Search Results

Search found 55010 results on 2201 pages for 'system security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 160/2201 | < Previous Page | 156 157 158 159 160 161 162 163 164 165 166 167  | Next Page >

  • Make a Method of the Business Layer secure. best practice / best pattern

    - by gsharp
    We are using ASP.NET with a lot of AJAX "Page Method" calls. The WebServices defined in the Page invokes methods from our BusinessLayer. To prevent hackers to call the Page Methods, we want to implement some security in the BusinessLayer. We are struggling with two different issues. First one: public List<Employees> GetAllEmployees() { // do stuff } This Method should be called by Authorized Users with the Role "HR". Second one: public Order GetMyOrder(int orderId) { // do sutff } This Method should only be called by the owner of the Order. I know it's easy to implement the security for each method like: public List<Employees> GetAllEmployees() { // check if the user is in Role HR } or public Order GetMyOrder(int orderId) { // check if the order.Owner = user } What I'm looking for is some pattern/best practice to implement this kind of security in a generic way (without coding the the if then else every time) I hope you get what i mean :-)

    Read the article

  • osCommerce Security Issue

    - by Auxi
    Hi, I am planning to integrate some opensource shopping cart with my site and I am bit worried about it's security. Is it that easy to hack osCommerce based website? Because I am thinking to use osCommerce.. Kindly advise.

    Read the article

  • Where can I find a deliberately insecure open source web application?

    - by Phil Laliberte
    As a developer, I've learned that I usually gain a better understanding of best/worst practices through experience. The area of web application security isn't really somewhere where my organization can afford to let developers learn through trial and error. So looking for a hands-on approach to knowledge sharing of best practices in web application security, I was thinking that it would be useful to have an open source application that was deliberately built to be insecure in order to help teach junior developers about application security. Does anyone out there know where to find something like this?

    Read the article

  • System.Web.UI not available in console app?

    - by Walter
    Hey everybody, Im trying to write a quick console app that outputs data to an HTML file, however im having trouble accessing the System.Web.UI namespace. Adding System.Web to my references places a warning icon on top of the reference name in the solution explorer and System.Web is not available in the .NET reference list (in order for me to actually add it to the project I have to go to the object browser and add it from there). Anybody have any ideas about what I could be missing? Thanks alot people!

    Read the article

  • Storing a NTFS Security Descriptor in C

    - by Doori Bar
    My goal is to store a NTFS Security Descriptor in its identical native state. The purpose is to restore it on-demand. I managed to write the code for that purpose, I was wondering if anybody mind to validate a sample of it? (The for loop represents the way I store the native descriptor) This sample only contains the flag for "OWNER", but my intention is to apply the same method for all of the security descriptor flags. I'm just a beginner, would appreciate the heads up. Thanks, Doori Bar #define _WIN32_WINNT 0x0501 #define WINVER 0x0501 #include <stdio.h> #include <windows.h> #include "accctrl.h" #include "aclapi.h" #include "sddl.h" int main (void) { DWORD lasterror; PSECURITY_DESCRIPTOR PSecurityD1, PSecurityD2; HANDLE hFile; PSID owner; LPTSTR ownerstr; BOOL ownerdefault; int ret = 0; unsigned int i; hFile = CreateFile("c:\\boot.ini", GENERIC_READ | ACCESS_SYSTEM_SECURITY, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL); if (hFile == INVALID_HANDLE_VALUE) { fprintf(stderr,"CreateFile() failed. Error: INVALID_HANDLE_VALUE\n"); return 1; } lasterror = GetSecurityInfo(hFile, SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION , &owner, NULL, NULL, NULL, &PSecurityD1); if (lasterror != ERROR_SUCCESS) { fprintf(stderr,"GetSecurityInfo() failed. Error: %lu;\n", lasterror); ret = 1; goto ret1; } ConvertSidToStringSid(owner,&ownerstr); printf("ownerstr of PSecurityD1: %s\n", ownerstr); /* The for loop represents the way I store the native descriptor */ PSecurityD2 = malloc( GetSecurityDescriptorLength(PSecurityD1) * sizeof(unsigned char) ); for (i=0; i < GetSecurityDescriptorLength(PSecurityD1); i++) ((unsigned char *) PSecurityD2)[i] = ((unsigned char *) PSecurityD1)[i]; if (IsValidSecurityDescriptor(PSecurityD2) == 0) { fprintf(stderr,"IsValidSecurityDescriptor(PSecurityD2) failed.\n"); ret = 2; goto ret2; } if (GetSecurityDescriptorOwner(PSecurityD2,&owner,&ownerdefault) == 0) { fprintf(stderr,"GetSecurityDescriptorOwner() failed."); ret = 2; goto ret2; } ConvertSidToStringSid(owner,&ownerstr); printf("ownerstr of PSecurityD2: %s\n", ownerstr); ret2: free(owner); free(ownerstr); free(PSecurityD1); free(PSecurityD2); ret1: CloseHandle(hFile); return ret; }

