Search Results

Search found 22139 results on 886 pages for 'security testing'.

Page 162/886 | < Previous Page | 158 159 160 161 162 163 164 165 166 167 168 169  | Next Page >

• Security sandbox violation when connecting to Socket from flex

  - by KensoDev

  Hi, I am using a Socket (not xmlSocket) connection between flex applications and the server pushing messages. Now, when I connect from the local machine to the server everything is working file and running, connection is succesful and I get data back and forth. When I upload the application (flex) to the server and run it from there, I get a security sandBox violation message. Note: 1. I do have a crossdomain file with * wildcard both on port and on domain. 2. I created a Securiy.allowDomain("*") as well. Another thing. I also created another listener on that same server, listening to connections for port 843 (default) and this service just waited for a connection send policy file to the client and that's it. That did not solve the problem as well... That's next? What should I do to fix the problem? Appreciate your help. Avi

  Read the article

• Java Security filter together with thickbox pop-ups

  - by user197127

  Hi, I have a java application that uses a security filter to protect certain resources. If there is no user logged on, it will keep in session the request path and redirect to a logon page. After a successful logon, user is redirected to the original requested page. I have now added some thickbox (ajax bases pop-up) popups to the application. Unfortunately, when I get now a popup that is "secure" the filter redirects to a logon page (which is not a popup) and makes the whole application messy. Anyone with ideas on how to solve this? Thanks

  Read the article

• php: security question

  - by Syom

  in my cms i have index.php, where client must enter username and password. if they are correct, he'll moove to admin.php, where the cms is. but now hacker can enter to cms/admin.php, so my security now is awful. i know, that i can use $_SESSION variable. index.php - i can give some value to $_SESSION['error']: $_SESSION['error'] = TRUE, and in admin.php just verify it admin.php if($_SESSION['error'] == TRUE) { my script here... } else header("Location: index.php"); but i want to rich this effect without SESSION. could you give me an idea, how can i do it? thanks

  Read the article

• ASP .Net User Roles - ordering for a drop down.

  - by ilivewithian

  We are using the standard aspnet security features, we have need to set the order of the roles, purely for display purposes. We could just have a sequence number onto the end of the aspnet_roles table, but that feels kinds of hacky to me. Also if in future versions of asp the security get changed we will be in trouble. Is there a better way to do this that won't make me loose sleep each time a new version is pushed out?

  Read the article

• php error message "Notice: Undefined index: aid"

  - by iaagty

  I'm looking for a complete list of security guidelines for programming and deploying PHP web sites and applications on an Apache (Linux) server. Basically, a "security check list" to run through before finishing a project. I.e., Cross Site Scripting Cross Site Request Forgery Sanitize form data that goes into database Disable register globals and error reporting in custom php.ini Upload files below web root ...(the list goes on) I did some searching on the internet and in this forum, but couldn't find a comprehensive, succinct, and complete list of guidelines. Thanks in advance.

  Read the article

• WSAT Security tab error for Custom Role provider

  - by shesb

  I have created custome Membership Role and Profile provider using INGRES db. Now I can see my IngresMembership and IngresRole provider in the Provider tab(Select a different provider for each feature (advanced) ) of WSAT but when I clik on security tab I get this error: "There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store. The following message may help in diagnosing the problem: Object reference not set to an instance of an object." What am I missing? Do I need to add code for all override methods for Role provider? I have just written code for the Initialize and GetRolesForUser functions. Thanks

  Read the article

• Security when writing a PHP webservice?

  - by chustar

  I am writing a web service in PHP for the first time and had ran into some security problems. 1) I am planning to hash passwords using md5() before I write them to the database (or to authenticate the user) but I realize that to do that, I would have to transmit the password in plaintext to the server and hash it there. Because of this I thought of md5()ing it with javascript client side and then rehashing on the server but then if javascript is disabled, then the user can't login, right? 2) I have heard that anything that when the action is readonly, you should use GET but if it modifies the database, you should use POST. Isn't post just as transparent as GET, just not in the address bar?

