Search Results

Search found 13256 results on 531 pages for 'password policy'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 151/531 | < Previous Page | 147 148 149 150 151 152 153 154 155 156 157 158  | Next Page >

  • Wordpress - Set Published Date

    - by danit
    Using this function: function wpPostXMLRPC($title,$body,$rpcurl,$username, $password,$category,**$pubdate**,$keywords='',$encoding='UTF-8') { $title = htmlentities($title,ENT_NOQUOTES,$encoding); $keywords = htmlentities($keywords,ENT_NOQUOTES,$encoding); $content = array( 'title'=>$title, 'description'=>$body, 'mt_allow_comments'=>1, // 1 to allow comments 'mt_allow_pings'=>0, // 1 to allow trackbacks 'post_type'=>'post', 'post_status' => 'draft', **'post_date' =>$pubdate,** 'mt_keywords'=>$keywords, 'categories'=>array($category) ); $params = array(0,$username,$password,$content,true); $request = xmlrpc_encode_request('metaWeblog.newPost',$params); $ch = curl_init(); curl_setopt($ch, CURLOPT_POSTFIELDS, $request); curl_setopt($ch, CURLOPT_URL, $rpcurl); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 1); $results = curl_exec($ch); curl_close($ch); return $results; } My Code: $title = $correctdataandtime; $body = '<a href="' . $links['alternate'] . '" />' . '<img src="' . $links['image'] . '" />' . '</a>'; $pubdate = date("Y-m-d H:i:s", $datetime); //Default Settings $rpcurl = 'http://vl3.co.uk/xmlrpc.php'; $username = 'admin'; $password = '3cdsbvre'; $category = '1'; //default is 1, enter a number here. $keywords = 'Twitter';//keywords comma seperated. $encoding ='UTF-8';//utf8 recommended wpPostXMLRPC($title,$body,$rpcurl,$username,$password,$pubdate,$category,$keywords,$encoding); Output of $pubdate is: 2010-04-05 19:25:31 However it still sets the published date as the date and time when i run the script.

    Read the article

  • AES Encryption Java Invalid Key length

    - by wuntee
    I am trying to create an AES encryption method, but for some reason I keep getting a 'java.security.InvalidKeyException: Key length not 128/192/256 bits'. Here is the code: public static SecretKey getSecretKey(char[] password, byte[] salt) throws NoSuchAlgorithmException, InvalidKeySpecException{ SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEWithMD5AndDES"); // NOTE: last argument is the key length, and it is 256 KeySpec spec = new PBEKeySpec(password, salt, 1024, 256); SecretKey tmp = factory.generateSecret(spec); SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES"); return(secret); } public static byte[] encrypt(char[] password, byte[] salt, String text) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidParameterSpecException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException{ SecretKey secret = getSecretKey(password, salt); Cipher cipher = Cipher.getInstance("AES"); // NOTE: This is where the Exception is being thrown cipher.init(Cipher.ENCRYPT_MODE, secret); byte[] ciphertext = cipher.doFinal(text.getBytes("UTF-8")); return(ciphertext); } Can anyone see what I am doing wrong? I am thinking it may have something to do with the SecretKeyFactory algorithm, but that is the only one I can find that is supported on the end system I am developing against. Any help would be appreciated. Thanks.

    Read the article

  • Android accessibility focus - clicking a view changes focus to previous view

    - by benkdev
    I'm using android TalkBack to test my application for accessibility use. When I swipe to select a view and double tap, the focus returns the the view above it. Usually when swiping to a view and double clicking it, onClick is called. What am I doing wrong? <?xml version="1.0" encoding="utf-8"?> <LinearLayout xmlns:android="http://schemas.android.com/apk/res/android" android:orientation="vertical" android:layout_width="fill_parent" android:layout_height="fill_parent" android:background="@color/all_white" > <ImageView android:layout_width="wrap_content" android:layout_height="wrap_content" android:src="@drawable/header" android:scaleType="center" /> <ImageView android:layout_width="wrap_content" android:layout_height="wrap_content" android:src="@drawable/green_bar" android:scaleType="center" /> <ImageView android:layout_width="wrap_content" android:layout_height="wrap_content" android:src="@drawable/blue_bar" android:scaleType="center" /> <EditText android:id="@+id/username" android:layout_width="325dp" android:layout_height="wrap_content" android:hint="@string/username" android:focusable="true" android:nextFocusDown="@id/password" /> <EditText android:id="@+id/password" android:inputType="textPassword" android:layout_width="325dp" android:layout_height="wrap_content" android:hint="@string/password" android:focusable="true" android:nextFocusUp="@id/username" android:nextFocusDown="@id/login" /> <Button android:id="@+id/login" android:onClick="doLogin" android:focusable="true" android:layout_width="325dp" android:layout_height="wrap_content" android:text="@string/login" android:nextFocusUp="@id/password" android:nextFocusDown="@id/create_trial_account" /> <Button android:id="@+id/create_trial_account" android:layout_width="100dip" android:layout_height="wrap_content" android:text="@string/new_user" android:onClick="createAccount" android:focusable="true" android:nextFocusUp="@id/login" /> <TextView android:id="@+id/copyright" android:layout_width="fill_parent" android:layout_height="wrap_content" android:text="@string/copyright" /> <TextView android:id="@+id/buildNumber" android:layout_width="fill_parent" android:layout_height="wrap_content" /> </LinearLayout>