    Read the article

  • Django and a referrer system question

    - by Hellnar
    Hello, I am trying develop a basic referrer system to my Django website, system will be generating a unique url for each users to share with their friends. Once these friends enter this website, system somehow keep the data that "this user is browsing by the reference of X user" and once this invited person decided to register for an account, system will save this information (maybe as an extra Foreign Key of the inviting user in the UserProfile model) Now how can I keep track of the inviting user from the moment entering using the referred link to the point where he/she registers to the site. Would session framework work on this? If not how could this be done ?

    Read the article

  • Serializing System.Drawing.Color in .NET

    - by alankdkd
    Hi all, I've used the default .NET serialization for a class with a System.Drawing.Color member. The code is now in use by people, and I need to add an extra member to the class, but still deserialize older versions. So I tried the standard way of doing this: The ISerializable interface, using SerializationInfo methods to get the int and string members. The problem: My class also has a System.Drawing.Color member, but SerializationInfo doesn't provide a "GetColor" method read this data type. I've tried getting it as an int and as a string, and casting it to System.Drawing.Color, but no luck. Does anyone know how to deserialize a System.Drawing.Color from SerializationInfo? Thanx! Alan

    Read the article

  • Writable folder by all users on the same pc

    - by Catalin DICU
    I have a desktop .NET WPF application witch uses an embedded database (SQLite). Where to put the database file ? It's the same database for all users. I tried to use CommonAppData but it's not writable by non-admin users. So I tried to use a custom installer action to give write rights to all users to this folder but it fails on domain PCs. The code is: DirectorySecurity security = Directory.GetAccessControl(appDataPath); FileSystemAccessRule rule = new FileSystemAccessRule("Users", FileSystemRights.WriteData, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow); security.AddAccessRule(rule); Directory.SetAccessControl(appDataPath, security); Would ".\Users" insead of "Users" work on a domain ? Is this the best approach ? Is there any other folder I could use ?

    Read the article

  • How to use the Visual Studio 2012 command line tool from system()

    - by Janice Regan
    I am attempting to compile and run one visual C++ program (project1) from another visual C++ program (project2) using msbuild and other commands available in the Visual studio command line tool but not in the windows command line tool. Everything works fine if I run it in the visual studio command line tool. For example I can build using msbuild and it works just as I want it to. When I try to run the same command in my C++ program using system(), the system call appears to use the Windows command line and therefore cannot find any of the commands (msbuild in this example). I am new to working with system() on windows (although I have extensive experience with it using Linux). Is there some way to make my C++ program use the Visual Studio command line environment when I call system (rather than Windows command line environment)? Using the command window manually is not an option. I need to compile and test a series of 200-300 different versions of the program in the project1. This is why I am writing program2

    Read the article

  • Mapping the System.Exception with FaultException

    - by user357342
    I have used exception sheilding feature of application block, to map System.Exception with class that is marked as DataContract. It works very well. But When I have mapped the System.Exception with FaultException, I got the below error message. "An error has occurred while consuming this service. Please contact your administrator for more information. Error ID: fe2d28b5-8d26-430e-baf4-fe4b39da853c" Please let me know whether I can map the System.Exception with FaultException

    Read the article

  • java.io.FileNotFoundException (The system cannot find the path specified)

    - by xenom
    I get this exception when I want to open a keystore java.io.FileNotFoundException: \resources\keystore (The system cannot find the path specified) Basically my application is like src/ client.java server.java resources/ keystore truststore And the faulty code : System.setProperty("javax.net.ssl.keyStore","/resources/keystore"); System.setProperty("javax.net.ssl.keyStorePassword", "ebanking"); I also tried ./resources/keystore, resources/keystore, \\resources\\keystore etc.. My application is supposed to work in an executable jar so no absolute path technique please.