  Read the article

• Are SqlCipher open cursors a security concern?

  - by user1178479

  I'm using SqlCipher with content providers. Right now, when I want to lock the app I just clear out the cached password. However, the app can continue to work with any open cursors. This means that re-opening the app grants access to the sensitive data. I fix this issue on the surface by redirecting to a login screen if the app doesn't have passwords. However, I'm concerned if there are any security issues with these open cursors or if I should just continue to block UI access and not worry? SqlCipher's docs say that it reads/writes encrypted pages on the fly, as opposed to decrypting the entire DB, this makes me think that open cursors are still secure. The main concern here is that someone loses their phone and then a knowledgeable individual can use these open cursors to extract sensitive data.

  Read the article

• Security in HTTP Adapters

  - by Debopam

  I just started using IBM Worklight 5.0. I have been going through the HTTP Adapters recently and have successfully been able to Run as "Invoke Worklight Procedure". But I am stuck with the Adapter execution in the App. To my knowledge I think this is some kind of security issue where the client request to Worklight Server is unauthorized (401). Can any tell me or refer to some blog/website where there are steps to overcome this problem? I already got some of the websites but at this moment I am really confused on how to use them.

  Read the article

• Crackers - How do they do it, how do we fight back?

  - by zedo

  As someone who is interested in learning more about the security side of technology, I ask you all the following questions: How is it that crackers crack software? What techniques are used to do so? I would imagine that the cracking methods depend upon the language the software is written in, right? Aside from using something like cloud-based security for SaaS ((software as a service) which isn't always an option), what choices does one have to prevent their software from being compromised?

  Read the article

• ssl security information on internet explorer 6

  - by user309984

  Hi all, I dont want that my webpage show security information about this page contains both secure and nonsecure... this only happen in ie6, i am testing with the program ietester. I know that the problem is in file mootools-1.11-uncompressed.js in this line if(!$("ie_ready")){var C=(window.location.protocol=="https:")?"://0":"javascript:void(0);";document.write('<\/script');$("ie_ready").onreadystatechange=function(){if(this.readyState=="complete"){A();}};}}else{window.addListener("load",A);document.addListener("DOMContentLoaded",A); i already try change the ://0 by https://0 and javascript: and javascript:false and # but the problem continues, when i remove this line from the mootools file the warning doesnt show but the code that i have to show some calendar doesnt work also, because i have something like /* and this doesnt work if i remove that line, can anyone help me??

  Read the article

• DRY vs Security and Maintainability with MVC and View Models

  - by Mystere Man

  I like to strive for DRY, and obviously it's not always possible. However, I have to scratch my head over a concept that seems pretty common in MVC, that of the "View Model". The View Model is designed to only pass the minimum amount of information to the view, for both security, maintainability, and testing concerns. I get that. It makes sense. However, from a DRY perspective, a View Model is simply duplicating data you already have. The View Model may be temporary, and used only as a DTO, but you're basically maintaing two different versions of the same model which seems to violate the DRY principal. Do View Models violate DRY? Are they a necessary evil? Do they do more good than bad?

  Read the article

• Installing Security Certifcates for all users on a Windows XP machine

  - by scott-thornton

  Hi, I am required to install two security certifcates on user's PC's to allow them to connect to a certain Australian Government website to perform searchs. I can perform this manually (via Certifcate Import Wizard) when the user has logged into the machine, however when a different user logs in, the certifcates need to be re-installed for that user as well. Q1. Can certifcates ( the file extension is .p12) be installed in such a way that any user using the PC can use the certifcates? Q2. Can the installation of the certifcates be automated ( via SMS? ) to install both certifcates and enter the requried password? Thanks,

  Read the article

• Preventing a security breach

  - by Wiz

  I am creating a website where you "post", and the form content is saved in a MySql database, and upon loading the page, is retrieved, similar to facebook. I construct all the posts and insert raw html into a template. The thing is, as I was testing, I noticed that I could write javascript or other HTML into the form and submit it, and upon reloading, the html or JS would treated as source code, not a post. I figured that some simple encoding would do the trick, but using is not working. Is there an efficient way to prevent this type of security hole?