    Read the article

  • Flex - Issues retrieving an XMLList

    - by BS_C3
    Hello! I'm having a problem retrieving a XMLList and I don't understand why. I have an application that is running properly. It uses some data from two xml files called division.xml and store.xml. I noticed that I have some data in division.xml that should be in store.xml, so I did a copy/paste of the data from one file to the other. This is the data I copied: <stores> <store> <odeis>101</odeis> <name></name> <password></password> <currency></currency> <currSymbol></currSymbol> </store> <store> <odeis>102</odeis> <name></name> <password></password> <currency></currency> <currSymbol></currSymbol> </store> </stores> In the application, I list all odeis codes and I need to retrieve the block store corresponding to the selected odeis code. Before moving the data into store.xml, this is how I retrieved the block: var node:XMLList = divisionData.division.(@name==HomePageData.instance.divisionName).stores.store.(odeis == HomePageData.instance.storeCodeOdeis) This is how I retrieve it after copying the data into store.xml: var node:XMLList = storeData.stores.(@name==HomePageData.instance.divisionName).store.(odeis == HomePageData.instance.storeCodeOdeis) And I'm currently getting the following error: ReferenceError: Error #1065: The variable odeis is not defined. Could anyone enlighten me? Cause I really have no clue of why it is not working... Thanks for any tips you can give. Regards, BS_C3

    Read the article

  • What AOP tools exist for doing aspect-oriented programming at the assembly language level against x8

    - by JohnnySoftware
    Looking for a tool I can use to do aspect-oriented programming at the assembly language level. For experimentation purposes, I would like the code weaver to operate native application level executable and dynamic link libraries. I have already done object-oriented AOP. I know assembly language for x86 and so forth. I would like to be able to do logging and other sorts of things using the familiar before/after/around constructs. I would like to be able to specify certain instructions or sequences/patterns of consecutive instructions as what to do a pointcut on since assembly/machine language is not exactly the most semantically rich computer language on the planet. If debugger and linker symbols are available, naturally, I would like to be able to use them to identify subroutines' entry points , branch/call/jump target addresses, symbolic data addresses, etc. I would like the ability to send notifications out to other diagnostic tools. Thus, support for sending data through connection-oriented sockets and datagrams is highly desirable. So is normal logging to files, UI, etc. This can be done using the action part of an aspect to make a function call, but then there are portability issues so the tool needs to support a flexible, well-abstracted logging/notifying mechanism with a clean, simple yet flexible. The goal is rapid-QA. The idea is to be able to share aspect source code braodly within communties as well as publicly. So, there needs to be a declarative security policy file that users can share. This insures that nothing untoward that is hidden directly or indirectly in an aspect source file slips by the execution manager. The policy file format needs to be simple to read, write, modify, understand, type-in, edit, and generate. Sort of like Java .policy files. Think the exact opposite of anything resembling XML Schema files and you get the idea. Is there such a tool in existence already?

    Read the article

  • Athentication Problem - not recognizing 'else' - Ruby on rails...

    - by bgadoci
    I can't seem to figure out what I am doing wrong here. I have implemented the Super Simple Authentication from Ryan Bates tutorial and while the login portion is functioning correctly, I can't get an error message and redirect to happen correctly for a bad login. Ryan Bates admits in his comments he left this out but can't seem to implement his recommendation. Basically what is happening is that when someone logs in correctly it works. When a bad password is entered it does the same redirect and flashes 'successfully logged in' thought they are not. The admin links do not show (which is correct and are the links protected by the <% if admin? %) but I need it to say 'failed login' and redirect to login path. Here is my code: SessionsController class SessionsController < ApplicationController def create if session[:password] = params[:password] flash[:notice] = 'Successfully logged in' redirect_to posts_path else flash[:notice] = "whoops" redirect_to login_path end end def destroy reset_session flash[:notice] = 'Successfully logged out' redirect_to posts_path end end ApplicationController class ApplicationController < ActionController::Base helper_method :admin? protected def authorize unless admin? flash[:error] = "unauthorized request" redirect_to posts_path false end end def admin? session[:password] == "string0826" end helper :all # include all helpers, all the time protect_from_forgery # See ActionController::RequestForgeryProtection for details # end