    Read the article

  • Extra NotifyIcon shown in system tray

    - by Kettch19
    I'm having an issue with an app where my NotifyIcon displays an extra icon. The steps to reproduce it are easy, but the problem is that the extra icon shows up after any of the actual codebehind we've added fires. Put simply, clicking a button triggers execution of method FooBar() which runs all the way through fine but its primary duty is to fire a backgroundworker to log into another of our apps. It only appears if this particular button is clicked. Strangely enough, we have a WndProc method override and if I step through until the extra NotifyIcon appears, it always appears during this method so something else beyond the codebehind must be triggering the behavior. Our WndProc method is currently (although I don't think it's caused by the WndProc): Protected Overrides Sub WndProc(ByRef m As System.Windows.Forms.Message) 'Check for WM_COPYDATA message from other app or drag/drop action and handle message If m.Msg = NativeMethods.WM_COPYDATA Then ' get the standard message structure from lparam Dim CD As NativeMethods.COPYDATASTRUCT = m.GetLParam(GetType(NativeMethods.COPYDATASTRUCT)) 'setup byte array Dim B(CD.cbData) As Byte 'copy data from memory into array Runtime.InteropServices.Marshal.Copy(New IntPtr(CD.lpData), B, 0, CD.cbData) 'Get message as string and process ProcessWMCopyData(System.Text.Encoding.Default.GetString(B)) 'empty array Erase B 'set message result to 'true', meaning message handled m.Result = New IntPtr(1) End If 'pass on result and all messages not handled by this app MyBase.WndProc(m) End Sub The only place in the code where the NotifyIcon in question is manipulated at all is in the following event handler (again, don't think this is the culprit, but just for more info): Private Sub TrayIcon_MouseDoubleClick(ByVal sender As System.Object, ByVal e As System.Windows.Forms.MouseEventArgs) Handles TrayIcon.MouseDoubleClick If Me.Visible Then Me.Hide() Else PositionBottomRight() Me.Show() End If End Sub The backgroundworker's DoWork is as follows (just a class call to log in to our other app, but again just for info): Private Sub LoginBackgroundWorker_DoWork(ByVal sender As Object, ByVal e As System.ComponentModel.DoWorkEventArgs) Handles LoginBackgroundWorker.DoWork Settings.IsLoggedIn = _wdService.LogOn(Settings.UserName, Settings.Password) End Sub Does anyone else have ideas on what might be causing this or how to possibly further debug this? I've been banging my head on this without seeing a pattern so another set of eyes would be extremely appreciated. :) I've posted this on MSDN winforms forums as well and have had no luck there so far either.

    Read the article

  • IIS token based security, ssl certificate and https, proxy

    - by davidgshi
    I have developed a new web service. Now, I need to deal with security issue as we are intending to make it a secure service. In order to set up SSL and https, I need to obtain and install an SSL certificate. Who is the certificate authority? Do you know how to go about with this? Are there concise articles on this? Regards. David

    Read the article

  • How to pipe two CORE::system commands in a cross-platform way

    - by Pedro Silva
    I'm writing a System::Wrapper module to abstract away from CORE::system and the qx operator. I have a serial method that attempts to connect command1's output to command2's input. I've made some progress using named pipes, but POSIX::mkfifo is not cross-platform. Here's part of what I have so far (the run method at the bottom basically calls system): package main; my $obj1 = System::Wrapper->new( interpreter => 'perl', arguments => [-pe => q{''}], input => ['input.txt'], description => 'Concatenate input.txt to STDOUT', ); my $obj2 = System::Wrapper->new( interpreter => 'perl', arguments => [-pe => q{'$_ = reverse $_}'}], description => 'Reverse lines of input input', output => { '>' => 'output' }, ); $obj1->serial( $obj2 ); package System::Wrapper; #... sub serial { my ($self, @commands) = @_; eval { require POSIX; POSIX->import(); require threads; }; my $tmp_dir = File::Spec->tmpdir(); my $last = $self; my @threads; push @commands, $self; for my $command (@commands) { croak sprintf "%s::serial: type of args to serial must be '%s', not '%s'", ref $self, ref $self, ref $command || $command unless ref $command eq ref $self; my $named_pipe = File::Spec->catfile( $tmp_dir, int \$command ); POSIX::mkfifo( $named_pipe, 0777 ) or croak sprintf "%s::serial: couldn't create named pipe %s: %s", ref $self, $named_pipe, $!; $last->output( { '>' => $named_pipe } ); $command->input( $named_pipe ); push @threads, threads->new( sub{ $last->run } ); $last = $command; } $_->join for @threads; } #... My specific questions: Is there an alternative to POSIX::mkfifo that is cross-platform? Win32 named pipes don't work, as you can't open those as regular files, neither do sockets, for the same reasons. The above doesn't quite work; the two threads get spawned correctly, but nothing flows across the pipe. I suppose that might have something to do with pipe deadlocking or output buffering. What throws me off is that when I run those two commands in the actual shell, everything works as expected.