  Read the article

• Entity Framework Security

  - by NYSystemsAnalyst

  In my organization, we are just beginning to use the Entity Framework for some applications. In the past, we have pushed developers to utilize stored procedures for all database access. In addition to helping with SQL injection, we tried to grant logins access to stored procedures only to keep security relatively tight. Although inserting, updating, and deleting are easily done through stored procedures in the EF, it appears to be difficult to use stored procedures to query data with EF. However, using LINQ or Entity SQL and allowing EF to create the queries means giving a user read access to the entire database. How have others handled this dilemma?

  Read the article

• Session attacks, what are the new breeds of attacks ?

  - by user352321

  Hello, I am collecting as information as possible about http(s) session attacks. There is a plenty of information about existing attacks, but, i would like to know if some new breeds of attacks are now made possible either by security flaws in popular software or technologies or by new smarter security engineering. Do you have some recommendations about new techniques or tools ? Thanks,

  Read the article

• Why am I getting "ArgumentError: wrong number of arguments (1 for 0)" when running my rails function

  - by Hisham

  I'm stumped on what's causing this. I get this error and stack trace in all my functional tests where I call 'post'. Here is the full stack trace: 7) Error: test_should_validate(UsersControllerTest): ArgumentError: wrong number of arguments (1 for 0) /Users/hisham/src/rails/ftuBackend/vendor/rails/actionpack/lib/action_controller/routing/route.rb:48:in `to_query' /Users/hisham/src/rails/ftuBackend/vendor/rails/actionpack/lib/action_controller/routing/route.rb:48:in `build_query_string' /Users/hisham/src/rails/ftuBackend/vendor/rails/actionpack/lib/action_controller/routing/route.rb:46:in `each' /Users/hisham/src/rails/ftuBackend/vendor/rails/actionpack/lib/action_controller/routing/route.rb:46:in `build_query_string' /Users/hisham/src/rails/ftuBackend/vendor/rails/actionpack/lib/action_controller/routing/route.rb:233:in `append_query_string' generated code (/Users/hisham/src/rails/ftuBackend/vendor/rails/actionpack/lib/action_controller/routing/route.rb:154):3:in `generate' /Users/hisham/src/rails/ftuBackend/vendor/rails/actionpack/lib/action_controller/routing/route_set.rb:365:in `__send__' /Users/hisham/src/rails/ftuBackend/vendor/rails/actionpack/lib/action_controller/routing/route_set.rb:365:in `generate' /Users/hisham/src/rails/ftuBackend/vendor/rails/actionpack/lib/action_controller/routing/route_set.rb:364:in `each' /Users/hisham/src/rails/ftuBackend/vendor/rails/actionpack/lib/action_controller/routing/route_set.rb:364:in `generate' /Users/hisham/src/rails/ftuBackend/vendor/rails/actionpack/lib/action_controller/url_rewriter.rb:208:in `rewrite_path' /Users/hisham/src/rails/ftuBackend/vendor/rails/actionpack/lib/action_controller/url_rewriter.rb:187:in `rewrite_url' /Users/hisham/src/rails/ftuBackend/vendor/rails/actionpack/lib/action_controller/url_rewriter.rb:165:in `rewrite' /Users/hisham/src/rails/ftuBackend/vendor/rails/actionpack/lib/action_controller/test_process.rb:450:in `build_request_uri' /Users/hisham/src/rails/ftuBackend/vendor/rails/actionpack/lib/action_controller/test_process.rb:406:in `process' /Users/hisham/src/rails/ftuBackend/vendor/rails/actionpack/lib/action_controller/test_process.rb:376:in `post' functional/users_controller_test.rb:57:in `test_should_validate' /Users/hisham/src/rails/ftuBackend/vendor/rails/activesupport/lib/active_support/testing/setup_and_teardown.rb:60:in `__send__' /Users/hisham/src/rails/ftuBackend/vendor/rails/activesupport/lib/active_support/testing/setup_and_teardown.rb:60:in `run' This is the test I'm running: def test_should_validate post :validate, :user => { :email => '[email protected]', :password => 'quire', :password_confirmation => 'quire', :agreed_to_terms => "true" } assert assigns(:user).errors.empty? assert_response :success end

  Read the article

• Ruby on rails generates tests for you. Do those give a false sense of a safety net?