    Read the article

  • Use SQL Result to Query second time and grab more results via php

    - by maxwell
    I am grabbing a list of school names from a database. When the user clicks on the school name, i want the code to fetch 2-3 other attributes related to the school name that the user has clicked on. My code for the single school name list: $query = mysql_query("Select schoolname, product, username, password from credentials c join products p on p.productid = c.productid join schools s on s.schoolid = c.schoolid join icons i on i.productid = p.productid order by s.schoolname"); echo '<ul>'; while($row = mysql_fetch_array($query)) { echo "<li> <a href='#'>" . $row['schoolname'] . "</a> </li>"; } echo ''; Current Output: School A School A School B School B School B School C School C Expected Output: School name displayed only once (distinct won't work because each school name has 2-3 product credentials School A School B School C Ability for User to click on a school. then the school names underneath will move down (toggle effect) and user can see product, username and password displayed for the school clicked (for example: user clicked on School A) School A productname1, username, password productname2, username, password School B School C

    Read the article

  • Help with SOAP request using PHP

    - by mptre
    I'm having a SOAP related problem in PHP. I'm trying to create arbitrary SOAP request using Nusoap_client class. The complete request including headers should look like the example below. Ofcourse the placeholders (string) should be replaced with actual values. POST /services/RecipeCouponAPI11.asmx HTTP/1.1 Host: example.com Content-Type: text/xml; charset=utf-8 Content-Length: length SOAPAction: "http://www.example.com/services/GetCouponAll" <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header> <RCAuthenticator xmlns="http://www.example.com/services/"> <UserName>string</UserName> <Password>string</Password> </RCAuthenticator> </soap:Header> <soap:Body> <GetCouponAll xmlns="http://www.example.com/services/"> <campaignCode>string</campaignCode> </GetCouponAll> </soap:Body> </soap:Envelope> I tried the following code with no luck. Seems like the request isn't formated correctly. Any ideas on how to get his working? <?php $client = new Nusoap_client('http://www.example.com/services/RecipeCouponAPI11.asmx'); $headers = new SoapHeader( 'http://www.example.com/services/', 'RCAuthenticator', (object)array( 'UserName' => 'username', 'Password' => 'password' ), false ); $client->setHeaders(array($headers)); $response = $client->call( 'GetCouponAll', array('campaignCode' => 'campaigncode'), null, 'http://www.example.com/services/GetCouponAll' ); ?> Thanks in advantage!

    Read the article

  • Crystal Reports Failed Database Login

    - by Marlon
    Hello, After spending a good 3 to 4 hours on google trying to find any solution to my problem I haven't had much luck. Basically, we use crystal reports for our .NET applications with a sql server back end, we have many clients each with their own server and so our reports need to have their connections dynamically set. Up until a week ago this worked fine. However a few days ago a client reported they were getting a database login prompt for a report (only one report, the rest worked fine). We were quite stumped but we managed to reproduce it on a netbook which didn't have visual studio or sql server installed. In the end the dev decided to reproduce the report in the hope it was just an oddity in that particular report. Unfortunately a new client today also experienced the same problem, but this time for every crystal report they had - and also they worked on the netbook, so we are really quite lost here. Below is a screenshot of what our clients get presented with - and here is the code that I use to set the connection information in the report cI.ServerName = (string)builder["Data Source"]; cI.DatabaseName = (string)builder["Initial Catalog"]; cI.UserID = (string)builder["User ID"]; cI.Password = (string)builder["Password"]; foreach (IConnectionInfo info in cryRpt.DataSourceConnections) { info.SetConnection(cI.ServerName, cI.DatabaseName, cI.UserID, cI.Password); } foreach (ReportDocument sub in cryRpt.Subreports) { foreach (IConnectionInfo info in sub.DataSourceConnections) { info.SetConnection(cI.ServerName, cI.DatabaseName, cI.UserID, cI.Password); } } As always, any help much appreciated.

