirected to the Sign In page. My code redirects to the login page with: Return Redirect("https://login.live.com/wlogin.srf?appid=MY-APP-ID&alg=wsignin1.0") Why does Firefox handle this redirection, but IE doesn't? Since it works the first time (Step 1 above), is there a cache issue?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 137 138 139 140 141 142 143 144 145 146 147 148  | Next Page >