  - by Hamish Grubijan

  Disclaimer: I have not used RoR, and I have not generated tests. But, I will still dare to post this question. Quality Assurance is theoretically impossible to get 100% right in general (Undecidable problem ;), and it is hard in practice. So many developers do not understand that writing good automated tests is an art, and it is hard. When I hear that RoR generates the tests for you, I get very skeptical. It cannot be that easy. Testing is a general concept; it applies across languages. So does the concept of code contracts, it is similar for languages that support it. Code contracts do not generate themselves. The programmer must add the requirements and the promises manually, after doing some thinking about the algorithm / function. If a human gets it wrong, then the tools will propagate the error. Similarly with testing - it takes human judgement about what should happen. Tests do not write themselves, and we are far from the day when a business analyst can just have a conversation with a computer and tell it informally what the requirements are and have the computer do all the work. There is no magic ... how can RoR generate good tests for you? Please shed some light on this. Opinions are ok, for this is a community wiki. Thanks!

  Read the article

• How do I run JUnit from NetBeans?

  - by FarmBoy

  I've been trying to understand how to start writing and running JUnit tests. When I'm reading this article: http://junit.sourceforge.net/doc/testinfected/testing.htm I get the the middle of the page and they write, "JUnit comes with a graphical interface to run tests. Type the name of your test class in the field at the top of the window. Press the Run button." I don't know how to launch this program. I don't even know which package it is in, or how you run a library class from an IDE. Being stuck, I tried this NetBeans tutorial: http://www.netbeans.org/kb/docs/java/junit-intro.html It seemed to be going OK, but then I noticed that the menu options for this tutorial for testing a Java Class Library are different from those for a regular Java application, or for a Java Web App. So the instructions in this tutorial don't apply generally. I'm using NetBeans 6.7, and I've imported JUnit 4.5 into the libraries folder. What would be the normal way to run JUnit, after having written the tests? The JUnit FAQ describes the process from the Console, and I'm willing to do that if that is what is typical, but given all that I can do inside netbeans, it seems hard to believe that there isn't an easier way. Thanks much. EDIT: If I right-click on the project and select "Test" the output is: init: deps-jar: compile: compile-test: test-report: test: BUILD SUCCESSFUL (total time: 0 seconds) This doesn't strike me as the desired output of a test, especially since this doesn't change whether the test condition is true or not. Any ideas?

  Read the article

• Will IOC solve our problems?

  - by user127954

  Just trying to implement unit testing into a brownfield type system. Be aware i'm relatively new into the unit testing world. Its going to be a gradual migration of course because there are just so many areas of pain. The current problem i'm trying to solve is we followed a lot of bad practices from our VB6 days and in the conversion of our app to .Net. We have LOT AN LOTS of shared/static functions which call other shared functions and those call others and so on. Sometimes depedencies are passed in as parameters and sometimes they are just newed up within the calling function. I've already instructed our developers to stop creating shared functions and instead create instance members and only use those instance members off of interfaces but that doesn't alleviate the current situation. So you must recursively pass in each and every dependency at the top layer for each function in your code path and method signatures are turning into a mess. I'm hoping this is something that IOC will fix. Currently we are using NUnit/Moq and i'm starting to investigate StructureMap. So far i understand that you pretty much tell StructureMap for x interface i want to default to the concrete class y: ObjectFactory.Initialize(x=>{x.ForRequestType<IInterface>().TheDefaultIsConcreteType<MyClass>()}); Then to runtime: var mytype = ObjectFactory.GetInstance<IInterface>(); the IOC container will initialize the correct type for you. Not sure yet how to swap a fake in for the concrete type but hopefully thats simple. Again will IOC solve the problems i was talking about above? Is there a specific IOC framework that will do it better than StructureMap or can they all handle this situation. Any help would be much appreciated.