    Read the article

  • Problem with cruise control and visual svn

    - by Andrew
    Hi Wonder if anyone can help, I am experiencing a strange issue with my configuration of cruisecontrol.net and visual svn. I am setting the current ccnet.config <sourcecontrol type="svn"> <trunkUrl>https://bladerunner.azullo.local:8443/svn/application/trunk</trunkUrl> <executable>C:\Program Files (x86)\VisualSVN Server\bin\svn.exe</executable> <username>test</username> <password>test</password> <workingDirectory>D:\Development\Build\application\</workingDirectory> </sourcecontrol> <publishers> <xmllogger/> </publishers> <modificationDelaySeconds>10</modificationDelaySeconds> </project> When I run this I expect it to go to https://bladerunner.azullo.local:8443/svn/application/trunk, however i get the following ThoughtWorks.CruiseControl.Core.CruiseControlException: Source control operation failed: svn: OPTIONS of 'http://bladerunner.azullo.local:8080/svn/application/trunk': could not connect to server (http://bladerunner.azullo.local:8080) . Process command: C:\Program Files (x86)\VisualSVN Server\bin\svn.exe update D:\Development\build\application\ --username test --password ** --no-auth-cache --non-interactive at ThoughtWorks.CruiseControl.Core.Sourcecontrol.ProcessSourceControl.Execute(ProcessInfo processInfo) at ThoughtWorks.CruiseControl.Core.Sourcecontrol.Svn.UpdateSource(IIntegrationResult result) at ThoughtWorks.CruiseControl.Core.IntegrationRunner.Build(IIntegrationResult result) at ThoughtWorks.CruiseControl.Core.IntegrationRunner.Integrate(IntegrationRequest request) So for some reason it goes to 'http://bladerunner.azullo.local:8080/svn/application/trunk' If I remove the username and password elements in the ccnet.config. It goes to the correct url. I dont understand this behaviour. I have configured visual svn with a certificate using Active directory Certificate Services, if this was the problem I would expect it to show an error regarding the certificate instead of changing the url. I have cleared our state etc Any Ideas

    Read the article

  • Possible to recover mysql root pass with sudo server access?

    - by jonathonmorgan
    I've inherited development for a website on vps hosting, and have login info for a user with sudo privileges, but don't have the password for the mysql root user. After digging around a little, it looks like the only way to fix this is to stop mysql (something like this: http://waoewaoe.wordpress.com/2010/02/03/recover-reset-mysql-root-password/). But because the website it's serving is currently in production, I'm hoping you guys can enlighten me to any potential consequences (or let me know if there's typically a file where the password would be accessible). a) during the time mysql is stopped, information in the database won't be accessible, right -- even by other users? b) will resetting the root password have any impact on other users after mysql has restarted? Will their username/passwords still be valid? The current application is using an account with limited privileges to read/write to the database, and while 5min downtime in the middle of the night would probably go unnoticed, half a day while I tie up loose ends/figure out what I screwed up will land in me hot water. Thanks in advance for your help!

    Read the article

  • Access problems with System.Diagnostics.Process in webservice

    - by Martin
    Hello everyone. I have problems with executing a process in a webservice method on a Windows Server 2003 machine. Here is the code: Dim target As String = "C:\dnscmd.exe" Dim fileInfo As System.IO.FileInfo = New System.IO.FileInfo(target) If Not fileInfo.Exists Then Throw New System.IO.FileNotFoundException("The requested file was not found: " + fileInfo.FullName) End If Dim startinfo As New System.Diagnostics.ProcessStartInfo("C:\dnscmd.exe") startinfo.UseShellExecute = False startinfo.Arguments = "\\MYCOMPUTER /recordadd mydomain.no " & dnsname & " CNAME myhost.mydomain.no" startinfo.UserName = "user1" Dim password As New SecureString() For Each c As Char In "secretpassword".ToCharArray() password.AppendChar(c) Next startinfo.Password = password Process.Start(startinfo) I know the process is being executed because i use processmonitor.exe on the server and it tells me that c:\dnscmd.exe is called with the right parameters Full command line value from procmon is: "C:\dnscmd.exe" \MYCOMPUTER /recordadd mydomain.no mysubdomain CNAME myhost.mydomain.no The user of the created process on the server is NT AUTHORITY\SYSTEM. BUT, the dns entry will not be added! Here is the weird thing: I KNOW the user (user1) I authenticate with has administrative rights (it's the same user I use to log on the machine with), but the user of the process in procmon says NT AUTHORITY\SYSTEM (which is not the user i use to authenticate). Weirdest: If i log on to the server, copy the command line value read from the procmon logging, and paste it in a command line window, it works! Reading procmon after this shows that user1 owns the dnscmd process. Why doesn't user1 become owner of the process started with system.diagnostics.process? Is the reason why the command doesn't work?

    Read the article

  • java Properties - to expose or not to expose?