    Read the article

  • Problems with system() calls in Linux

    - by Thomas
    I'm working on a init for an initramfs in C++ for Linux. This script is used to unlock the DM-Crypt w/ LUKS encrypted drive, and set the LVM drives to be available. Since I don't want to have to reimplement the functionality of cryptsetup and gpg I am using system calls to call the executables. Using a system call to call gpg works fine if I have the system fully brought up already (I already have a bash script based initramfs that works fine in bringing it up, and I use grub to edit the command line to bring it up using the old initramfs). However, in the initramfs it never even acts like it gets called. Even commands like system("echo BLAH"); fail. So, does anyone have any input?

    Read the article

  • Microsoft .NET security model

    - by Thomas
    Hi all, I am looking for informations about the security model of Microsoft .NET If you could explain me how it is design, or give me links to understand it, it would be very kind of you ! Thanks.

    Read the article

  • Grails spring security defaultTargetUrl going wrong path

    - by fsi
    Grails 2.4 with Spring security 2 3RC I have this on my Config.groovy grails.plugin.springsecurity.controllerAnnotations.staticRules = [ '/': ['permitAll'], '/index': ['permitAll'], '/index.gsp': ['permitAll'], '/**/js/**': ['permitAll'], '/**/css/**': ['permitAll'], '/**/images/**': ['permitAll'], '/**/favicon.ico': ['permitAll'] ] grails.plugin.springsecurity.successHandler.defaultTargetUrl = "/home/index" But this keeping me redirecting to assets/favicon.ico And my HomeController is like that @Secured(['ROLE_ADMIN', 'ROLE_USER']) def index() { if (SpringSecurityUtils.ifAllGranted('ROLE_ADMIN')) { redirect controller: 'admin', action: 'index' return } } And I modify this in my UrlMapping: "/"(controller: 'home', action:'index') Why it keeps me sending wrong path? Update: using another computer, it redirects me to /asset/grails_logo.png

    Read the article

  • How can I get system user documents, pictures, music folders indipendent on os using java

    - by user348889
    Hi, While I was working on my project, I got a requirement that, I need to get the system user documents folder( like "My documents for windows and Documents for Linux). I need to get it for all the operating system. How can I do this. I can get the user root directory by using System.getProperty(user.home). I need solution for this requirement using Java. Any one please help me.

    Read the article

  • Website badge system

    - by linkyndy
    I am currently working on a widget-based website, built entirely on user socialization. Since a reputation system pays off for attracting users, I decided to implement one of these. Now, I would like to hear some solutions on how should this be implemented the right way (take, for example, Foursquare's badge system). Basically, I need to be able to do the following: have a badges table, where I can add, edit and delete badges; be able to enable and disable a badge; be able to introduce a new badge, but without writing new code - simply give some parameters to the add badge form regarding what should be followed in order for a user to receive a badge; be able to give badges in real time - meaning that whenever a user accomplishes whatever it needs to receive a badge, the system should know immediately to give the badge to that user; also, the system should not be overloaded with "badge listeners" - I believe interrogating each user request with every badge requirements is time consuming; These being said, I would like to hear your opinions on how to implement the right way a badge system (logic, database schema, methods etc.) Thank you very much!

    Read the article

  • Limiting what a .net plugin can access

    - by David Hogue
    I have a web application that can load plugins through reflection. It currently uses Assembly.LoadFrom() and Activator.CreateInstance() to get this done. Right now plugins are loaded into the same AppDomain and have access to anything in my app and anything my app could access. What I'm looking for is a way to limit what classes and methods the plugin can access for security purposes. I want to have all of my classes and methods throw an exception when called unless they are whitelisted. I'd be whitelisting basically all the functions in an API class and a few data transfer objects. I also don't want the plugin to be able to access the filesystem or the database on it's own. I think I can do that with trust levels in a separate AppDomain though. Does anyone out there have any good ideas or resources? Is this something that could be done with Code Access Security or the new Security-Transparent Code features in .net 4?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 156 157 158 159 160 161 162 163 164 165 166 167  | Next Page >