  Read the article

• externalizing junit stub objects.

  - by Ajay

  Hi!    In my project we created stub files for testing junits in java(factories) itself. However, we have to externalize these stubs. After seeing a number of serializers/deserializers, we settled on using XStream to serialize and deserialize these stub objects. XStream works like a charm. Its pretty good at what it claims to be. Previously, we had a single factory class say AFactory which produced all the stubs needed for testing different test cases. Now when externalizing each of the stub generated, we hit a road block. We had to create 1 xml file for each stub produced by the factory. For example, public final class AFactory{ public static A createStub1(){ /*Code here */} public static A createStub2(){ /*Code here */} public static A createStub3(){ /*Code here */} } Now, when trying to move this stubs to external files, we had to create 1 xml file for each stub created(A-stub1.xml, A-stub2.xml and A-stub3.xml). The problem with this approach is that, it leads to proliferation of xml stub files. I was thinking, how about keeping all the stubs related to a single bean class in a single xml file. <?xml version="1.0"?> <stubs class="A"> <stub id="stub1"> <!-- Here comes the externalized xml stub representation --> </stub> <stub id="stub2"> </stub> </stubs> Is there a framework which allows you keep all the stub in xml representation in a single xml file as above ? Or What do you guys suggest should be the right approach to adhere to ?

  Read the article

• java.lang.IllegalStateException: missing behavior definition for the preceding method call getMessag

  - by user362199

  Hi All, I'm using EasyMock(version 2.4) and TestNG for writing UnitTest. I have a following scenario and I cannot change the way class hierarchy is defined. I'm testing ClassB which is extending ClassA. ClassB look like this public class ClassB extends ClassA { public ClassB() { super("title"); } @Override public String getDisplayName() { return ClientMessages.getMessages("ClassB.title"); } } ClassA code public abstract class ClassA { private String title; public ClassA(String title) { this.title = ClientMessages.getMessages(title); } public String getDisplayName() { return this.title; } } ClientMessages class code public class ClientMessages { private static MessageResourse messageResourse; public ClientMessages(MessageResourse messageResourse) { this.messageResourse = messageResourse; } public static String getMessages(String code) { return messageResourse.getMessage(code); } } MessageResourse Class code public class MessageResourse { public String getMessage(String code) { return code; } } Testing ClassB import static org.easymock.classextension.EasyMock.createMock; import org.easymock.classextension.EasyMock; import org.testng.Assert; import org.testng.annotations.Test; public class ClassBTest { private MessageResourse mockMessageResourse = createMock(MessageResourse.class); private ClassB classToTest; private ClientMessages clientMessages; @Test public void testGetDisplayName() { EasyMock.expect(mockMessageResourse.getMessage("ClassB.title")).andReturn("someTitle"); clientMessages = new ClientMessages(mockMessageResourse); classToTest = new ClassB(); Assert.assertEquals("someTitle" , classToTest.getDisplayName()); EasyMock.replay(mockMessageResourse); } } When I'm running this this test I'm getting following exception: java.lang.IllegalStateException: missing behavior definition for the preceding method call getMessage("title") While debugging what I found is, it's not considering the mock method call mockMessageResourse.getMessage("ClassB.title") as it has been called from the construtor (ClassB object creation). Can any one please help me how to test in this case. Thanks.