    - by ring bearer
    This might be an age old problem and I am sure everyone has their own ways. Suppose I have some properties defined such as secret.user.id=user secret.password=password website.url=http://stackoverflow.com Suppose I have 100 different classes and places where I need to use these properties. Which one is good (1) I create a Util class that will load all properties and serve them using a key constant Such as : Util is a singleton that loads all properties and keeps up on getInstance() call. Util myUtil = Util.getInstance(); String user = myUtil.getConfigByKey(Constants.SECRET_USER_ID); String password = myUtil.getConfigByKey(Constants.SECRET_PASSWORD); .. //getConfigByKey() - inturns invokes properties.get(..) doSomething(user, password) So wherever I need these properties, I can do steps above. (2) I create a meaningful Class to represent these properties; say, ApplicationConfig and provide getters to get specific properties. So above code may look like: ApplicationConfig config = ApplicationConfig.getInstance(); doSomething(config.getSecretUserId(), config.getPassword()); //ApplicationConfig would have instance variables that are initialized during // getInstance() after loading from properties file. Note: The properties file as such will have only minor changes in the future. My personal choice is (2) - let me hear some comments?

    Read the article

  • Sending email through a Google Apps account is working locally, but not on my web server...

    - by Janis Baldwin
    Related: Send Email via C# through Google Apps account My question is the same so I implemented Koistya's solution as follows. The heartbreak is that it works beautifully on my dev laptop but when ported to web server it times out with no explanation. My SMTP config is in my web.config file. I made mods based on Koistya's answer: <mailSettings> **Changed** <smtp from="[email protected]"> <network host="smtp.gmail.com" password="[password]" port="587" userName="[email protected]"/> </smtp> **Original** <!--<smtp from="[email protected]"> <network host="mail.domain.com" password="[password]" port="25" userName="[email protected]"/> </smtp>--> </mailSettings> My .Net C# code (before & after removed): SmtpClient mSmtpClient = new SmtpClient(); mSmtpClient.EnableSsl = true; mSmtpClient.Send(message); As I said this works great on my dev environment but not on web. Can anyone help? Thanks.

    Read the article

  • Eclipselink update existing tables

    - by javydreamercsw
    Maybe I got it wrong but i though that JPA was able to update an existing table (model changed adding a column) but is not working in my case. I can see in the logs eclipselink attempting to create it but failing because it already exists. Instead of trying an update to add the column it keeps going. (Had to remove some < so it displays) property name="javax.persistence.jdbc.url" value="jdbc:mysql://localhost:3306/jwrestling"/ property name="javax.persistence.jdbc.password" value="password"/ property name="javax.persistence.jdbc.driver" value="com.mysql.jdbc.Driver"/ property name="javax.persistence.jdbc.user" value="user"/ property name="eclipselink.ddl-generation" value="create-tables"/ property name="eclipselink.logging.logger" value="org.eclipse.persistence.logging.DefaultSessionLog"/ property name="eclipselink.logging.level" value="INFO"/ And here's the table with the change (online column added) [EL Warning]: 2010-05-31 14:39:06.044--ServerSession(16053322)--Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.1.0.v20100517-r7246): org.eclipse.persistence.exceptions.DatabaseException Internal Exception: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Table 'account' already exists Error Code: 1050 Call: CREATE TABLE account (ID INTEGER NOT NULL, USERNAME VARCHAR(32) NOT NULL, SECURITY_KEY VARCHAR(255) NOT NULL, EMAIL VARCHAR(64) NOT NULL, STATUS VARCHAR(8) NOT NULL, TIMEDATE DATETIME NOT NULL, PASSWORD VARCHAR(255) NOT NULL, ONLINE TINYINT(1) default 0 NOT NULL, PRIMARY KEY (ID)) Query: DataModifyQuery(sql="CREATE TABLE account (ID INTEGER NOT NULL, USERNAME VARCHAR(32) NOT NULL, SECURITY_KEY VARCHAR(255) NOT NULL, EMAIL VARCHAR(64) NOT NULL, STATUS VARCHAR(8) NOT NULL, TIMEDATE DATETIME NOT NULL, PASSWORD VARCHAR(255) NOT NULL, ONLINE TINYINT(1) default 0 NOT NULL, PRIMARY KEY (ID))") [EL Warning]: 2010-05-31 14:39:06.074--ServerSession(16053322)--Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.1.0.v20100517-r7246): org.eclipse.persistence.exceptions.DatabaseException After this it continues with the following. Am I doing something wrong or is a bug?

    Read the article

  • Authentication Problem - not recognizing 'else' - Ruby on rails...

    - by bgadoci
    I can't seem to figure out what I am doing wrong here. I have implemented the Super Simple Authentication from Ryan Bates tutorial and while the login portion is functioning correctly, I can't get an error message and redirect to happen correctly for a bad login. Ryan Bates admits in his comments he left this out but can't seem to implement his recommendation. Basically what is happening is that when someone logs in correctly it works. When a bad password is entered it does the same redirect and flashes 'successfully logged in' thought they are not. The admin links do not show (which is correct and are the links protected by the <% if admin? %) but I need it to say 'failed login' and redirect to login path. Here is my code: SessionsController class SessionsController < ApplicationController def create if session[:password] = params[:password] flash[:notice] = 'Successfully logged in' redirect_to posts_path else flash[:notice] = "whoops" redirect_to login_path end end def destroy reset_session flash[:notice] = 'Successfully logged out' redirect_to posts_path end end ApplicationController class ApplicationController < ActionController::Base helper_method :admin? protected def authorize unless admin? flash[:error] = "unauthorized request" redirect_to posts_path false end end def admin? session[:password] == "123456" end helper :all # include all helpers, all the time protect_from_forgery # See ActionController::RequestForgeryProtection for details # end

    Read the article

  • chrome extension login security with iframe

    - by Weaver
    I should note, I'm not a chrome extension expert. However, I'm looking for some advice or high level solution to a security concern I have with my chrome extension. I've searched quite a bit but can't seem to find a concrete answer. The situation I have a chrome extension that needs to have the user login to our backend server. However, it was decided for design reasons that the default chrome popup balloon was undesirable. Thus I've used a modal dialog and jquery to make a styled popup that is injected with content scripts. Hence, the popup is injected into the DOM o the page you are visiting. The Problem Everything works, however now that I need to implement login functionality I've noticed a vulnerability: If the site we've injected our popup into knows the password fields ID they could run a script to continuously monitor the password and username field and store that data. Call me paranoid, but I see it as a risk. In fact,I wrote a mockup attack site that can correctly pull the user and password when entered into the given fields. My devised solution I took a look at some other chrome extensions, like Buffer, and noticed what they do is load their popup from their website and, instead, embed an iFrame which contains the popup in it. The popup would interact with the server inside the iframe. My understanding is iframes are subject to same-origin scripting policies as other websites, but I may be mistaken. As such, would doing the same thing be secure? TLDR To simplify, if I embedded an https login form from our server into a given DOM, via a chrome extension, are there security concerns to password sniffing? If this is not the best way to deal with chrome extension logins, do you have suggestions with what is? Perhaps there is a way to declare text fields that javascript can simply not interact with? Not too sure! Thank you so much for your time! I will happily clarify anything required.

    Read the article

  • Ruby script/console and Ruby script/server using two different DBs?

    - by aronchick
    Has anyone seen where script/console and script/server load two different databases (though both report using the same)? Here's the first output $ script/server => Booting WEBrick => Rails 2.3.5 application starting on http://0.0.0.0:3000 => Call with -d to detach => Ctrl-C to shutdown server [2010-03-21 15:54:05] INFO WEBrick 1.3.1 [2010-03-21 15:54:05] INFO ruby 1.8.7 (2010-01-10) [i386-mingw32] [2010-03-21 15:54:05] INFO WEBrick::HTTPServer#start: pid=7148 port=3000 No errors. I then run my standard code for entering a form - no problems. Checking the Dev Database (.yml at bottom): mysql> select * from books; [...] | 712 | Book | Book Name | 2010-03-21 22:29:22 | 2010-03-21 22:29:22 | [...] 712 rows in set (0.00 sec) The code CLEARLY saved it seconds ago And now here's the output of script/console: $ script/console Loading development environment (Rails 2.3.5) >> Books.all => [] Nothing. Further, upon further inspection, it's using the production database, but I can't figure out why. Any thoughts here? All consoles have been closed and reopened. UPDATE: Requested .yml file (can't see how it'd be helpful (user name and password are all the same for each)) - development: adapter: mysql database: BooksDBdev username: <user name> password: <long string> timeout: 5000 # Warning: The database defined as "test" will be erased and # re-generated from your development database when you run "rake". # Do not set this db to the same as development or production. test: adapter: mysql database: BooksDBtest username: <user name> password: <long string> timeout: 5000 production: adapter: mysql database: BooksDB username: <user name> password: <long string> timeout: 5000

    Read the article

  • What is the best way to extend restful_authentication/AuthLogic to support lazy logins by an anonymo

    - by Kevin Elliott
    I'm building an iPhone application that talks to a Ruby on Rails backend. The Ruby on Rails application will also service web users. The restful_authentication plugin is an excellent way to provide quick and customizable user authentication. However, I would like users of the iPhone application to have an account created automatically by the phone's unique identifier ([[UIDevice device] uniqueIdentifier]) stored in a new column. Later, when users are ready to create a username/password, the account will be updated to contain the username and password, leaving the iPhone unique identifier intact. Users should not be able to access the website until they've setup their username/password. They can however, use the iPhone application, since the application can authenticate itself using it's identifier. What is the best way to modify restful_authentication to do this? Create a plugin? Or modify the generated code? What about alternative frameworks, such as AuthLogic. What is the best way to allow iPhones to get a generated auth token locked to their UUID's, but then let the user create a username/password later?