  Read the article

• Basic jUnit Questions

  - by Epitaph

  I was testing a String multiplier class with a multiply() method that takes 2 numbers as inputs (as String) and returns the result number (as String) `public String multiply(String num1, String num2); I have done the implementation and created a test class with the following test cases involving the input String parameter as 1) valid numbers 2) characters 3) special symbol 4) empty string 5) Null value 6) 0 7) Negative number 8) float 9) Boundary values 10) Numbers that are valid but their product is out of range 11) numbers will + sign (+23) 1) I'd like to know if "each and every" assertEquals() should be in it's own test method? Or, can I group similar test cases like testInvalidArguments() to contains all asserts involving invalid characters since ALL of them throw the same NumberFormatException ? 2) If testing an input value like character ("a"), do I need to include test cases for ALL scenarios? "a" as the first argument "a" as the second argument "a" and "b" as the 2 arguments 3) As per my understanding, the benefit of these unit tests is to find out the cases where the input from a user might fail and result in an exception. And, then we can give the user with a meaningful message (asking them to provide valid input) instead of an exception. Is that the correct? And, is it the only benefit? 4) Are the 11 test cases mentioned above sufficient? Did I miss something? Did I overdo? When is enough? 5) Following from the above point, have I successfully tested the multiply() method?

  Read the article

• Defining jUnit Test cases Correctly

  - by Epitaph

  I am new to Unit Testing and therefore wanted to do some practical exercise to get familiar with the jUnit framework. I created a program that implements a String multiplier public String multiply(String number1, String number2) In order to test the multiplier method, I created a test suite consisting of the following test cases (with all the needed integer parsing, etc) @Test public class MultiplierTest { Multiplier multiplier = new Multiplier(); // Test for 2 positive integers assertEquals("Result", 5, multiplier.multiply("5", "1")); // Test for 1 positive integer and 0 assertEquals("Result", 0, multiplier.multiply("5", "0")); // Test for 1 positive and 1 negative integer assertEquals("Result", -1, multiplier.multiply("-1", "1")); // Test for 2 negative integers assertEquals("Result", 10, multiplier.multiply("-5", "-2")); // Test for 1 positive integer and 1 non number assertEquals("Result", , multiplier.multiply("x", "1")); // Test for 1 positive integer and 1 empty field assertEquals("Result", , multiplier.multiply("5", "")); // Test for 2 empty fields assertEquals("Result", , multiplier.multiply("", "")); In a similar fashion, I can create test cases involving boundary cases (considering numbers are int values) or even imaginary values. 1) But, what should be the expected value for the last 3 test cases above? (a special number indicating error?) 2) What additional test cases did I miss? 3) Is assertEquals() method enough for testing the multiplier method or do I need other methods like assertTrue(), assertFalse(), assertSame() etc 4) Is this the RIGHT way to go about developing test cases? How am I "exactly" benefiting from this exercise? 5)What should be the ideal way to test the multiplier method? I am pretty clueless here. If anyone can help answer these queries I'd greatly appreciate it. Thank you.

  Read the article

• TDD test data loading methods

  - by Dave Hanson

  I am a TDD newb and I would like to figure out how to test the following code. I am trying to write my tests first, but I am having trouble for creating a test that touches my DataAccessor. I can't figure out how to fake it. I've done the extend the shipment class and override the Load() method; to continue testing the object. I feel as though I end up unit testing my Mock objects/stubs and not my real objects. I thought in TDD the unit tests were supposed to hit ALL of the methods on the object; however I can never seem to test that Load() code only the overriden Mock Load My tests were write an object that contains a list of orders based off of shipment number. I have an object that loads itself from the database. public class Shipment { //member variables protected List<string> _listOfOrders = new List<string>(); protected string _id = "" //public properties public List<string> ListOrders { get{ return _listOfOrders; } } public Shipment(string id) { _id = id; Load(); } //PROBLEM METHOD // whenever I write code that needs this Shipment object, this method tries // to hit the DB and fubars my tests // the only way to get around is to have all my tests run on a fake Shipment object. protected void Load() { _listOfOrders = DataAccessor.GetOrders(_id); } } I create my fake shipment class to test the rest of the classes methods .I can't ever test the Real load method without having an actual DB connection public class FakeShipment : Shipment { protected new void Load() { _listOfOrders = new List<string>(); } } Any thoughts? Please advise. Dave

  Read the article

< Previous Page | 158 159 160 161 162 163 164 165 166 167 168 169  | Next Page >