    Read the article

  • Sending basic authentication information via form

    - by VolatileStorm
    I am working on a site that currently uses a basic authentication dialog box login system, that is the type of dialog that you get if you go here: http://www.dur.ac.uk/vm.boatclub/password/index.php I did not set this system up and am not in a position to easily/quickly work around it, but it DOES work. The issue however is that the dialog box is not very helpful in telling you what login information you have to use (that is which username and password combination), and so I would like to replace it with a form. I had been thinking that this wasn't possible but I wanted to ask in order to find out. Is it possible to set up an HTML form that sends the data to the server such that it accepts it in the same way that it would using this dialog box? Alternatively is it possible to set up a PHP script that would take normal form data and process it somehow passing it to the server such that it logs in? Edit: After being told that this is basic authentication I went around and have managed to find a way that works and keeps the user persistently logged in. However, this does not work in internet explorer. The solution was simply to redirect the user to: http://username:[email protected]/vm.boatclub/password/index.php But Internet Explorer removed it due to phishing uses about 3 years ago. Is there a way to use javascript to get the browser to access the site in this way? Or will I have to simply change my UI?

    Read the article

  • Rails CSS not Loading using Heroku

    - by eWizardII
    I have the following site set up here on Heroku - http://www.peerinstruction.net/users/sign_up the issue is that I have updated the css yet it is not being actively reflected on the site, it just shows a textbox, with some edited/custom fonts. I have attached the css file in the following gist - https://gist.github.com/f74b626c54ecbb60bbde The signup page controller: !!! Strict %html %head %title= yield(:title) || "Untitled" = stylesheet_link_tag 'application', 'web-app-theme/base', 'web-app-theme/themes/activo/style', 'web-app-theme/override' = javascript_include_tag :defaults = csrf_meta_tag = yield(:head) %body #container #header %h1 %a{:href => "/"} Peer Instruction Network #user-navigation %ul.wat-cf %li .content.login .flash - flash.each do |type, message| %div{ :class => "message #{type}" } %p= message = form_for(resource, :as => resource_name, :url => session_path(resource_name), :html => { :class => "form login" }) do |f| .group.wat-cf .left= f.label :email, :class => "label right" .right= f.text_field :email, :class => "text_field" .group.wat-cf .left= f.label :password, :class => "label right" .right= f.password_field :password, :class => "text_field" .group.wat-cf .right %button.button{ :type => "submit" } Login /= link_to "Sign In", destroy_user_session_path #box = yield The signup pages haml file: %h2 .block .content.login .flash - flash.each do |type, message| %div{ :class => "message #{type}" } %p= message = form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| = devise_error_messages! %div = f.label :firstname %br/ = f.text_field :firstname %div = f.label :middlename %br/ = f.text_field :middlename %div = f.label :lastname %br/ = f.text_field :lastname %div = f.label :email %br/ = f.email_field :email %div = f.label :password %br/ = f.password_field :password %div = f.label :academic %br/ = f.text_field :academic %div= f.submit "Continue" = render :partial => "devise/shared/links" I used web-app-theme to create an activo theme and then modify it.

    Read the article

  • Unit Testing (xUnit) an ASP.NET Mvc Controller with a custom input model?

    - by Danny Douglass
    I'm having a hard time finding information on what I expect to be a pretty straightforward scenario. I'm trying to unit test an Action on my ASP.NET Mvc 2 Controller that utilizes a custom input model w/ DataAnnotions. My testing framework is xUnit, as mentioned in the title. Here is my custom Input Model: public class EnterPasswordInputModel { [Required(ErrorMessage = "")] public string Username { get; set; } [Required(ErrorMessage = "Password is a required field.")] public string Password { get; set; } } And here is my Controller (took out some logic to simplify for this ex.): [HttpPost] public ActionResult EnterPassword(EnterPasswordInputModel enterPasswordInput) { if (!ModelState.IsValid) return View(); // do some logic to validate input // if valid - next View on successful validation return View("NextViewName"); // else - add and display error on current view return View(); } And here is my xUnit Fact (also simplified): [Fact] public void EnterPassword_WithValidInput_ReturnsNextView() { // Arrange var controller = CreateLoginController(userService.Object); // Act var result = controller.EnterPassword( new EnterPasswordInputModel { Username = username, Password = password }) as ViewResult; // Assert Assert.Equal("NextViewName", result.ViewName); } When I run my test I get the following error on my test fact when trying to retrieve the controller result (Act section): System.NullReferenceException: Object reference not set to an instance of an object. Thanks in advance for any help you can offer!

    Read the article

  • ASP.NET MVC: How do I validate a model wrapped in a ViewModel?

    - by Deniz Dogan
    For the login page of my website I would like to list the latest news for my site and also display a few fields to let the user log in. So I figured I should make a login view model - I call this LoginVM. LoginVM contains a Login model for the login fields and a List<NewsItem> for the news listing. This is the Login model: public class Login { [Required(ErrorMessage="Enter a username.")] [DisplayName("Username")] public string Username { get; set; } [Required(ErrorMessage="Enter a password.")] [DataType(DataType.Password)] [DisplayName("Password")] public string Password { get; set; } } This is the LoginVM view model: public class LoginVM { public Login login { get; set; } public List<NewsItem> newsItems { get; set; } } This is where I get stuck. In my login controller, I get passed a LoginVM. [HttpPost] public ActionResult Login(LoginVM model, FormCollection form) { if (ModelState.IsValid) { // What? In the code I'm checking whether ModelState is valid and this would work fine if the view model was actually the Login model, but now it's LoginVM which has no validation attributes at all. How do I make LoginVM "traverse" through its members to validate them all? Am I doing something fundamentally wrong using ModelState in this manner?

    Read the article

  • How to add custom header to ASMX web service call using jquery?

    - by Mike
    I have a web service with the following contract: POST /Service/service.asmx HTTP/1.1 Host: xxx.xxx.xxx Content-Type: text/xml; charset=utf-8 Content-Length: length SOAPAction: "xxx.xxx.xxx/Service/Method" <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header> <Request xmlns="xxx.xxx.xxx/Service/"> <transactiontype>string</transactiontype> <username>string</username> <password>string</password> </Request> </soap:Header> <soap:Body> <Method xmlns="xxx.xxx.xxx/Service/"> <xml>xml</xml> </Method> </soap:Body> </soap:Envelope> And I am trying to call the service using jquery. This is my code: $.ajax({ url: serverUrl + 'Method', type: "POST", dataType: "xml", data: { xml: "xml" }, beforeSend: function (req) { req.setRequestHeader('Header', '<Request xmlns="xxx.xxx.xxx/Service/">' +'<transactiontype>4</transactiontype>' +'<agencyName>name</agencyName>' +'<username>user</username>' +'<password>pass</password>' +'</Request>'); }, success: function (data) { alert(data.text); }, error: function (request, status, errorThrown) { alert(status); } }); However, the header content is not passed to the web service? How would I go about passing the header credentials to my web service call?

    Read the article

  • Uploading to S3 using Curl

    - by Carl Crawley
    Hi All, I'm currently using cURL to upload a file from my server to S3 using AJAX to call the script. So I have the following: $fullfilepath = '/server/sitepath/files/' . $_POST['file']; $upload_url = 'https://'.$_POST['buckets'].'.s3.amazonaws.com/'; $params = array( 'key'=>$_POST['key'], 'AWSAccessKeyId'=>$_POST['AWSAccessKeyId'], 'acl'=>$_POST['acl'], 'success_action_status'=>$_POST['success_action_status'], 'policy'=>$_POST['policy'], 'signature'=>$_POST['signature'], 'Content-Type'=>$_POST['Content-Type'], 'file'=>"@$fullfilepath" ); $ch = curl_init(); curl_setopt($ch, CURLOPT_VERBOSE, 1); curl_setopt($ch, CURLOPT_URL, $upload_url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $params); $response = curl_exec($ch); curl_close($ch); echo $response; However, I'm getting an S3 error as follows when it posts and I'm unsure why because I'm not passing JSON to it. <?xml version="1.0" encoding="UTF-8"?> <Error><Code>InvalidPolicyDocument</Code><Message>Invalid Policy: Invalid JSON.</Message><RequestId>B29469C6151BE0E8</RequestId><HostId>BFPk6W2kt1b6hTtx0mEq6dWdN/IhO0gNR5bct//7LAOwJxm1C3PrxS4RPv1blzJ8</HostId></Error> I've googled it for the last hour or so and can't seem to figure it out. If I change the order of the Array fields, it gives me a different error - I believe the order of the posted fields is important somehow. any help would be much appreciated! C

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 147 148 149 150 151 152 153 154 155 156 157 158  | Next Page >